From 7bcb9414ab32ecd7f0d0e26a22d4ad6a05967c56 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 25 Oct 2020 10:34:13 +0100 Subject: [PATCH] [Rspamd] Handle Postmaster in and outbound as trusted --- data/conf/rspamd/lua/rspamd.local.lua | 63 +++++++++++++++++++++--- data/conf/rspamd/override.d/logging.inc | 2 +- data/web/inc/presets/rspamd/preset_2.yml | 10 ---- 3 files changed, 56 insertions(+), 19 deletions(-) delete mode 100644 data/web/inc/presets/rspamd/preset_2.yml diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua index 1725d02c9..74fee6a6f 100644 --- a/data/conf/rspamd/lua/rspamd.local.lua +++ b/data/conf/rspamd/lua/rspamd.local.lua @@ -87,6 +87,45 @@ rspamd_config:register_symbol({ priority = 10 }) +rspamd_config:register_symbol({ + name = 'POSTMASTER_HANDLER', + type = 'prefilter', + callback = function(task) + local rcpts = task:get_recipients('smtp') + local rspamd_logger = require "rspamd_logger" + local lua_util = require "lua_util" + local from = task:get_from(1) + + -- not applying to mails with more than one rcpt to avoid bypassing filters by addressing postmaster + if rcpts and #rcpts == 1 then + for _,rcpt in ipairs(rcpts) do + local rcpt_split = rspamd_str_split(rcpt['addr'], '@') + if #rcpt_split == 2 then + if rcpt_split[1] == 'postmaster' then + task:set_pre_result('accept', 'whitelisting postmaster smtp rcpt') + return + end + end + end + end + + if from then + for _,fr in ipairs(from) do + local fr_split = rspamd_str_split(fr['addr'], '@') + if #fr_split == 2 then + if fr_split[1] == 'postmaster' then + -- no whitelist, keep signatures + task:insert_result(true, 'POSTMASTER_FROM', -2500.0, from_ip_string) + return + end + end + end + end + + end, + priority = 19 +}) + rspamd_config:register_symbol({ name = 'DIRECT_ALIAS_EXPANDER', type = 'prefilter', @@ -94,6 +133,7 @@ rspamd_config:register_symbol({ local rspamd_http = require "rspamd_http" local rcpts = task:get_recipients('smtp') local rspamd_logger = require "rspamd_logger" + local lua_util = require "lua_util" local function http_callback(err_message, code, body, headers) if body ~= nil and body ~= "" then @@ -108,18 +148,25 @@ rspamd_config:register_symbol({ if rcpts and #rcpts == 1 then for _,rcpt in ipairs(rcpts) do - rspamd_http.request({ - task=task, - url='http://nginx:8081/aliasexp.php', - body='', - callback=http_callback, - headers={Rcpt=rcpt['addr']}, - }) + local rcpt_split = rspamd_str_split(rcpt['addr'], '@') + if #rcpt_split == 2 then + if rcpt_split[1] == 'postmaster' then + rspamd_logger.infox(rspamd_config, "not expanding postmaster alias") + end + else + rspamd_http.request({ + task=task, + url='http://nginx:8081/aliasexp.php', + body='', + callback=http_callback, + headers={Rcpt=rcpt['addr']}, + }) + end end end end, - priority = 19 + priority = 18 }) rspamd_config:register_symbol({ diff --git a/data/conf/rspamd/override.d/logging.inc b/data/conf/rspamd/override.d/logging.inc index 64d4064db..750b25cd5 100644 --- a/data/conf/rspamd/override.d/logging.inc +++ b/data/conf/rspamd/override.d/logging.inc @@ -1,4 +1,4 @@ -level = "silent"; +level = "info"; type = "console"; systemd = false; .include "$CONFDIR/logging.inc" diff --git a/data/web/inc/presets/rspamd/preset_2.yml b/data/web/inc/presets/rspamd/preset_2.yml deleted file mode 100644 index bc0b0f03c..000000000 --- a/data/web/inc/presets/rspamd/preset_2.yml +++ /dev/null @@ -1,10 +0,0 @@ -headline: lang.rsettings_preset_2 -content: | - priority = 10; - rcpt = "/postmaster@.*/"; - apply { - symbols_enabled = ["DKIM_SIGNED", "HISTORY_SAVE", "MILTER_HEADERS", "ARC_SIGNED"]; - actions { - greylist = null; - } - }