Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Comments

adjust should_check logic, extend to spamassassin#2564

Merged
KingNoosh merged 4 commits intoharaka:masterfrom
msimerson:should-check
Dec 19, 2018
Merged

adjust should_check logic, extend to spamassassin#2564
KingNoosh merged 4 commits intoharaka:masterfrom
msimerson:should-check

Conversation

@msimerson
Copy link
Member

@msimerson msimerson commented Dec 12, 2018
edited
Loading

I need a mechanism to skip spamassassin checks for IP based relaying clients. Haraka already has similar mechanisms for this in rspamd and clamd via their check config settings and the should_check() function. This PR (and rspamd #13) extends should_check() to support relay clients.

Aside: auth clients are relaying clients, but relay might also be set by other plugins, such as IP lists in the relay plugin.

Changes proposed in this pull request:

  • adjust should_check logic to be flow-through
    • easier to read/parse/grok and extend
    • shows if a connection was skipped for more than one reason
  • copy should_check() to spamassassin
  • early_talker had similar inline checks which I refactored into should_check()

related to #2551 (skip early_talker if +karma)
related to haraka/haraka-plugin-rspamd#13
related to #2533 (add clamd skip options)

It might be useful to abstract should_check() into plugin.js and have a "standard" set of config settings that each plugin can skip processing for. At present, we have:

[check]
;authenticated=false
;relay=false
;private_ip=false
;local_ip=false

The early_talker plugin also has karma as a criteria, which could be useful elsewhere as well.

Checklist:

  • docs updated
  • tests updated
  • Changes updated

@msimerson
adjust should_check logic, extend to spamassassin
5a6b556 
- shows if a connection was skipped for more than one reason

related to haraka#2551
@msimerson
update Changes
9adc06c
@msimerson
update Changes
716e9fe
@msimerson
Copy link
Member Author

msimerson commented Dec 14, 2018

@analogic , do you have an opinion on the switch to this "flow through" style of logic for should_skip()? Specifically, does it make it easier to reason about what will happen? Is it easier to maintain (alter/extend)?

exports.should_check = function (connection) {
     const plugin = this;

     let result = true;  // default

     if (plugin.cfg.check.authenticated == false && connection.notes.auth_user) {
         connection.transaction.results.add(plugin, { skip: 'authed'});
         result = false;
     }

     if (plugin.cfg.check.relay == false && connection.relaying) {
         connection.transaction.results.add(plugin, { skip: 'relay'});
         result = false;
     }

     if (plugin.cfg.check.local_ip == false && connection.remote.is_local) {
         connection.transaction.results.add(plugin, { skip: 'local_ip'});
         result = false;
     }

     if (plugin.cfg.check.private_ip == false && connection.remote.is_private) {
         if (plugin.cfg.check.local_ip == true && connection.remote.is_local) {
             // local IPs are included in private IPs
         }
         else {
             connection.transaction.results.add(plugin, { skip: 'private_ip'});
             result = false;
         }
     }

     return result;
 }

@haraka haraka deleted a comment from codecov bot Dec 19, 2018
@analogic
Copy link
Collaborator

analogic commented Dec 19, 2018

LGTM!

To plugin.js abstraction - In future It would be nice to have some generic flag which would control skipping from outside. Like another plugin deciding by IP/RCPT/FROM/AUTH/user profile. (I like what https://github.com/creamfinance/haraka-plugin-plugin_manager can do but I don't like mixing yaml and js logic)

KingNoosh
KingNoosh approved these changes Dec 19, 2018
View reviewed changes
Copy link
Member

@KingNoosh KingNoosh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@KingNoosh KingNoosh merged commit 9201a29 into haraka:master Dec 19, 2018
@msimerson msimerson deleted the should-check branch December 19, 2018 19:45
@msimerson
Copy link
Member Author

msimerson commented Dec 19, 2018

In future It would be nice to have some generic flag which would control skipping from outside

Exactly. In briefly thinking about it, what I see is that there's already a half dozen implementations of varying degrees of skipping / whitelisting. Before assembling this PR I reviewed them but none of them are a one sized fits all. The conditions under which you might want to whitelist a connection from early_talker or greylisting are considerably different than for rspamd or clamd. But this should_check logic does cover the majority of cases for most plugins. In another evolution or two maybe we'll have something that's general purpose enough to work everywhere.

@msimerson msimerson mentioned this pull request Sep 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KingNoosh KingNoosh KingNoosh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msimerson @analogic @KingNoosh