git » chasquid » next » tree

[next] / etc / chasquid / hooks / post-data 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/bash
#
# This file is an example post-data hook that will run standard filtering
# utilities if they are available.
#
#  - greylist (from greylistd) to do greylisting.
#  - spamc (from Spamassassin) to filter spam.
#  - rspamc (from rspamd) or chasquid-rspamd to filter spam.
#  - clamdscan (from ClamAV) to filter virus.
#
# If it exits with code 20, it will be considered a permanent error.
# Otherwise, temporary.

set -e


# Note greylistd needs you to add the user to the "greylist" group:
#   usermod -a -G greylist mail
if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
	command -v greylist >/dev/null && \
	groups | grep -q greylist;
then
	REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
	if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
		echo "greylisted, please try again"
		exit 75  # temporary error
	fi
	echo "X-Greylist: pass"
fi


TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
trap 'rm "$TF"' EXIT

# Save the message to the temporary file, so we can pass it on to the various
# filters.
cat > "$TF"


if command -v spamc >/dev/null; then
        if ! SL=$(spamc -c - < "$TF") ; then
                echo "spam detected"
                exit 20  # permanent
        fi
        echo "X-Spam-Score: $SL"
fi


# Spam filter through rspamd.
#
# Use chasquid-rspamd (from https://github.com/Thor77/chasquid-rspamd) if
# available, otherwise fall back to rspamc.
if command -v chasquid-rspamd >/dev/null; then
	chasquid-rspamd < "$TF" 2>/dev/null
elif command -v rspamc >/dev/null; then
	# Note the actions emitted by rspamc come from the thresholds
	# configured in /etc/rspamd/actions.conf.
	# The ones handled here are common defaults, but they might require
	# adjusting to match your rspamd configuration.
	# Note that greylisting is disabled in rspamc by design, so the
	# "greylist" action is ignored here to prevent false rejections.
	ACTION=$( rspamc < "$TF" 2>/dev/null | grep Action: | cut -d " " -f 2- )
	case "$ACTION" in
		reject)
			echo "spam detected"
			exit 20  # permanent error
			;;
	esac
	echo "X-Spam-Action:" "$ACTION"
fi


if command -v clamdscan >/dev/null; then
        if ! clamdscan --no-summary --infected - < "$TF" 1>&2 ; then
                echo "virus detected"
                exit 20  # permanent
        fi
        echo "X-Virus-Scanned: pass"
fi