projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised"
[exim.git] / src / src / spam.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015
6 * License: GPL
7 * Copyright (c) The Exim Maintainers 2016 - 2018
8 */
9
10 /* Code for calling spamassassin's spamd. Called from acl.c. */
11
12 #include "exim.h"
13 #ifdef WITH_CONTENT_SCAN
14 #include "spam.h"
15
16 uschar spam_score_buffer[16];
17 uschar spam_score_int_buffer[16];
18 uschar spam_bar_buffer[128];
19 uschar * spam_action_buffer;
20 uschar spam_report_buffer[32600];
21 uschar prev_user_name[128] = "";
22 int spam_ok = 0;
23 int spam_rc = 0;
24 uschar *prev_spamd_address_work = NULL;
25
26 static const uschar * loglabel = US"spam acl condition:";
27
28
29 static int
30 spamd_param_init(spamd_address_container *spamd)
31 {
32 /* default spamd server weight, time and priority value */
33 spamd->is_failed = FALSE;
34 spamd->weight = SPAMD_WEIGHT;
35 spamd->timeout = SPAMD_TIMEOUT;
36 spamd->retry = 0;
37 spamd->priority = 1;
38 return 0;
39 }
40
41
42 static int
43 spamd_param(const uschar * param, spamd_address_container * spamd)
44 {
45 static int timesinceday = -1;
46 const uschar * s;
47 const uschar * name;
48
49 /*XXX more clever parsing could discard embedded spaces? */
50
51 if (sscanf(CCS param, "pri=%u", &spamd->priority))
52 return 0; /* OK */
53
54 if (sscanf(CCS param, "weight=%u", &spamd->weight))
55 {
56 if (spamd->weight == 0) /* this server disabled: skip it */
57 return 1;
58 return 0; /* OK */
59 }
60
61 if (Ustrncmp(param, "time=", 5) == 0)
62 {
63 unsigned int start_h = 0, start_m = 0, start_s = 0;
64 unsigned int end_h = 24, end_m = 0, end_s = 0;
65 unsigned int time_start, time_end;
66 const uschar * end_string;
67
68 name = US"time";
69 s = param+5;
70 if ((end_string = Ustrchr(s, '-')))
71 {
72 end_string++;
73 if ( sscanf(CS end_string, "%u.%u.%u", &end_h, &end_m, &end_s) == 0
74 || sscanf(CS s, "%u.%u.%u", &start_h, &start_m, &start_s) == 0
75 )
76 goto badval;
77 }
78 else
79 goto badval;
80
81 if (timesinceday < 0)
82 {
83 time_t now = time(NULL);
84 struct tm *tmp = localtime(&now);
85 timesinceday = tmp->tm_hour*3600 + tmp->tm_min*60 + tmp->tm_sec;
86 }
87
88 time_start = start_h*3600 + start_m*60 + start_s;
89 time_end = end_h*3600 + end_m*60 + end_s;
90
91 if (timesinceday < time_start || timesinceday >= time_end)
92 return 1; /* skip spamd server */
93
94 return 0; /* OK */
95 }
96
97 if (Ustrncmp(param, "tmo=", 4) == 0)
98 {
99 int sec = readconf_readtime((s = param+4), '\0', FALSE);
100 name = US"timeout";
101 if (sec < 0)
102 goto badval;
103 spamd->timeout = sec;
104 return 0;
105 }
106
107 if (Ustrncmp(param, "retry=", 6) == 0)
108 {
109 int sec = readconf_readtime((s = param+6), '\0', FALSE);
110 name = US"retry";
111 if (sec < 0)
112 goto badval;
113 spamd->retry = sec;
114 return 0;
115 }
116
117 log_write(0, LOG_MAIN, "%s warning - invalid spamd parameter: '%s'",
118 loglabel, param);
119 return -1; /* syntax error */
120
121 badval:
122 log_write(0, LOG_MAIN,
123 "%s warning - invalid spamd %s value: '%s'", loglabel, name, s);
124 return -1; /* syntax error */
125 }
126
127
128 static int
129 spamd_get_server(spamd_address_container ** spamds, int num_servers)
130 {
131 unsigned int i;
132 spamd_address_container * sd;
133 long rnd, weights;
134 unsigned pri;
135 static BOOL srandomed = FALSE;
136
137 /* speedup, if we have only 1 server */
138 if (num_servers == 1)
139 return (spamds[0]->is_failed ? -1 : 0);
140
141 /* init ranmod */
142 if (!srandomed)
143 {
144 struct timeval tv;
