Acasă Explorează Ajutor
Autentificare
mirrors
/
mailcow-dockerized
oglindă de https://github.com/mailcow/mailcow-dockerized
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: 8dde735a0a
Ramuri Etichete
mailcow-dockeri...
/
data
/
conf
/
rspamd
/
lua
/
rspamd.local.lua

rspamd.local.lua 6.1 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190 
  1. rspamd_config.MAILCOW_AUTH = {
    2. 

  2. 	callback = function(task)
    3. 

  3. 		local uname = task:get_user()
    4. 

  4. 		if uname then
    5. 

  5. 			return 1
    6. 

  6. 		end
    7. 

  7. 	end
    8. 

  8. }
    9. 

  9. 

  10. rspamd_config:register_symbol({
    11. 

  11.   name = 'KEEP_SPAM',
    12. 

  12.   type = 'prefilter',
    13. 

  13.   callback = function(task)
    14. 

  14.     local util = require("rspamd_util")
    15. 

  15.     local rspamd_logger = require "rspamd_logger"
    16. 

  16.     local rspamd_ip = require 'rspamd_ip'
    17. 

  17.     local uname = task:get_user()
    18. 

  18. 

  19.     if uname then
    20. 

  20.       return false
    21. 

  21.     end
    22. 

  22. 

  23.     local redis_params = rspamd_parse_redis_server('keep_spam')
    24. 

  24.     local ip = task:get_from_ip()
    25. 

  25. 

  26.     if not ip:is_valid() then
    27. 

  27.       return false
    28. 

  28.     end
    29. 

  29. 

  30.     local from_ip_string = tostring(ip)
    31. 

  31.     ip_check_table = {from_ip_string}
    32. 

  32. 

  33.     local maxbits = 128
    34. 

  34.     local minbits = 32
    35. 

  35.     if ip:get_version() == 4 then
    36. 

  36.         maxbits = 32
    37. 

  37.         minbits = 8
    38. 

  38.     end
    39. 

  39.     for i=maxbits,minbits,-1 do
    40. 

  40.       local nip = ip:apply_mask(i):to_string() .. "/" .. i
    41. 

  41.       table.insert(ip_check_table, nip)
    42. 

  42.     end
    43. 

  43.     local function keep_spam_cb(err, data)
    44. 

  44.       if err then
    45. 

  45.         rspamd_logger.infox(rspamd_config, "keep_spam query request for ip %s returned invalid or empty data (\"%s\") or error (\"%s\")", ip, data, err)
    46. 

  46.         return false
    47. 

  47.       else
    48. 

  48.         for k,v in pairs(data) do
    49. 

  49.           if (v and v ~= userdata and v == '1') then
    50. 

  50.             rspamd_logger.infox(rspamd_config, "found ip in keep_spam map, setting pre-result", v)
    51. 

  51.             task:set_pre_result('accept', 'IP matched with forward hosts')
    52. 

  52.           end
    53. 

  53.         end
    54. 

  54.       end
    55. 

  55.     end
    56. 

  56.     table.insert(ip_check_table, 1, 'KEEP_SPAM')
    57. 

  57.     local redis_ret_user = rspamd_redis_make_request(task,
    58. 

  58.       redis_params, -- connect params
    59. 

  59.       'KEEP_SPAM', -- hash key
    60. 

  60.       false, -- is write
    61. 

  61.       keep_spam_cb, --callback
    62. 

  62.       'HMGET', -- command
    63. 

  63.       ip_check_table -- arguments
    64. 

  64.     )
    65. 

  65.     if not redis_ret_user then
    66. 

  66.       rspamd_logger.infox(rspamd_config, "cannot check keep_spam redis map")
    67. 

  67.     end
    68. 

  68.   end,
    69. 

  69.   priority = 19
    70. 

  70. })
    71. 

  71. 

  72. rspamd_config:register_symbol({
    73. 

  73.   name = 'TAG_MOO',
    74. 

  74.   type = 'postfilter',
    75. 

  75.   callback = function(task)
    76. 

  76.     local util = require("rspamd_util")
    77. 

  77.     local rspamd_logger = require "rspamd_logger"
    78. 

  78. 

  79.     local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
    80. 

  80.     local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")
    81. 

  81. 

  82.     if tagged_rcpt and tagged_rcpt[1].options and mailcow_domain then
    83. 

  83.       local tag = tagged_rcpt[1].options[1]
    84. 

  84.       rspamd_logger.infox("found tag: %s", tag)
    85. 

  85.       local action = task:get_metric_action('default')
    86. 

  86.       rspamd_logger.infox("metric action now: %s", action)
    87. 

  87. 

  88.       if action ~= 'no action' and action ~= 'greylist' then
    89. 

  89.         rspamd_logger.infox("skipping tag handler for action: %s", action)
    90. 

  90.         task:set_metric_action('default', action)
    91. 

