From dd99866675408214be0271c7a70a8b7eb88955e7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 16 Jun 2018 18:08:09 +0100 Subject: [PATCH] Revert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised" This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2. --- doc/doc-docbook/spec.xfpt | 29 +++--------- doc/doc-txt/ChangeLog | 4 ++ src/README.UPDATING | 2 + src/src/spam.c | 83 ++++++--------------------------- src/src/spam.h | 1 - test/confs/4003 | 33 ------------- test/confs/4008 | 2 +- test/log/4003 | 4 -- test/scripts/4000-scanning/4003 | 51 -------------------- test/stdout/4003 | 47 ------------------- 10 files changed, 26 insertions(+), 230 deletions(-) delete mode 100644 test/confs/4003 delete mode 100644 test/log/4003 delete mode 100644 test/scripts/4000-scanning/4003 delete mode 100644 test/stdout/4003 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 8b939b52b..cd95d99ff 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32265,20 +32265,14 @@ deny message = This message contains malware ($malware_name) .endd -.section "Scanning with SpamAssassin and Rspamd" "SECTscanspamass" +.section "Scanning with SpamAssassin" "SECTscanspamass" .cindex "content scanning" "for spam" .cindex "spam scanning" .cindex "SpamAssassin" -.cindex "Rspamd" The &%spam%& ACL condition calls SpamAssassin's &%spamd%& daemon to get a spam -score and a report for the message. -Support is also provided for Rspamd. - -For more information about installation and configuration of SpamAssassin or -Rspamd refer to their respective websites at -&url(http://spamassassin.apache.org) and &url(http://www.rspamd.com) - -SpamAssassin can be installed with CPAN by running: +score and a report for the message. You can get SpamAssassin at +&url(http://www.spamassassin.org), or, if you have a working Perl +installation, you can use CPAN by running: .code perl -MCPAN -e 'install Mail::SpamAssassin' .endd @@ -32304,14 +32298,6 @@ server (currently defaulting to 120s). With a lower value the Linux connection tracking may consider your half-closed connection as dead too soon. - -To use Rspamd (which by default listens on all local addresses -on TCP port 11333) -you should add &%variant=rspamd%& after the address/port pair, for example: -.code -spamd_address = 127.0.0.1 11333 variant=rspamd -.endd - As of version 2.60, &%SpamAssassin%& also supports communication over UNIX sockets. If you want to us these, supply &%spamd_address%& with an absolute file name instead of an address/port pair: @@ -32396,8 +32382,7 @@ The right-hand side of the &%spam%& condition specifies a name. This is relevant if you have set up multiple SpamAssassin profiles. If you do not want to scan using a specific profile, but rather use the SpamAssassin system-wide default profile, you can scan for an unknown name, or simply use &"nobody"&. -Rspamd does not use this setting. However, you must put something on the -right-hand side. +However, you must put something on the right-hand side. The name allows you to use per-domain or per-user antispam profiles in principle, but this is not straightforward in practice, because a message may @@ -32466,10 +32451,8 @@ when running in country-specific locales, which are not legal unencoded in headers. .vitem &$spam_action$& -For SpamAssassin either 'reject' or 'no action' depending on the +Either 'reject' or 'no action' depending on the spam score versus threshold. -For Rspamd, the recommended action. - .endlist The &%spam%& condition caches its results unless expansion in diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index bc3f8d393..58b82bddd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -72,6 +72,10 @@ JH/15 Rework TLS client-side context management. Stop using a global, and explicitly pass a context around. This enables future use of TLS for connections to service-daemons (eg. malware scanning) while a client smtp connection is using TLS; with cutthrough connections this is quite likely. +JH/15 Support for Rspamd, as a variant of the "spam" ACL condition used for + connecting to a SpamAssassain "spamd" daemon for content scanning, is + removed. Following changes to the protocol used for communication with + Rspamd it was apparently inoperable. JH/16 Fix ARC verification to do AS checks in reverse order. JH/16 Support a "tls" option on the ${readsocket } expansion item. diff --git a/src/README.UPDATING b/src/README.UPDATING index 2438cc953..11cd0ba44 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -34,6 +34,8 @@ Exim version 4.92 is limited to one retry unless the (new) config option dns_cname_loops is changed. + * Support for Rspamd has been removed. + Exim version 4.91 ----------------- diff --git a/src/src/spam.c b/src/src/spam.c index d85e6e104..db6cf8495 100644 --- a/src/src/spam.c +++ b/src/src/spam.c @@ -16,7 +16,7 @@ uschar spam_score_buffer[16]; uschar spam_score_int_buffer[16]; uschar spam_bar_buffer[128]; -uschar spam_action_buffer[32]; +uschar * spam_action_buffer; uschar spam_report_buffer[32600]; uschar prev_user_name[128] = ""; int spam_ok = 0; @@ -94,12 +94,6 @@ if (Ustrncmp(param, "time=", 5) == 0) return 0; /* OK */ } -if (Ustrcmp(param, "variant=rspamd") == 0) - { - spamd->is_rspamd = TRUE; - return 0; - } - if (Ustrncmp(param, "tmo=", 4) == 0) { int sec = readconf_readtime((s = param+4), '\0', FALSE); @@ -367,37 +361,16 @@ start = time(NULL); } (void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK); -/* now we are connected to spamd on spamd_cctx.sock */ -if (sd->is_rspamd) - { /* rspamd variant */ - uschar *req_str; - const char *helo; - const char *fcrdns; - - req_str = string_sprintf("CHECK RSPAMC/1.3\r\nContent-length: %lu\r\n" - "Queue-Id: %s\r\nFrom: <%s>\r\nRecipient-Number: %d\r\n", - mbox_size, message_id, sender_address, recipients_count); - for (i = 0; i < recipients_count; i ++) - req_str = string_sprintf("%sRcpt: <%s>\r\n", req_str, recipients_list[i].address); - if ((helo = expand_string(US"$sender_helo_name")) != NULL && *helo != '\0') - req_str = string_sprintf("%sHelo: %s\r\n", req_str, helo); - if ((fcrdns = expand_string(US"$sender_host_name")) != NULL && *fcrdns != '\0') - req_str = string_sprintf("%sHostname: %s\r\n", req_str, fcrdns); - if (sender_host_address != NULL) - req_str = string_sprintf("%sIP: %s\r\n", req_str, sender_host_address); - req_str = string_sprintf("%s\r\n", req_str); - wrote = send(spamd_cctx.sock, req_str->s, req_str->ptr, 0); - } - else - { /* spamassassin variant */ - (void)string_format(spamd_buffer, - sizeof(spamd_buffer), - "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n", - user_name, - mbox_size); - /* send our request */ - wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0); - } +/* now we are connected to spamd on spamd_sock */ + +(void)string_format(spamd_buffer, + sizeof(spamd_buffer), + "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n", + user_name, + mbox_size); +/* send our request */ +wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0); + if (wrote == -1) { (void)close(spamd_cctx.sock); @@ -420,7 +393,6 @@ if (wrote == -1) pollfd.fd = spamd_cctx.sock; pollfd.events = POLLOUT; #endif -(void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK); do { read = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file); @@ -487,8 +459,7 @@ if (ferror(mbox_file)) (void)fclose(mbox_file); /* we're done sending, close socket for writing */ -if (!sd->is_rspamd) - shutdown(spamd_cctx.sock, SHUT_WR); +shutdown(spamd_cctx.sock, SHUT_WR); /* read spamd response using what's left of the timeout. */ memset(spamd_buffer, 0, sizeof(spamd_buffer)); @@ -512,33 +483,6 @@ if (i <= 0 && errno != 0) /* reading done */ (void)close(spamd_cctx.sock); -if (sd->is_rspamd) - { /* rspamd variant of reply */ - int r; - if ( (r = sscanf(CS spamd_buffer, - "RSPAMD/%7s 0 EX_OK\r\nMetric: default; %7s %lf / %lf / %lf\r\n%n", - spamd_version, spamd_short_result, &spamd_score, &spamd_threshold, - &spamd_reject_score, &spamd_report_offset)) != 5 - || spamd_report_offset >= offset /* verify within