145 gettimeofday(&tv, NULL);
146 srandom((unsigned int)(tv.tv_usec/1000));
147 srandomed = TRUE;
148 }
149
150 /* scan for highest pri */
151 for (pri = 0, i = 0; i < num_servers; i++)
152 {
153 sd = spamds[i];
154 if (!sd->is_failed && sd->priority > pri) pri = sd->priority;
155 }
156
157 /* get sum of weights */
158 for (weights = 0, i = 0; i < num_servers; i++)
159 {
160 sd = spamds[i];
161 if (!sd->is_failed && sd->priority == pri) weights += sd->weight;
162 }
163 if (weights == 0) /* all servers failed */
164 return -1;
165
166 for (rnd = random() % weights, i = 0; i < num_servers; i++)
167 {
168 sd = spamds[i];
169 if (!sd->is_failed && sd->priority == pri)
170 if ((rnd -= sd->weight) <= 0)
171 return i;
172 }
173
174 log_write(0, LOG_MAIN|LOG_PANIC,
175 "%s unknown error (memory/cpu corruption?)", loglabel);
176 return -1;
177 }
178
179
180 int
181 spam(const uschar **listptr)
182 {
183 int sep = 0;
184 const uschar *list = *listptr;
185 uschar *user_name;
186 uschar user_name_buffer[128];
187 unsigned long mbox_size;
188 FILE *mbox_file;
189 client_conn_ctx spamd_cctx = {.sock = -1};
190 uschar spamd_buffer[32600];
191 int i, j, offset, result;
192 uschar spamd_version[8];
193 uschar spamd_short_result[8];
194 uschar spamd_score_char;
195 double spamd_threshold, spamd_score, spamd_reject_score;
196 int spamd_report_offset;
197 uschar *p,*q;
198 int override = 0;
199 time_t start;
200 size_t read, wrote;
201 #ifndef NO_POLL_H
202 struct pollfd pollfd;
203 #else /* Patch posted by Erik ? for OS X */
204 struct timeval select_tv; /* and applied by PH */
205 fd_set select_fd;
206 #endif
207 uschar *spamd_address_work;
208 spamd_address_container * sd;
209
210 /* stop compiler warning */
211 result = 0;
212
213 /* find the username from the option list */
214 if ((user_name = string_nextinlist(&list, &sep,
215 user_name_buffer,
216 sizeof(user_name_buffer))) == NULL)
217 {
218 /* no username given, this means no scanning should be done */
219 return FAIL;
220 }
221
222 /* if username is "0" or "false", do not scan */
223 if ( (Ustrcmp(user_name,"0") == 0) ||
224 (strcmpic(user_name,US"false") == 0) )
225 return FAIL;
226
227 /* if there is an additional option, check if it is "true" */
228 if (strcmpic(list,US"true") == 0)
229 /* in that case, always return true later */
230 override = 1;
231
232 /* expand spamd_address if needed */
233 if (*spamd_address == '$')
234 {
235 spamd_address_work = expand_string(spamd_address);
236 if (spamd_address_work == NULL)
237 {
238 log_write(0, LOG_MAIN|LOG_PANIC,
239 "%s spamd_address starts with $, but expansion failed: %s",
240 loglabel, expand_string_message);
241 return DEFER;
242 }
243 }
244 else
245 spamd_address_work = spamd_address;
246
247 DEBUG(D_acl) debug_printf_indent("spamd: addrlist '%s'\n", spamd_address_work);
248
249 /* check if previous spamd_address was expanded and has changed. dump cached results if so */
250 if ( spam_ok
251 && prev_spamd_address_work != NULL
252 && Ustrcmp(prev_spamd_address_work, spamd_address_work) != 0
253 )
254 spam_ok = 0;
255
256 /* if we scanned for this username last time, just return */
257 if (spam_ok && Ustrcmp(prev_user_name, user_name) == 0)
258 return override ? OK : spam_rc;
259
260 /* make sure the eml mbox file is spooled up */
261
262 if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
263 { /* error while spooling */
264 log_write(0, LOG_MAIN|LOG_PANIC,
265 "%s error while creating mbox spool file", loglabel);
266 return DEFER;
267 }
268
269 start = time(NULL);
270
271 {
272 int num_servers = 0;
273 int current_server;
