Restore rsmapd support

Following discussions on the exim-user mailinglist it seems that the conclusion
that the interface was nonfunctioning was unwarranted.

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 82e4dfaff40f31ec0608c6466e639e761f6aa205..9cddddde5e4f42974f4ef2ea8296f054286a2e8f 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -32266,14 +32266,20 @@ deny message = This message contains malware ($malware_name)
 .endd
 
 
 .endd
 
 

-.section "Scanning with SpamAssassin" "SECTscanspamass"
+.section "Scanning with SpamAssassin and Rspamd" "SECTscanspamass"

 .cindex "content scanning" "for spam"
 .cindex "spam scanning"
 .cindex "SpamAssassin"
 .cindex "content scanning" "for spam"
 .cindex "spam scanning"
 .cindex "SpamAssassin"

+.cindex "Rspamd"

 The &%spam%& ACL condition calls SpamAssassin's &%spamd%& daemon to get a spam
 The &%spam%& ACL condition calls SpamAssassin's &%spamd%& daemon to get a spam

-score and a report for the message. You can get SpamAssassin at
-&url(http://www.spamassassin.org), or, if you have a working Perl
-installation, you can use CPAN by running:
+score and a report for the message.
+Support is also provided for Rspamd.
+
+For more information about installation and configuration of SpamAssassin or
+Rspamd refer to their respective websites at
+&url(http://spamassassin.apache.org) and &url(http://www.rspamd.com)
+
+SpamAssassin can be installed with CPAN by running:

 .code
 perl -MCPAN -e 'install Mail::SpamAssassin'
 .endd
 .code
 perl -MCPAN -e 'install Mail::SpamAssassin'
 .endd


@@ -32299,6 +32305,14 @@ server (currently defaulting to 120s).  With a lower value the Linux
 connection tracking may consider your half-closed connection as dead too
 soon.
 
 connection tracking may consider your half-closed connection as dead too
 soon.
 

+
+To use Rspamd (which by default listens on all local addresses
+on TCP port 11333)
+you should add &%variant=rspamd%& after the address/port pair, for example:
+.code
+spamd_address = 127.0.0.1 11333 variant=rspamd
+.endd
+

 As of version 2.60, &%SpamAssassin%& also supports communication over UNIX
 sockets. If you want to us these, supply &%spamd_address%& with an absolute
 file name instead of an address/port pair:
 As of version 2.60, &%SpamAssassin%& also supports communication over UNIX
 sockets. If you want to us these, supply &%spamd_address%& with an absolute
 file name instead of an address/port pair:


@@ -32383,7 +32397,8 @@ The right-hand side of the &%spam%& condition specifies a name. This is
 relevant if you have set up multiple SpamAssassin profiles. If you do not want
 to scan using a specific profile, but rather use the SpamAssassin system-wide
 default profile, you can scan for an unknown name, or simply use &"nobody"&.
 relevant if you have set up multiple SpamAssassin profiles. If you do not want
 to scan using a specific profile, but rather use the SpamAssassin system-wide
 default profile, you can scan for an unknown name, or simply use &"nobody"&.

-However, you must put something on the right-hand side.
+Rspamd does not use this setting. However, you must put something on the
+right-hand side.

 
 The name allows you to use per-domain or per-user antispam profiles in
 principle, but this is not straightforward in practice, because a message may
 
 The name allows you to use per-domain or per-user antispam profiles in
 principle, but this is not straightforward in practice, because a message may


@@ -32452,8 +32467,10 @@ when running in country-specific locales, which are not legal
 unencoded in headers.
 
 .vitem &$spam_action$&
 unencoded in headers.
 
 .vitem &$spam_action$&

-Either 'reject' or 'no action' depending on the
+For SpamAssassin either 'reject' or 'no action' depending on the

 spam score versus threshold.
 spam score versus threshold.

+For Rspamd, the recommended action.
+

 .endlist
 
 The &%spam%& condition caches its results unless expansion in
 .endlist
 
 The &%spam%& condition caches its results unless expansion in

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 58b82bdddffa74f734271b814856d5ecf3a4578f..754f48b15253ba0fcbab9fb0cb0cdd49d4aed202 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -72,13 +72,10 @@ JH/15 Rework TLS client-side context management.  Stop using a global, and
       explicitly pass a context around.  This enables future use of TLS for
       connections to service-daemons (eg. malware scanning) while a client smtp
       connection is using TLS; with cutthrough connections this is quite likely.
       explicitly pass a context around.  This enables future use of TLS for
       connections to service-daemons (eg. malware scanning) while a client smtp
       connection is using TLS; with cutthrough connections this is quite likely.

