Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-18 14:47:03 +00:00
Code Releases Activity
Files
4116c046bc733159dde3bcf19fdb5ea6c1c84d20
go-chasquid-smtp/etc/chasquid/hooks/post-data
Alberto Bertogli 4116c046bc hooks: Ignore rspamd's greylist action 
The default hook will use rspamc (the command-line client of rspamd) if
it is installed. rspamc will emit one suggested action, and then the
hook will interpret it and return accordingly.

Because the possible actions returned by rspamc are user-configured,
this patch adds a comment to make it clear that the hook will need
adjustment if the configuration uses non-default actions.

In particular, the greylisting module (which usually handles the
"greylist" action) is not run when using rspamc. This can cause
unnecessary rejections and is quite misleading.

This patch removes the "greylist" action handling; now the default hook
will only reject mail once it reaches rspamd's configured threshold for
direct rejection.

In the future, a more custom integration with rspamd might be added to
allow for rspamd-based greylisting, but until then this is a more
reasonable default.

Thanks to Jonas Seydel (thor77) and Max Mazurov (fox.cpp@disroot.org)
for noticing this issue, helping investigate, and discussing the course
of action.
2020-06-01 21:05:02 +01:00

96 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# This file is an example post-data hook that will run standard filtering
# utilities if they are available.
#
# - greylist (from greylistd) to do greylisting.
# - spamc (from Spamassassin) to filter spam.
# - rspamc (from rspamd) to filter spam.
# - clamdscan (from ClamAV) to filter virus.
# - dkimsign (from driusan/dkim) to do DKIM signing.
#
# If it exits with code 20, it will be considered a permanent error.
# Otherwise, temporary.
set -e
# Note greylistd needs you to add the user to the "greylist" group:
# usermod -a -G greylist mail
if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
command -v greylist >/dev/null && \
groups | grep -q greylist;
then
REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
echo "greylisted, please try again"
exit 75 # temporary error
fi
echo "X-Greylist: pass"
fi
TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
trap 'rm "$TF"' EXIT
# Save the message to the temporary file, so we can pass it on to the various
# filters.
cat > "$TF"
if command -v spamc >/dev/null; then
if ! SL=$(spamc -c - < "$TF") ; then
echo "spam detected"
exit 20 # permanent
fi
echo "X-Spam-Score: $SL"
fi
if command -v rspamc >/dev/null; then
# Note the actions emitted by rspamc come from the thresholds
# configured in /etc/rspamd/actions.conf.
# The ones handled here are common defaults, but they might require
# adjusting to match your rspamd configuration.
# Note that greylisting is disabled in rspamc by design, so the
# "greylist" action is ignored here to prevent false rejections.
ACTION=$( rspamc < "$TF" 2>/dev/null | grep Action: | cut -d " " -f 2- )
case "$ACTION" in
reject)
echo "spam detected"
exit 20 # permanent error
;;
esac
echo "X-Spam-Action:" "$ACTION"
fi
if command -v clamdscan >/dev/null; then
if ! clamdscan --no-summary --infected - < "$TF" 1>&2 ; then
echo "virus detected"
exit 20 # permanent
fi
echo "X-Virus-Scanned: pass"
fi
# DKIM sign with https://github.com/driusan/dkim.
#
# Do it only if all the following are true:
# - User has authenticated.
# - dkimsign binary exists.
# - domains/$DOMAIN/dkim_selector file exists.
# - certs/$DOMAIN/dkim_privkey.pem file exists.
#
# Note this has not been thoroughly tested, so might need further adjustments.
if [ "$AUTH_AS" != "" ] && command -v dkimsign >/dev/null; then
DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
if [ -f "domains/$DOMAIN/dkim_selector" ] \
&& [ -f "certs/$DOMAIN/dkim_privkey.pem" ]; then
dkimsign -n -hd \
-key "certs/$DOMAIN/dkim_privkey.pem" \
-s "$(cat "domains/$DOMAIN/dkim_selector")" \
-d "$DOMAIN" \
< "$TF"
fi
fi
View Git Blame Copy Permalink