274 uschar * address;
275 const uschar * spamd_address_list_ptr = spamd_address_work;
276 spamd_address_container * spamd_address_vector[32];
277
278 /* Check how many spamd servers we have
279 and register their addresses */
280 sep = 0; /* default colon-sep */
281 while ((address = string_nextinlist(&spamd_address_list_ptr, &sep, NULL, 0)))
282 {
283 const uschar * sublist;
284 int sublist_sep = -(int)' '; /* default space-sep */
285 unsigned args;
286 uschar * s;
287
288 DEBUG(D_acl) debug_printf_indent("spamd: addr entry '%s'\n", address);
289 sd = (spamd_address_container *)store_get(sizeof(spamd_address_container));
290
291 for (sublist = address, args = 0, spamd_param_init(sd);
292 (s = string_nextinlist(&sublist, &sublist_sep, NULL, 0));
293 args++
294 )
295 {
296 DEBUG(D_acl) debug_printf_indent("spamd: addr parm '%s'\n", s);
297 switch (args)
298 {
299 case 0: sd->hostspec = s;
300 if (*s == '/') args++; /* local; no port */
301 break;
302 case 1: sd->hostspec = string_sprintf("%s %s", sd->hostspec, s);
303 break;
304 default: spamd_param(s, sd);
305 break;
306 }
307 }
308 if (args < 2)
309 {
310 log_write(0, LOG_MAIN,
311 "%s warning - invalid spamd address: '%s'", loglabel, address);
312 continue;
313 }
314
315 spamd_address_vector[num_servers] = sd;
316 if (++num_servers > 31)
317 break;
318 }
319
320 /* check if we have at least one server */
321 if (!num_servers)
322 {
323 log_write(0, LOG_MAIN|LOG_PANIC,
324 "%s no useable spamd server addresses in spamd_address configuration option.",
325 loglabel);
326 goto defer;
327 }
328
329 current_server = spamd_get_server(spamd_address_vector, num_servers);
330 sd = spamd_address_vector[current_server];
331 for(;;)
332 {
333 uschar * errstr;
334
335 DEBUG(D_acl) debug_printf_indent("spamd: trying server %s\n", sd->hostspec);
336
337 for (;;)
338 {
339 /*XXX could potentially use TFO early-data here */
340 if ( (spamd_cctx.sock = ip_streamsocket(sd->hostspec, &errstr, 5)) >= 0
341 || sd->retry <= 0
342 )
343 break;
344 DEBUG(D_acl) debug_printf_indent("spamd: server %s: retry conn\n", sd->hostspec);
345 while (sd->retry > 0) sd->retry = sleep(sd->retry);
346 }
347 if (spamd_cctx.sock >= 0)
348 break;
349
350 log_write(0, LOG_MAIN, "%s spamd: %s", loglabel, errstr);
351 sd->is_failed = TRUE;
352
353 current_server = spamd_get_server(spamd_address_vector, num_servers);
354 if (current_server < 0)
355 {
356 log_write(0, LOG_MAIN|LOG_PANIC, "%s all spamd servers failed", loglabel);
357 goto defer;
358 }
359 sd = spamd_address_vector[current_server];
360 }
361 }
362
363 (void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);
364 /* now we are connected to spamd on spamd_sock */
365
366 (void)string_format(spamd_buffer,
367 sizeof(spamd_buffer),
368 "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
369 user_name,
370 mbox_size);
371 /* send our request */
372 wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0);
373
374 if (wrote == -1)
375 {
376 (void)close(spamd_cctx.sock);
377 log_write(0, LOG_MAIN|LOG_PANIC,
378 "%s spamd %s send failed: %s", loglabel, callout_address, strerror(errno));
379 goto defer;
380 }
381
382 /* now send the file */
383 /* spamd sometimes accepts connections but doesn't read data off
384 * the connection. We make the file descriptor non-blocking so
385 * that the write will only write sufficient data without blocking
386 * and we poll the descriptor to make sure that we can write without
387 * blocking. Short writes are gracefully handled and if the whole
388 * transaction takes too long it is aborted.