  91.         return true
    92. 

  92.       end
    93. 

  93. 

  94.       local wants_subject_tag = task:get_symbol("RCPT_WANTS_SUBJECT_TAG")
    95. 

  95.       local wants_subfolder_tag = task:get_symbol("RCPT_WANTS_SUBFOLDER_TAG")
    96. 

  96. 

  97.       if wants_subject_tag then
    98. 

  98.         rspamd_logger.infox("user wants subject modified for tagged mail")
    99. 

  99.         local sbj = task:get_header('Subject')
    100. 

  100.         new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
    101. 

  101.         task:set_milter_reply({
    102. 

  102.           remove_headers = {['Subject'] = 1},
    103. 

  103.           add_headers = {['Subject'] = new_sbj}
    104. 

  104.         })
    105. 

  105.       elseif wants_subfolder_tag then
    106. 

  106.         rspamd_logger.infox("Add X-Moo-Tag header")
    107. 

  107.         task:set_milter_reply({
    108. 

  108.           add_headers = {['X-Moo-Tag'] = 'YES'}
    109. 

  109.         })
    110. 

  110.       end
    111. 

  111.     end
    112. 

  112.   end,
    113. 

  113.   priority = 11
    114. 

  114. })
    115. 

  115. 

  116. rspamd_config:register_symbol({
    117. 

  117.   name = 'DYN_RL_CHECK',
    118. 

  118.   type = 'prefilter',
    119. 

  119.   callback = function(task)
    120. 

  120.     local util = require("rspamd_util")
    121. 

  121.     local redis_params = rspamd_parse_redis_server('dyn_rl')
    122. 

  122.     local rspamd_logger = require "rspamd_logger"
    123. 

  123.     local envfrom = task:get_from(1)
    124. 

  124.     local uname = task:get_user()
    125. 

  125.     if not envfrom or not uname then
    126. 

  126.       return false
    127. 

  127.     end
    128. 

  128.     local uname = uname:lower()
    129. 

  129. 

  130.     local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case
    131. 

  131. 

  132.     local function redis_cb_user(err, data)
    133. 

  133. 

  134.       if err or type(data) ~= 'string' then
    135. 

  135.         rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying dynamic ratelimit for domain...", uname, data, err)
    136. 

  136. 

  137.         local function redis_key_cb_domain(err, data)
    138. 

  138.           if err or type(data) ~= 'string' then
    139. 

  139.             rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for domain %s returned invalid or empty data (\"%s\") or error (\"%s\")", env_from_domain, data, err)
    140. 

  140.           else
    141. 

  141.             rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for domain %s with value %s", env_from_domain, data)
    142. 

  142.             task:insert_result('DYN_RL', 0.0, data, env_from_domain)
    143. 

  143.           end
    144. 

  144.         end
    145. 

  145. 

  146.         local redis_ret_domain = rspamd_redis_make_request(task,
    147. 

  147.           redis_params, -- connect params
    148. 

  148.           env_from_domain, -- hash key
    149. 

  149.           false, -- is write
    150. 

  150.           redis_key_cb_domain, --callback
    151. 

  151.           'HGET', -- command
    152. 

  152.           {'RL_VALUE', env_from_domain} -- arguments
    153. 

  153.         )
    154. 

  154.         if not redis_ret_domain then
    155. 

  155.           rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain")
    156. 

  156.         end
    157. 

  157.       else
    158. 

  158.         rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", uname, data)
    159. 

  159.         task:insert_result('DYN_RL', 0.0, data, uname)
    160. 

  160.       end
    161. 

  161. 

  162.     end
    163. 

  163. 

  164.     local redis_ret_user = rspamd_redis_make_request(task,
    165. 

  165.       redis_params, -- connect params
    166. 

  166.       uname, -- hash key
    167. 

  167.       false, -- is write
    168. 

  168.       redis_cb_user, --callback
    169. 

  169.       'HGET', -- command
    170. 

  170.       {'RL_VALUE', uname} -- arguments
    171. 

  171.     )
    172. 

  172.     if not redis_ret_user then
    173. 

  173.       rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for user")
    174. 

  174.     end
    175. 

  175.     return true
    176. 

  176.   end,
    177. 

  177.   priority = 20
    178. 

  178. })
    179. 

  179. 

  180. rspamd_config:register_symbol({
    181. 

  181.   name = 'NO_LOG_STAT',
    182. 

  182.   type = 'postfilter',
    183. 

  183.   callback = function(task)
    184. 

  184.     local from = task:get_header('From')
    185. 

  185.     if from and (string.find(from, 'monitoring-system@everycloudtech.us', 1, true) or from == 'watchdog@localhost') then
    186. 

  186.       task:set_flag('no_log')
    187. 

  187.       task:set_flag('no_stat')
    188. 

  188.     end
    189. 

  189.   end
    190. 

  190. })
    191.