rspamd: add sender whitelist/blacklist maps

Author: jnorell

install/lib/installer_base.lib.php

@@ -1898,6 +1898,7 @@ public function configure_rspamd() {
 			'users.conf',
 			'groups.conf',
 			'multimap.conf',
+			'force_actions.conf',
 		);
 		foreach ($local_d as $f) {
 			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
@@ -1951,6 +1952,66 @@ public function configure_rspamd() {
 			}
 		}
 
+		$filename = '/etc/rspamd/local.d/maps.d/sender_whitelist.inc.ispc';
+		@unlink($filename);
+		$records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+		if (count($records) > 0) {
+			if ($fp = fopen($filename, 'w')) {
+				fwrite($fp, "# ISPConfig whitelisted sender addresses\n\n");
+				foreach($records as $record) {
+					fwrite($fp, $record['source'] . "\n");
+				}
+				fclose($fp);
+			} else {
+				$this->error("Error: cannot open $filename for writing");
+			}
+		}
+
+		$filename = '/etc/rspamd/local.d/maps.d/sender_blacklist.inc.ispc';
+		@unlink($filename);
+		$records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+		if (count($records) > 0) {
+			if ($fp = fopen($filename, 'w')) {
+				fwrite($fp, "# ISPConfig blacklisted sender addresses\n\n");
+				foreach($records as $record) {
+					fwrite($fp, $record['source'] . "\n");
+				}
+				fclose($fp);
+			} else {
+				$this->error("Error: cannot open $filename for writing");
+			}
+		}
+
+		$filename = '/etc/rspamd/local.d/maps.d/sender_domain_whitelist.inc.ispc';
+		@unlink($filename);
+		$records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+		if (count($records) > 0) {
+			if ($fp = fopen($filename, 'w')) {
+				fwrite($fp, "# ISPConfig whitelisted sender domains\n\n");
+				foreach($records as $record) {
+					fwrite($fp, ltrim($record['source'], '.') . "\n");
+				}
+				fclose($fp);
+			} else {
+				$this->error("Error: cannot open $filename for writing");
+			}
+		}
+
+		$filename = '/etc/rspamd/local.d/maps.d/sender_domain_blacklist.inc.ispc';
+		@unlink($filename);
+		$records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+		if (count($records) > 0) {
+			if ($fp = fopen($filename, 'w')) {
+				fwrite($fp, "# ISPConfig blacklisted sender domains\n\n");
+				foreach($records as $record) {
+					fwrite($fp, ltrim($record['source'], '.') . "\n");
+				}
+				fclose($fp);
+			} else {
+				$this->error("Error: cannot open $filename for writing");
+			}
+		}
+
 
 		# rename rspamd templates we no longer use
 		if(file_exists("/etc/rspamd/local.d/greylist.conf")) {

install/tpl/rspamd_force_actions.conf.master

@@ -0,0 +1,18 @@
+rules {
+
+  ISPC_WHITELIST_SENDER {
+    expression = "(ISPC_WHITELIST_ENVFROM and (R_DKIM_ALLOW or R_SPF_ALLOW)) or (ISPC_WHITELIST_FROM and R_DKIM_ALLOW) and !CLAM_VIRUS and !JUST_EICAR";
+    action = "no action";
+  }
+
+  ISPC_BLACKLIST_SENDER {
+    expression = "(ISPC_BLACKLIST_FROM or ISPC_BLACKLIST_FROM_DOMAIN) and R_DKIM_ALLOW and !ISPC_WHITELIST_SENDER and !ISPC_WHITELIST_SENDER_DOMAIN";
+    action = "reject";
+  }
+
+  ISPC_WHITELIST_SENDER_DOMAIN {
+    expression = "(ISPC_WHITELIST_ENVFROM_DOMAIN and (ISPC_WHITELIST_DKIM or ISPC_WHITELIST_SPF)) or (ISPC_WHITELIST_FROM_DOMAIN and ISPC_WHITELIST_DKIM) and !CLAM_VIRUS and !JUST_EICAR";
+    action = "no action";
+  }
+
+}

install/tpl/rspamd_multimap.conf.master

@@ -9,6 +9,68 @@ ISPC_WHITELIST_IP {
 
 # ISPC_BLACKLIST_IP:  Postfix blocks blacklisted IP's, no need to configure those here.
 
+ISPC_WHITELIST_ENVFROM {
+  type = "from";
+  filter = "email";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ];
+  score = -7.0;
+  description = "Whitelisted sender address";
+  group = "ispconfig";
+}
+
+# ISPC_BLACKLIST_ENVFROM:  Postfix blocks blacklisted senders, no need to configure those here.
+
+ISPC_WHITELIST_ENVFROM_DOMAIN {
+  type = "from";
+  filter = "email:domain";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ];
+  score = -7.0;
+  description = "Whitelisted sender domain";
+  group = "ispconfig";
+}
+
+# ISPC_BLACKLIST_ENVFROM_DOMAIN:  Postfix blocks blacklisted sender domains, no need to configure those here.
+
+ISPC_WHITELIST_FROM {
+  type = "selector";
+  selector = "from('mime')";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ];
+  # trivial to spoof so primarily used via composite expression in force_actions.conf
+  score = -1.0;
+  description = "From: header address in sender whitelist.";
+  group = "ispconfig";
+}
+
+ISPC_BLACKLIST_FROM {
+  type = "selector";
+  selector = "from('mime')";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ];
+  score = 12.0;
+  description = "From: header address in sender blacklist.";
+  group = "ispconfig";
+}
+
+ISPC_WHITELIST_FROM_DOMAIN {
+  type = "selector";
+  selector = "from('mime'):domain";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ];
+  # trivial to spoof so primarily used via composite expression in force_actions.conf
+  score = -1.0;
+  description = "From: header domain in sender whitelist.";
+  group = "ispconfig";
+}
+
+ISPC_BLACKLIST_FROM_DOMAIN {
+  type = "selector";
+  selector = "from('mime'):domain";
+  map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ];
+  score = 12.0;
+  description = "From: header domain in sender blacklist.";
+  group = "ispconfig";
+}
+
+
+# Invaluement.com Service Provider DNSBLs
 # from https://rspamd.com/doc/configuration/selectors.html
 INVALUEMENT_SENDGRID_ID {
   type = "selector";