-JH/15 Support for Rspamd, as a variant of the "spam" ACL condition used for
-      connecting to a SpamAssassain "spamd" daemon for content scanning, is
-      removed.  Following changes to the protocol used for communication with
-      Rspamd it was apparently inoperable.

 
 JH/16 Fix ARC verification to do AS checks in reverse order.
 
 JH/16 Fix ARC verification to do AS checks in reverse order.

-JH/16 Support a "tls" option on the ${readsocket } expansion item.
+
+JH/17 Support a "tls" option on the ${readsocket } expansion item.

 
 
 Exim version 4.91
 
 
 Exim version 4.91

diff --git a/src/README.UPDATING b/src/README.UPDATING
index 11cd0ba441208695217c0b1f6535e5b3e67b41cb..2438cc953fb20443bb1ea5501bbfb9d17dc8bf60 100644 (file)
--- a/src/README.UPDATING
+++ b/src/README.UPDATING
@@ -34,8 +34,6 @@ Exim version 4.92
    is limited to one retry unless the (new) config option dns_cname_loops
    is changed.
 
    is limited to one retry unless the (new) config option dns_cname_loops
    is changed.
 

- * Support for Rspamd has been removed.
-

 Exim version 4.91
 -----------------
 
 Exim version 4.91
 -----------------
 

diff --git a/src/src/spam.c b/src/src/spam.c
index db6cf8495719a6a054e934bc50184fd56a076c0c..9384bfa0dc120a65dc315e6b57b4c6178d7a7352 100644 (file)
--- a/src/src/spam.c
+++ b/src/src/spam.c
@@ -16,7 +16,7 @@
 uschar spam_score_buffer[16];
 uschar spam_score_int_buffer[16];
 uschar spam_bar_buffer[128];
 uschar spam_score_buffer[16];
 uschar spam_score_int_buffer[16];
 uschar spam_bar_buffer[128];

-uschar * spam_action_buffer;
+uschar spam_action_buffer[32];

 uschar spam_report_buffer[32600];
 uschar prev_user_name[128] = "";
 int spam_ok = 0;
 uschar spam_report_buffer[32600];
 uschar prev_user_name[128] = "";
 int spam_ok = 0;


@@ -30,6 +30,7 @@ static int
 spamd_param_init(spamd_address_container *spamd)
 {
 /* default spamd server weight, time and priority value */
 spamd_param_init(spamd_address_container *spamd)
 {
 /* default spamd server weight, time and priority value */

+spamd->is_rspamd = FALSE;

 spamd->is_failed = FALSE;
 spamd->weight = SPAMD_WEIGHT;
 spamd->timeout = SPAMD_TIMEOUT;
 spamd->is_failed = FALSE;
 spamd->weight = SPAMD_WEIGHT;
 spamd->timeout = SPAMD_TIMEOUT;


@@ -94,6 +95,12 @@ if (Ustrncmp(param, "time=", 5) == 0)
   return 0; /* OK */
   }
 
   return 0; /* OK */
   }
 

+if (Ustrcmp(param, "variant=rspamd") == 0)
+  {
+  spamd->is_rspamd = TRUE;
+  return 0;
+  }
+

 if (Ustrncmp(param, "tmo=", 4) == 0)
   {
   int sec = readconf_readtime((s = param+4), '\0', FALSE);
 if (Ustrncmp(param, "tmo=", 4) == 0)
   {
   int sec = readconf_readtime((s = param+4), '\0', FALSE);


@@ -361,15 +368,42 @@ start = time(NULL);
   }
 
 (void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);
   }
 
 (void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);

