static void
dkim_module_key_handler (rspamd_dkim_key_t *key,
gsize keylen,
rspamd_dkim_context_t *ctx,
gpointer ud,
GError *err)
{
struct rspamd_task *task = ud;
if (key != NULL) {
/* Add new key to the lru cache */
rspamd_lru_hash_insert (dkim_module_ctx->dkim_hash,
g_strdup (ctx->dns_key),
key, task->tv.tv_sec, key->ttl);
dkim_module_check (task, ctx, key);
}
else {
/* Insert tempfail symbol */
msg_info ("cannot get key for domain %s", ctx->dns_key);
if (err != NULL) {
rspamd_task_insert_result (task, dkim_module_ctx->symbol_tempfail, 1,
g_list_prepend (NULL,
rspamd_mempool_strdup (task->task_pool, err->message)));
}
else {
rspamd_task_insert_result (task, dkim_module_ctx->symbol_tempfail, 1, NULL);
}
}
if (err) {
g_error_free (err);
}
}
static void
process_regexp_item (struct rspamd_task *task, void *user_data)
{
struct regexp_module_item *item = user_data;
gint res = FALSE;
/* Non-threaded version */
if (item->lua_function) {
/* Just call function */
res = FALSE;
if (!rspamd_lua_call_expression_func (item->lua_function, task, NULL,
&res)) {
msg_err_task ("error occurred when checking symbol %s",
item->symbol);
}
}
else {
/* Process expression */
if (item->expr) {
res = rspamd_process_expression (item->expr, 0, task);
}
else {
msg_warn_task ("FIXME: %s symbol is broken with new expressions",
item->symbol);
}
}
if (res) {
rspamd_task_insert_result (task, item->symbol, res, NULL);
}
}
static void
dkim_module_check (struct rspamd_task *task,
rspamd_dkim_context_t *ctx,
rspamd_dkim_key_t *key)
{
gint res, score_allow = 1, score_deny = 1;
const gchar *strict_value;
msg_debug ("check dkim signature for %s domain from %s",
ctx->domain,
ctx->dns_key);
res = rspamd_dkim_check (ctx, key, task);
if (dkim_module_ctx->dkim_domains != NULL) {
/* Perform strict check */
if ((strict_value =
g_hash_table_lookup (dkim_module_ctx->dkim_domains,
ctx->domain)) != NULL) {
if (!dkim_module_parse_strict (strict_value, &score_allow,
&score_deny)) {
score_allow = dkim_module_ctx->strict_multiplier;
score_deny = dkim_module_ctx->strict_multiplier;
msg_debug (
"no specific score found for %s domain, using %d for it",
ctx->domain,
score_deny);
}
else {
msg_debug (
"specific score found for %s domain: using %d for deny and %d for allow",
ctx->dns_key,
score_deny,
score_allow);
}
}
}
if (res == DKIM_REJECT) {
rspamd_task_insert_result (task, dkim_module_ctx->symbol_reject, score_deny, NULL);
}
else if (res == DKIM_TRYAGAIN) {
rspamd_task_insert_result (task, dkim_module_ctx->symbol_tempfail, 1, NULL);
}
else if (res == DKIM_CONTINUE) {
rspamd_task_insert_result (task, dkim_module_ctx->symbol_allow, score_allow, NULL);
}
}
static void
lua_metric_symbol_callback (struct rspamd_task *task, gpointer ud)
{
struct lua_callback_data *cd = ud;
struct rspamd_task **ptask;
gint level = lua_gettop (cd->L), nresults;
if (cd->cb_is_ref) {
lua_rawgeti (cd->L, LUA_REGISTRYINDEX, cd->callback.ref);
}
else {
lua_getglobal (cd->L, cd->callback.name);
}
ptask = lua_newuserdata (cd->L, sizeof (struct rspamd_task *));
rspamd_lua_setclass (cd->L, "rspamd{task}", -1);
*ptask = task;
if (lua_pcall (cd->L, 1, LUA_MULTRET, 0) != 0) {
msg_info ("call to (%s)%s failed: %s", cd->symbol,
cd->cb_is_ref ? "local function" : cd->callback.name,
lua_tostring (cd->L, -1));
}
nresults = lua_gettop (cd->L) - level;
if (nresults >= 1) {
/* Function returned boolean, so maybe we need to insert result? */
gboolean res;
GList *opts = NULL;
gint i;
gdouble flag = 1.0;
if (lua_type (cd->L, level + 1) == LUA_TBOOLEAN) {
res = lua_toboolean (cd->L, level + 1);
if (res) {
gint first_opt = 2;
if (lua_type (cd->L, level + 2) == LUA_TNUMBER) {