install/tpl/rspamd_whitelist.conf.master

@@ -2,7 +2,9 @@ rules {
   "ISPC_WHITELIST_SPF" = {
     valid_spf = true;
     domains = [
-      "$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.ispc"
+      "$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.ispc",
+      "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc",
+      "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local"
     ];
     score = -2.0
     inverse_symbol = "ISPC_BLACKLIST_SPF";
@@ -11,7 +13,9 @@ rules {
   "ISPC_WHITELIST_DKIM" = {
     valid_dkim = true;
     domains = [
-      "$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.ispc"
+      "$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.ispc",
+      "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc",
+      "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local"
     ];
     score = -2.0;
     inverse_symbol = "ISPC_BLACKLIST_DKIM";

server/plugins-available/rspamd_plugin.inc.php

@@ -510,19 +510,100 @@ function mail_access_update($event_name, $data) {
 
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
+		
+/*
+    [new] => Array
+        (
+            [access_id] => 5
+            [sys_userid] => 1
+            [sys_groupid] => 1
+            [sys_perm_user] => riud
+            [sys_perm_group] => riud
+            [sys_perm_other] => 
+            [server_id] => 1
+            [source] => 1.2.3.5
+            [access] => OK
+            [type] => client
+            [active] => y
+        )
+ */
 		# generated local.d/maps.d files
-		$filename = '/etc/rspamd/local.d/maps.d/ip_whitelist.inc.ispc';
-		@unlink($filename);
-		$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'client' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
-		if (count($records) > 0) {
-			if ($fp = fopen($filename, 'w')) {
-				fwrite($fp, "# ISPConfig whitelisted ip addresses\n\n");
-				foreach($records as $record) {
-					fwrite($fp, $record['source'] . "\n");
+		if ($data['old']['type'] == 'client' || $data['new']['type'] == 'client') {
+			$filename = '/etc/rspamd/local.d/maps.d/ip_whitelist.inc.ispc';
+			@unlink($filename);
+			$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'client' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+			if (count($records) > 0) {
+				if ($fp = fopen($filename, 'w')) {
+					fwrite($fp, "# ISPConfig whitelisted ip addresses\n\n");
+					foreach($records as $record) {
+						fwrite($fp, $record['source'] . "\n");
+					}
+					fclose($fp);
+				} else {
+					$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
+				}
+			}
+		}
+
+		if ($data['old']['type'] == 'sender' || $data['new']['type'] == 'sender') {
+			$filename = '/etc/rspamd/local.d/maps.d/sender_whitelist.inc.ispc';
+			@unlink($filename);
+			$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+			if (count($records) > 0) {
+				if ($fp = fopen($filename, 'w')) {
+					fwrite($fp, "# ISPConfig whitelisted sender addresses\n\n");
+					foreach($records as $record) {
+						fwrite($fp, $record['source'] . "\n");
+					}
+					fclose($fp);
+				} else {
+					$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
+				}
+			}
+
+			$filename = '/etc/rspamd/local.d/maps.d/sender_blacklist.inc.ispc';
+			@unlink($filename);
+			$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+			if (count($records) > 0) {
+				if ($fp = fopen($filename, 'w')) {
+					fwrite($fp, "# ISPConfig blacklisted sender addresses\n\n");
+					foreach($records as $record) {
+						fwrite($fp, $record['source'] . "\n");
+					}
+					fclose($fp);
+				} else {
+					$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
+				}
+			}
+
+			$filename = '/etc/rspamd/local.d/maps.d/sender_domain_whitelist.inc.ispc';
+			@unlink($filename);
+			$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+			if (count($records) > 0) {
+				if ($fp = fopen($filename, 'w')) {
+					fwrite($fp, "# ISPConfig whitelisted sender domains\n\n");
+					foreach($records as $record) {
+						fwrite($fp, ltrim($record['source'], '.') . "\n");
+					}
+					fclose($fp);
+				} else {
+					$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
+				}
+			}
+
+			$filename = '/etc/rspamd/local.d/maps.d/sender_domain_blacklist.inc.ispc';
+			@unlink($filename);
+			$records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']);
+			if (count($records) > 0) {
+				if ($fp = fopen($filename, 'w')) {
+					fwrite($fp, "# ISPConfig blacklisted sender domains\n\n");
+					foreach($records as $record) {
+						fwrite($fp, ltrim($record['source'], '.') . "\n");
+					}
+					fclose($fp);
+				} else {
+					$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
 				}
-				fclose($fp);
-			} else {
-				$app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN);
 			}
 		}
 	}