buffer */ - ) - { - log_write(0, LOG_MAIN|LOG_PANIC, - "%s cannot parse spamd %s, output: %d", loglabel, callout_address, r); - return DEFER; - } - /* now parse action */ - p = &spamd_buffer[spamd_report_offset]; - - if (Ustrncmp(p, "Action: ", sizeof("Action: ") - 1) == 0) - { - p += sizeof("Action: ") - 1; - q = &spam_action_buffer[0]; - while (*p && *p != '\r' && (q - spam_action_buffer) < sizeof(spam_action_buffer) - 1) - *q++ = *p++; - *q = '\0'; - } - } -else { /* spamassassin */ /* dig in the spamd output and put the report in a multiline header, if requested */ @@ -557,8 +501,7 @@ else } } - Ustrcpy(spam_action_buffer, - spamd_score >= spamd_threshold ? "reject" : "no action"); + spam_action_buffer = spamd_score >= spamd_threshold ? US"reject" : US"no action"; } /* Create report. Since this is a multiline string, diff --git a/src/src/spam.h b/src/src/spam.h index 2fe73809e..9f6b749cc 100644 --- a/src/src/spam.h +++ b/src/src/spam.h @@ -27,7 +27,6 @@ typedef struct spamd_address_container { uschar * hostspec; - int is_rspamd:1; int is_failed:1; unsigned int weight; unsigned int timeout; diff --git a/test/confs/4003 b/test/confs/4003 deleted file mode 100644 index 1d00cc695..000000000 --- a/test/confs/4003 +++ /dev/null @@ -1,33 +0,0 @@ -# Exim test configuration 4003 -# Content-scan: rspamd interface - -.include DIR/aux-var/std_conf_prefix - -log_selector = +subject -primary_hostname = myhost.test.ex - -spamd_address = 127.0.0.1 11333 variant=rspamd - -# ----- Main settings ----- - -acl_smtp_rcpt = accept -acl_smtp_data = c_data - -begin acl - -c_data: - warn - spam = nobody - warn - log_message = $spam_action $spam_report - accept - -# ----- Routers ----- - -begin routers - -r: - driver = redirect - data = :blackhole: - -# End diff --git a/test/confs/4008 b/test/confs/4008 index 1ec1b85fe..e10c2c024 100644 --- a/test/confs/4008 +++ b/test/confs/4008 @@ -1,5 +1,5 @@ # Exim test configuration 4008 -# Content-scan: cmsline interface +# Content-scan: cmdline interface .include DIR/aux-var/std_conf_prefix diff --git a/test/log/4003 b/test/log/4003 deleted file mode 100644 index d8bbb9b18..000000000 --- a/test/log/4003 +++ /dev/null @@ -1,4 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER Warning: reject Action: reject\n Symbol: FAKE_SYMBOL_A(15.00)\n Symbol: FAKE_SYMBOL_B(0.00)\n Message-ID: undef -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => :blackhole: R=r -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/scripts/4000-scanning/4003 b/test/scripts/4000-scanning/4003 deleted file mode 100644 index e5a7c9492..000000000 --- a/test/scripts/4000-scanning/4003 +++ /dev/null @@ -1,51 +0,0 @@ -# content scan interface: rspamd -# -# The spooled file for scanning includes the test-runner's user name -# hence size varies. Munge that. -munge scanfile_size -# -server 11333 -RSPAMD/1.3 0 EX_OK ->Metric: default; True; 15.00 / 15.00 / 0.0 ->Action: reject ->Symbol: FAKE_SYMBOL_A(15.00) ->Symbol: FAKE_SYMBOL_B(0.00) ->Message-ID: undef -*eof -**** -exim -odi -bs -ehlo test.ex -mail from:<> -rcpt to: -data -From: MAILER_DAEMON <> -Content-type: text/plain - -test -. -quit -**** diff --git a/test/stdout/4003 b/test/stdout/4003 deleted file mode 100644 index afff4e4df..000000000 --- a/test/stdout/4003 +++ /dev/null @@ -1,47 +0,0 @@ -220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -250-myhost.test.ex Hello CALLER at test.ex -250-SIZE 52428800 -250-8BITMIME -250-PIPELINING -250 HELP -250 OK -250 Accepted -354 Enter message, ending with "." on a line by itself -250 OK id=10HmaX-0005vi-00 -221 myhost.test.ex closing connection - -******** SERVER ******** -Listening on port 11333 ... -Connection request from [127.0.0.1] - - - -) -< id 10HmaX-0005vi-00 -< for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 - - - -RSPAMD/1.3 0 EX_OK ->Metric: default; True; 15.00 / 15.00 / 0.0 ->Action: reject ->Symbol: FAKE_SYMBOL_A(15.00) ->Symbol: FAKE_SYMBOL_B(0.00) ->Message-ID: undef -Expected EOF read from client -End of script -- 2.25.1