flag = lua_tonumber (cd->L, level + 2);
/* Shift opt index */
first_opt = 3;
}
for (i = lua_gettop (cd->L); i >= level + first_opt; i --) {
if (lua_type (cd->L, i) == LUA_TSTRING) {
const char *opt = lua_tostring (cd->L, i);
opts = g_list_prepend (opts,
rspamd_mempool_strdup (task->task_pool, opt));
}
}
rspamd_task_insert_result (task, cd->symbol, flag, opts);
}
}
lua_pop (cd->L, nresults);
}
}
static void
chartable_symbol_callback (struct rspamd_task *task, void *unused)
{
guint i;
struct mime_text_part *part;
for (i = 0; i < task->text_parts->len; i ++) {
part = g_ptr_array_index (task->text_parts, i);
if (!IS_PART_EMPTY (part) && check_part (part, task->cfg->raw_mode)) {
rspamd_task_insert_result (task, chartable_module_ctx->symbol, 1, NULL);
}
}
}
static void
dkim_symbol_callback (struct rspamd_task *task, void *unused)
{
GList *hlist;
rspamd_dkim_context_t *ctx;
rspamd_dkim_key_t *key;
GError *err = NULL;
struct raw_header *rh;
struct dkim_check_result *res = NULL, *cur;
guint checked = 0;
/* First check if plugin should be enabled */
if (task->user != NULL || rspamd_inet_address_is_local (task->from_addr)) {
msg_info_task ("skip DKIM checks for local networks and authorized users");
return;
}
/* Check whitelist */
if (radix_find_compressed_addr (dkim_module_ctx->whitelist_ip,
task->from_addr) != RADIX_NO_VALUE) {
msg_info_task ("skip DKIM checks for whitelisted address");
return;
}
/* Now check if a message has its signature */
hlist = rspamd_message_get_header (task,
DKIM_SIGNHEADER,
FALSE);
if (hlist != NULL) {
msg_debug_task ("dkim signature found");
while (hlist != NULL) {
rh = (struct raw_header *)hlist->data;
if (rh->decoded == NULL || rh->decoded[0] == '\0') {
msg_info_task ("<%s> cannot load empty DKIM context",
task->message_id);
hlist = g_list_next (hlist);
continue;
}
if (res == NULL) {
res = rspamd_mempool_alloc0 (task->task_pool, sizeof (*res));
res->prev = res;
res->w = rspamd_session_get_watcher (task->s);
cur = res;
}
else {
cur = rspamd_mempool_alloc0 (task->task_pool, sizeof (*res));
}
cur->first = res;
cur->res = -1;
cur->task = task;
cur->mult_allow = 1.0;
cur->mult_deny = 1.0;
ctx = rspamd_create_dkim_context (rh->decoded,
task->task_pool,
dkim_module_ctx->time_jitter,
&err);
if (ctx == NULL) {
if (err != NULL) {
msg_info_task ("<%s> cannot parse DKIM context: %e",
task->message_id, err);
g_error_free (err);
err = NULL;
}
else {
msg_info_task ("<%s> cannot parse DKIM context: "
"unknown error",
task->message_id);
}
hlist = g_list_next (hlist);
continue;
}
else {
/* Get key */
cur->ctx = ctx;
if (dkim_module_ctx->trusted_only &&
(dkim_module_ctx->dkim_domains == NULL ||
g_hash_table_lookup (dkim_module_ctx->dkim_domains,
rspamd_dkim_get_domain (ctx)) == NULL)) {
msg_debug_task ("skip dkim check for %s domain",
rspamd_dkim_get_domain (ctx));
hlist = g_list_next (hlist);
continue;
}
key = rspamd_lru_hash_lookup (dkim_module_ctx->dkim_hash,
rspamd_dkim_get_dns_key (ctx),
task->tv.tv_sec);
if (key != NULL) {
cur->key = rspamd_dkim_key_ref (key);
/* Release key when task is processed */
rspamd_mempool_add_destructor (task->task_pool,
dkim_module_key_dtor, cur->key);
}
else {
rspamd_get_dkim_key (ctx,
task,
dkim_module_key_handler,
cur);
}
}
if (res != cur) {
DL_APPEND (res, cur);
}
if (dkim_module_ctx->skip_multi) {
if (hlist->next) {
msg_info_task ("message has multiple signatures but we"
" check only one as 'skip_multi' is set");
}
break;
}
checked ++;
if (checked > dkim_module_ctx->max_sigs) {
msg_info_task ("message has multiple signatures but we"
" stopped after %d checked signatures as limit"
" is reached", checked);
break;