-/* now we are connected to spamd on spamd_sock */
-
-(void)string_format(spamd_buffer,
-       sizeof(spamd_buffer),
-       "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
-       user_name,
-       mbox_size);
-/* send our request */
-wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0);
+/* now we are connected to spamd on spamd_cctx.sock */
+if (sd->is_rspamd)
+  {
+  gstring * req_str;
+  const uschar * s;
+
+  req_str = string_append(NULL, 8,
+    "CHECK RSPAMC/1.3\r\nContent-length: ", string_sprintf("%lu\r\n", mbox_size),
+    "Queue-Id: ", message_id,
+    "\r\nFrom: <", sender_address,
+    ">\r\nRecipient-Number: ", string_sprintf("%d\r\n", recipients_count));
+
+  for (i = 0; i < recipients_count; i ++)
+    req_str = string_append(req_str, 3,
+      "Rcpt: <", recipients_list[i].address, ">\r\n");
+  if ((s = expand_string(US"$sender_helo_name")) && *s)
+    req_str = string_append(req_str, 3, "Helo: ", s, "\r\n");
+  if ((s = expand_string(US"$sender_host_name")) && *s)
+    req_str = string_append(req_str, 3, "Hostname: ", s, "\r\n");
+  if (sender_host_address)
+    req_str = string_append(req_str, 3, "IP: ", sender_host_address, "\r\n");
+  if ((s = expand_string(US"$authenticated_id")) && *s)
+    req_str = string_append(req_str, 3, "User: ", s, "\r\n");
+  req_str = string_catn(req_str, US"\r\n", 2);
+  wrote = send(spamd_cctx.sock, req_str->s, req_str->ptr, 0);
+  }
+else
+  {                            /* spamassassin variant */
+  (void)string_format(spamd_buffer,
+         sizeof(spamd_buffer),
+         "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
+         user_name,
+         mbox_size);
+  /* send our request */
+  wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0);
+  }

 
 if (wrote == -1)
   {
 
 if (wrote == -1)
   {


@@ -393,6 +427,7 @@ if (wrote == -1)
 pollfd.fd = spamd_cctx.sock;
 pollfd.events = POLLOUT;
 #endif
 pollfd.fd = spamd_cctx.sock;
 pollfd.events = POLLOUT;
 #endif

+(void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);

 do
   {
   read = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file);
 do
   {
   read = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file);


@@ -459,7 +494,8 @@ if (ferror(mbox_file))
 (void)fclose(mbox_file);
 
 /* we're done sending, close socket for writing */
 (void)fclose(mbox_file);
 
 /* we're done sending, close socket for writing */

-shutdown(spamd_cctx.sock, SHUT_WR);
+if (!sd->is_rspamd)
+  shutdown(spamd_cctx.sock,SHUT_WR);

 
 /* read spamd response using what's left of the timeout.  */
 memset(spamd_buffer, 0, sizeof(spamd_buffer));
 
 /* read spamd response using what's left of the timeout.  */
 memset(spamd_buffer, 0, sizeof(spamd_buffer));


@@ -483,6 +519,33 @@ if (i <= 0 && errno != 0)
 /* reading done */
 (void)close(spamd_cctx.sock);
 
 /* reading done */
 (void)close(spamd_cctx.sock);
 

+if (sd->is_rspamd)
+  {                            /* rspamd variant of reply */
+  int r;
+  if (  (r = sscanf(CS spamd_buffer,
+         "RSPAMD/%7s 0 EX_OK\r\nMetric: default; %7s %lf / %lf / %lf\r\n%n",
+         spamd_version, spamd_short_result, &spamd_score, &spamd_threshold,
+         &spamd_reject_score, &spamd_report_offset)) != 5
+     || spamd_report_offset >= offset          /* verify within buffer */
+     )
+    {
+    log_write(0, LOG_MAIN|LOG_PANIC,
+             "%s cannot parse spamd %s, output: %d", loglabel, callout_address, r);
+    return DEFER;
+    }
+  /* now parse action */
+  p = &spamd_buffer[spamd_report_offset];
+
+  if (Ustrncmp(p, "Action: ", sizeof("Action: ") - 1) == 0)
+    {
+    p += sizeof("Action: ") - 1;
+    q = &spam_action_buffer[0];
+    while (*p && *p != '\r' && (q - spam_action_buffer) < sizeof(spam_action_buffer) - 1)
+      *q++ = *p++;
+    *q = '\0';
+    }
+  }
+else