389 * Note: poll() is not supported in OSX 10.2 and is reported to be
390 * broken in more recent versions (up to 10.4).
391 */
392 #ifndef NO_POLL_H
393 pollfd.fd = spamd_cctx.sock;
394 pollfd.events = POLLOUT;
395 #endif
396 do
397 {
398 read = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file);
399 if (read > 0)
400 {
401 offset = 0;
402 again:
403 #ifndef NO_POLL_H
404 result = poll(&pollfd, 1, 1000);
405
406 /* Patch posted by Erik ? for OS X and applied by PH */
407 #else
408 select_tv.tv_sec = 1;
409 select_tv.tv_usec = 0;
410 FD_ZERO(&select_fd);
411 FD_SET(spamd_cctx.sock, &select_fd);
412 result = select(spamd_cctx.sock+1, NULL, &select_fd, NULL, &select_tv);
413 #endif
414 /* End Erik's patch */
415
416 if (result == -1 && errno == EINTR)
417 goto again;
418 else if (result < 1)
419 {
420 if (result == -1)
421 log_write(0, LOG_MAIN|LOG_PANIC,
422 "%s %s on spamd %s socket", loglabel, callout_address, strerror(errno));
423 else
424 {
425 if (time(NULL) - start < sd->timeout)
426 goto again;
427 log_write(0, LOG_MAIN|LOG_PANIC,
428 "%s timed out writing spamd %s, socket", loglabel, callout_address);
429 }
430 (void)close(spamd_cctx.sock);
431 goto defer;
432 }
433
434 wrote = send(spamd_cctx.sock,spamd_buffer + offset,read - offset,0);
435 if (wrote == -1)
436 {
437 log_write(0, LOG_MAIN|LOG_PANIC,
438 "%s %s on spamd %s socket", loglabel, callout_address, strerror(errno));
439 (void)close(spamd_cctx.sock);
440 goto defer;
441 }
442 if (offset + wrote != read)
443 {
444 offset += wrote;
445 goto again;
446 }
447 }
448 }
449 while (!feof(mbox_file) && !ferror(mbox_file));
450
451 if (ferror(mbox_file))
452 {
453 log_write(0, LOG_MAIN|LOG_PANIC,
454 "%s error reading spool file: %s", loglabel, strerror(errno));
455 (void)close(spamd_cctx.sock);
456 goto defer;
457 }
458
459 (void)fclose(mbox_file);
460
461 /* we're done sending, close socket for writing */
462 shutdown(spamd_cctx.sock, SHUT_WR);
463
464 /* read spamd response using what's left of the timeout. */
465 memset(spamd_buffer, 0, sizeof(spamd_buffer));
466 offset = 0;
467 while ((i = ip_recv(&spamd_cctx,
468 spamd_buffer + offset,
469 sizeof(spamd_buffer) - offset - 1,
470 sd->timeout - time(NULL) + start)) > 0)
471 offset += i;
472 spamd_buffer[offset] = '\0'; /* guard byte */
473
474 /* error handling */
475 if (i <= 0 && errno != 0)
476 {
477 log_write(0, LOG_MAIN|LOG_PANIC,
478 "%s error reading from spamd %s, socket: %s", loglabel, callout_address, strerror(errno));
479 (void)close(spamd_cctx.sock);
480 return DEFER;
481 }
482
483 /* reading done */
484 (void)close(spamd_cctx.sock);
485
486 { /* spamassassin */
487 /* dig in the spamd output and put the report in a multiline header,
488 if requested */