}
hlist = g_list_next (hlist);
}
}
else {
rspamd_task_insert_result (task,
dkim_module_ctx->symbol_na,
1.0,
NULL);
}
if (res != NULL) {
rspamd_session_watcher_push (task->s);
dkim_module_check (res);
}
}
static void
dkim_module_check (struct dkim_check_result *res)
{
gboolean all_done = TRUE, got_allow = FALSE;
const gchar *strict_value;
struct dkim_check_result *first, *cur, *sel = NULL;
first = res->first;
DL_FOREACH (first, cur) {
if (cur->ctx == NULL) {
continue;
}
if (cur->key != NULL && cur->res == -1) {
cur->res = rspamd_dkim_check (cur->ctx, cur->key, cur->task);
if (dkim_module_ctx->dkim_domains != NULL) {
/* Perform strict check */
if ((strict_value =
g_hash_table_lookup (dkim_module_ctx->dkim_domains,
rspamd_dkim_get_domain (cur->ctx))) != NULL) {
if (!dkim_module_parse_strict (strict_value, &cur->mult_allow,
&cur->mult_deny)) {
cur->mult_allow = dkim_module_ctx->strict_multiplier;
cur->mult_deny = dkim_module_ctx->strict_multiplier;
}
}
}
}
if (cur->res == -1 || cur->key == NULL) {
/* Still need a key */
all_done = FALSE;
}
}
if (all_done) {
DL_FOREACH (first, cur) {
if (cur->ctx == NULL) {
continue;
}
if (cur->res == DKIM_CONTINUE) {
rspamd_task_insert_result (cur->task,
dkim_module_ctx->symbol_allow,
cur->mult_allow * 1.0,
g_list_prepend (NULL,
rspamd_mempool_strdup (cur->task->task_pool,
rspamd_dkim_get_domain (cur->ctx))));
got_allow = TRUE;
sel = NULL;
}
else if (!got_allow) {
if (sel == NULL) {
sel = cur;
}
else if (sel->res == DKIM_TRYAGAIN && cur->res != DKIM_TRYAGAIN) {
sel = cur;
}
}
}
}
if (sel != NULL) {
if (sel->res == DKIM_REJECT) {
rspamd_task_insert_result (sel->task,
dkim_module_ctx->symbol_reject,
sel->mult_deny * 1.0,
g_list_prepend (NULL,
rspamd_mempool_strdup (sel->task->task_pool,
rspamd_dkim_get_domain (sel->ctx))));
}
else {
rspamd_task_insert_result (sel->task,
dkim_module_ctx->symbol_tempfail,
1.0,
g_list_prepend (NULL,
rspamd_mempool_strdup (sel->task->task_pool,
rspamd_dkim_get_domain (sel->ctx))));
}
}
if (all_done) {
rspamd_session_watcher_pop (res->task->s, res->w);
}
}
static void
dkim_module_check (struct dkim_check_result *res)
{
gboolean all_done = TRUE;
const gchar *strict_value;
struct dkim_check_result *first, *cur = NULL;
first = res->first;
DL_FOREACH (first, cur) {
if (cur->ctx == NULL) {
continue;
}
if (cur->key != NULL && cur->res == -1) {
cur->res = rspamd_dkim_check (cur->ctx, cur->key, cur->task);
if (dkim_module_ctx->dkim_domains != NULL) {
/* Perform strict check */
if ((strict_value =
g_hash_table_lookup (dkim_module_ctx->dkim_domains,
rspamd_dkim_get_domain (cur->ctx))) != NULL) {
if (!dkim_module_parse_strict (strict_value, &cur->mult_allow,
&cur->mult_deny)) {
cur->mult_allow = dkim_module_ctx->strict_multiplier;
cur->mult_deny = dkim_module_ctx->strict_multiplier;
}
}
}
}
}
DL_FOREACH (first, cur) {
if (cur->ctx == NULL) {
continue;
}
if (cur->res == -1) {
/* Still need a key */
all_done = FALSE;
}
}
if (all_done) {
DL_FOREACH (first, cur) {
const gchar *symbol = NULL;
int symbol_weight = 1;
if (cur->ctx == NULL) {
continue;
}
if (cur->res == DKIM_REJECT) {
symbol = dkim_module_ctx->symbol_reject;
symbol_weight = cur->mult_deny * 1.0;
}
else if (cur->res == DKIM_CONTINUE) {
symbol = dkim_module_ctx->symbol_allow;
symbol_weight = cur->mult_allow * 1.0;
}
else if (cur->res == DKIM_PERM_ERROR) {
symbol = dkim_module_ctx->symbol_permfail;
}
else if (cur->res == DKIM_TRYAGAIN) {
symbol = dkim_module_ctx->symbol_tempfail;
}
if (symbol != NULL) {
rspamd_task_insert_result (cur->task,
symbol,
symbol_weight,
rspamd_dkim_get_domain (cur->ctx));
}
}
rspamd_session_watcher_pop (res->task->s, res->w);
}
}
