search

spamhaus / rspamd-dqs

Spamhaus code for RSPAMD Plugin. See https://docs.spamhaustech.com/40-real-world-usage/Rspamd/000-intro.html for instructions
Apache License 2.0
61 stars 11 forks source link

Returncodes regexes. #3

Closed whataboutpereira closed 3 years ago

whataboutpereira commented 4 years ago

Hello!

I'm looking at the configurations and I've a question. I'm not 100% sure on how LUA regex work, but won't this also catch 127.0.0.22 for example?

SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.[2-4]+"];

ricalfieri commented 4 years ago

I've been told that regexes are not completely applicable to LUA, that's why I used that approach.

Since I'm not an expert in LUA and "this just works (tm)" if nobody can suggest a better way to do it I'll prefer the keep the rules as they are :)

whataboutpereira commented 4 years ago

I changed mine to:

          SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = [
            "127.0.2.2",
            "127.0.2.3",
            "127.0.2.4"
          ];
          SH_EMAIL_ZRD_FRESH_DOMAIN = [
            "127.0.2.[5-9]+",
            "127.0.2.1[0-9]+",
            "127.0.2.2[0-4]+"
          ];

Otherwise "127.0.2.[2-4]+" will catch 127.0.2.22, 127.0.2.23, 127.0.2.24 as well.

reinob commented 4 years ago

@whataboutpereira,

Nice catch. I'm not sure how LUA interprets the regex'es but if they work as one would expect then the maps related to ZRD are not correct. I have now changed all (spamhaus_zrd, SH_EMAIL_ZRD) to be like in ZRD, e.g.:

RBL_ZRD_VERY_FRESH_DOMAIN = [ "127.0.2.2", "127.0.2.3", "127.0.2.4" ]; RBL_ZRD_FRESH_DOMAIN = [ "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.1

Seems more intuitively correct, and you never know which new codes may get assigned in 127.0.2.X for other meanings.

whataboutpereira commented 4 years ago

It's unfortunate LUA regex doesn't support "127.0.2.[5-9]{1}"

ricalfieri commented 4 years ago

@whataboutpereira,

Nice catch. I'm not sure how LUA interprets the regex'es but if they work as one would expect then the maps related to ZRD are not correct. I have now changed all (spamhaus_zrd, SH_EMAIL_ZRD) to be like in ZRD, e.g.:

RBL_ZRD_VERY_FRESH_DOMAIN = [ "127.0.2.2", "127.0.2.3", "127.0.2.4" ]; RBL_ZRD_FRESH_DOMAIN = [ "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.1

Seems more intuitively correct, and you never know which new codes may get assigned in 127.0.2.X for other meanings.

Hi, can you confirm that this is woriking correctly in your installation? If so I'll replicate the changes

reinob commented 4 years ago

@ricalfieri,

I can't 100% confirm that it's working, as on the one hand it doesn't give any error or warning of any kind (good :), but on the other hand my server receives almost no spam, and most botnet-like spam is blocked by postscreen, which in my case only uses the ZEN blacklist, but seems to block almost everything (one could say, I have no use -- yet -- for things like ZRD or DBL).

In any case with the above (i.e. with a "linear" list instead of a regex, and notwithstanding the formatting mess github made of it) the possible error codes are better defined, so it feels more correct.

whataboutpereira commented 4 years ago

It absolutely must work 100% if you write out all the 24+1 IPs. :)

btw, I recall there was an error in the NO_IP_QUERY - it should start with 127.0.2 for ZRD instead of 127.0.1.