489 if (sscanf(CS spamd_buffer,
490 "SPAMD/%7s 0 EX_OK\r\nContent-length: %*u\r\n\r\n%lf/%lf\r\n%n",
491 spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3)
492 {
493 /* try to fall back to pre-2.50 spamd output */
494 if (sscanf(CS spamd_buffer,
495 "SPAMD/%7s 0 EX_OK\r\nSpam: %*s ; %lf / %lf\r\n\r\n%n",
496 spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3)
497 {
498 log_write(0, LOG_MAIN|LOG_PANIC,
499 "%s cannot parse spamd %s output", loglabel, callout_address);
500 return DEFER;
501 }
502 }
503
504 spam_action_buffer = spamd_score >= spamd_threshold ? US"reject" : US"no action";
505 }
506
507 /* Create report. Since this is a multiline string,
508 we must hack it into shape first */
509 p = &spamd_buffer[spamd_report_offset];
510 q = spam_report_buffer;
511 while (*p != '\0')
512 {
513 /* skip \r */
514 if (*p == '\r')
515 {
516 p++;
517 continue;
518 }
519 *q++ = *p;
520 if (*p++ == '\n')
521 {
522 /* add an extra space after the newline to ensure
523 that it is treated as a header continuation line */
524 *q++ = ' ';
525 }
526 }
527 /* NULL-terminate */
528 *q-- = '\0';
529 /* cut off trailing leftovers */
530 while (*q <= ' ')
531 *q-- = '\0';
532
533 spam_report = spam_report_buffer;
534 spam_action = spam_action_buffer;
535
536 /* create spam bar */
537 spamd_score_char = spamd_score > 0 ? '+' : '-';
538 j = abs((int)(spamd_score));
539 i = 0;
540 if (j != 0)
541 while ((i < j) && (i <= MAX_SPAM_BAR_CHARS))
542 spam_bar_buffer[i++] = spamd_score_char;
543 else
544 {
545 spam_bar_buffer[0] = '/';
546 i = 1;
547 }
548 spam_bar_buffer[i] = '\0';
549 spam_bar = spam_bar_buffer;
550
551 /* create "float" spam score */
552 (void)string_format(spam_score_buffer, sizeof(spam_score_buffer),
553 "%.1f", spamd_score);
554 spam_score = spam_score_buffer;
555
556 /* create "int" spam score */
557 j = (int)((spamd_score + 0.001)*10);
558 (void)string_format(spam_score_int_buffer, sizeof(spam_score_int_buffer),
559 "%d", j);
560 spam_score_int = spam_score_int_buffer;
561
562 /* compare threshold against score */
563 spam_rc = spamd_score >= spamd_threshold
564 ? OK /* spam as determined by user's threshold */
565 : FAIL; /* not spam */
566
567 /* remember expanded spamd_address if needed */
568 if (spamd_address_work != spamd_address)
569 prev_spamd_address_work = string_copy(spamd_address_work);
570
571 /* remember user name and "been here" for it */
572 Ustrcpy(prev_user_name, user_name);
573 spam_ok = 1;
574
575 return override
576 ? OK /* always return OK, no matter what the score */
577 : spam_rc;
578
579 defer:
580 (void)fclose(mbox_file);
581 return DEFER;
582 }
583
584 #endif
585 /* vi: aw ai sw=2
586 */
Unnamed repository; edit this file 'description' to name the repository.