   {                            /* spamassassin */
   /* dig in the spamd output and put the report in a multiline header,
   if requested */
   {                            /* spamassassin */
   /* dig in the spamd output and put the report in a multiline header,
   if requested */


@@ -501,7 +564,8 @@ if (i <= 0 && errno != 0)
        }
     }
 
        }
     }
 

-  spam_action_buffer = spamd_score >= spamd_threshold ? US"reject" : US"no action";
+  Ustrcpy(spam_action_buffer,
+    spamd_score >= spamd_threshold ? "reject" : "no action");

   }
 
 /* Create report. Since this is a multiline string,
   }
 
 /* Create report. Since this is a multiline string,

diff --git a/src/src/spam.h b/src/src/spam.h
index 9f6b749ccd3d97b2703dc400993a6a976483dcde..2fe73809ef5703f9ee78dfd03b673091827a8991 100644 (file)
--- a/src/src/spam.h
+++ b/src/src/spam.h
@@ -27,6 +27,7 @@
 typedef struct spamd_address_container
 {
   uschar * hostspec;
 typedef struct spamd_address_container
 {
   uschar * hostspec;

+  int is_rspamd:1;

   int is_failed:1;
   unsigned int weight;
   unsigned int timeout;
   int is_failed:1;
   unsigned int weight;
   unsigned int timeout;

diff --git a/test/src/server.c b/test/src/server.c
index 719350c15b47237d64264f0986356891aa9d741a..d433ebe0e0331f1f0cbd4fb04027eb99d9249568 100644 (file)
--- a/test/src/server.c
+++ b/test/src/server.c
@@ -519,6 +519,11 @@ s = script;
 
 for (count = 0; count < connection_count; count++)
   {
 
 for (count = 0; count < connection_count; count++)
   {

+  struct {
+    int left;
+    BOOL in_use;
+  } content_length = { 0, FALSE };
+

   alarm(timeout);
   if (port <= 0)
     {
   alarm(timeout);
   if (port <= 0)
     {


@@ -729,6 +734,7 @@ for (count = 0; count < connection_count; count++)
 
        alarm(timeout);
        n = read(dup_accept_socket, CS buffer+offset, s->len - offset);
 
        alarm(timeout);
        n = read(dup_accept_socket, CS buffer+offset, s->len - offset);

+       if (content_length.in_use) content_length.left -= n;

        if (n == 0)
          {
          printf("%sxpected EOF read from client\n",
        if (n == 0)
          {
          printf("%sxpected EOF read from client\n",


@@ -746,8 +752,9 @@ for (count = 0; count < connection_count; count++)
        if (data) do
          {
          n = (read(dup_accept_socket, &c, 1) == 1 && c == '.');
        if (data) do
          {
          n = (read(dup_accept_socket, &c, 1) == 1 && c == '.');

+         if (content_length.in_use) content_length.left--;

          while (c != '\n' && read(dup_accept_socket, &c, 1) == 1)
          while (c != '\n' && read(dup_accept_socket, &c, 1) == 1)

-           ;
+            if (content_length.in_use) content_length.left--;

          } while (!n);
        else if (memcmp(ss, buffer, n) != 0)
          {
          } while (!n);
        else if (memcmp(ss, buffer, n) != 0)
          {


@@ -770,7 +777,8 @@ for (count = 0; count < connection_count; count++)
            goto END_OFF;
            }
          alarm(0);
            goto END_OFF;
            }
          alarm(0);

-         n = (int)strlen(CS buffer);
+         n = strlen(CS buffer);
+         if (content_length.in_use) content_length.left -= (n - offset);

          while (n > 0 && isspace(buffer[n-1])) n--;
          buffer[n] = 0;
          printf("%s\n", buffer);
          while (n > 0 && isspace(buffer[n-1])) n--;
          buffer[n] = 0;
          printf("%s\n", buffer);


@@ -784,6 +792,11 @@ for (count = 0; count < connection_count; count++)
          break;
          }
        }
          break;
          }
        }

+
+       if (sscanf(CCS buffer, "<Content-length: %d", &content_length.left))
+                 content_length.in_use = TRUE;
+       if (content_length.in_use && content_length.left <= 0)
+         shutdown(dup_accept_socket, SHUT_RD);

       }
     }
 
       }
     }