Server IP : 85.214.239.14 / Your IP : 52.15.191.241 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /proc/3/root/proc/3/task/3/cwd/proc/2/task/2/cwd/usr/share/perl5/Mail/SpamAssassin/ |
Upload File : |
# <@LICENSE> # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to you under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # </@LICENSE> =head1 NAME Mail::SpamAssassin::PerMsgStatus - per-message status (spam or not-spam) =head1 SYNOPSIS my $spamtest = Mail::SpamAssassin->new({ 'rules_filename' => '/etc/spamassassin.rules', 'userprefs_filename' => $ENV{HOME}.'/.spamassassin/user_prefs' }); my $mail = $spamtest->parse(); my $status = $spamtest->check ($mail); my $rewritten_mail; if ($status->is_spam()) { $rewritten_mail = $status->rewrite_mail (); } ... =head1 DESCRIPTION The Mail::SpamAssassin C<check()> method returns an object of this class. This object encapsulates all the per-message state. =head1 METHODS =over 4 =cut package Mail::SpamAssassin::PerMsgStatus; use strict; use warnings; use re 'taint'; use Errno qw(ENOENT); use Time::HiRes qw(time); use Encode; use Mail::SpamAssassin::Constants qw(:sa :ip); use Mail::SpamAssassin::AsyncLoop; use Mail::SpamAssassin::Conf; use Mail::SpamAssassin::Util qw(untaint_var base64_encode idn_to_ascii uri_list_canonicalize reverse_ip_address is_fqdn_valid parse_header_addresses); use Mail::SpamAssassin::Timeout; use Mail::SpamAssassin::Logger; our @ISA = qw(); # methods defined by the compiled ruleset; deleted in finish() our @TEMPORARY_METHODS; # methods defined by register_plugin_eval_glue(); deleted in finish() our %TEMPORARY_EVAL_GLUE_METHODS; ########################################################################### our %common_tags; BEGIN { %common_tags = ( YESNO => sub { my $pms = shift; $pms->_get_tag_value_for_yesno(@_); }, YESNOCAPS => sub { my $pms = shift; uc $pms->_get_tag_value_for_yesno(@_); }, SCORE => sub { my $pms = shift; $pms->_get_tag_value_for_score(@_); }, HITS => sub { my $pms = shift; $pms->_get_tag_value_for_score(@_); }, REQD => sub { my $pms = shift; $pms->_get_tag_value_for_required_score(@_); }, VERSION => \&Mail::SpamAssassin::Version, SUBVERSION => sub { $Mail::SpamAssassin::SUB_VERSION }, RULESVERSION => sub { my $pms = shift; my $conf = $pms->{conf}; my @fnames; @fnames = keys %{$conf->{update_version}} if $conf->{update_version}; @fnames = sort @fnames if @fnames > 1; join(',', map($conf->{update_version}{$_}, @fnames)); }, HOSTNAME => sub { my $pms = shift; $pms->{conf}->{report_hostname} || Mail::SpamAssassin::Util::fq_hostname(); }, REMOTEHOSTNAME => sub { my $pms = shift; $pms->{tag_data}->{'REMOTEHOSTNAME'} || "localhost"; }, REMOTEHOSTADDR => sub { my $pms = shift; $pms->{tag_data}->{'REMOTEHOSTADDR'} || "127.0.0.1"; }, FIRSTTRUSTEDIP => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_trusted}->[-1]; $lasthop ? $lasthop->{ip} : ''; }, FIRSTTRUSTEDREVIP => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_trusted}->[-1]; $lasthop ? reverse_ip_address($lasthop->{ip}) : ''; }, LASTEXTERNALIP => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_external}->[0]; $lasthop ? $lasthop->{ip} : ''; }, LASTEXTERNALREVIP => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_external}->[0]; $lasthop ? reverse_ip_address($lasthop->{ip}) : ''; }, LASTEXTERNALRDNS => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_external}->[0]; $lasthop ? $lasthop->{rdns} : ''; }, LASTEXTERNALHELO => sub { my $pms = shift; my $lasthop = $pms->{msg}->{metadata}->{relays_external}->[0]; $lasthop ? $lasthop->{helo} : ''; }, CONTACTADDRESS => sub { my $pms = shift; $pms->{conf}->{report_contact}; }, BAYES => sub { my $pms = shift; defined $pms->{bayes_score} ? sprintf("%3.4f", $pms->{bayes_score}) : "0.5"; }, DATE => sub { Mail::SpamAssassin::Util::time_to_rfc822_date() }, STARS => sub { my $pms = shift; my $arg = (shift || "*"); my $length = int($pms->{score}); $length = 50 if $length > 50; # avoid a perl 5.21 warning: "Negative repeat count does nothing" $length > 0 ? $arg x $length : ''; }, AUTOLEARN => sub { my $pms = shift; $pms->get_autolearn_status(); }, AUTOLEARNSCORE => sub { my $pms = shift; $pms->get_autolearn_points(); }, TESTS => sub { my $pms = shift; my $arg = (shift || ','); join($arg, sort @{$pms->{test_names_hit}}) || "none"; }, SUBTESTS => sub { my $pms = shift; my $arg = (shift || ','); join($arg, sort @{$pms->{subtest_names_hit}}) || "none"; }, SUBTESTSCOLLAPSED => sub { my $pms = shift; my $arg = (shift || ','); my (@subtests) = $pms->get_names_of_subtests_hit("collapsed"); join($arg, sort @subtests) || "none"; }, TESTSSCORES => sub { my $pms = shift; my $arg = (shift || ","); my $scores = $pms->{conf}->{scores}; join($arg, map($_ . "=" . ($scores->{$_} || '0'), sort @{$pms->{test_names_hit}})) || "none"; }, PREVIEW => sub { my $pms = shift; $pms->get_content_preview(); }, REPORT => sub { my $pms = shift; "\n" . ($pms->{tag_data}->{REPORT} || ""); }, SUBJPREFIX => sub { my $pms = shift; ($pms->{tag_data}->{SUBJPREFIX} || ""); }, HEADER => sub { my $pms = shift; my $hdr = shift; return '' if !$hdr; $pms->get($hdr, ''); }, TIMING => sub { my $pms = shift; $pms->{main}->timer_report(); }, ADDEDHEADERHAM => sub { my $pms = shift; $pms->_get_added_headers('headers_ham'); }, ADDEDHEADERSPAM => sub { my $pms = shift; $pms->_get_added_headers('headers_spam'); }, ADDEDHEADER => sub { my $pms = shift; $pms->_get_added_headers( $pms->{is_spam} ? 'headers_spam' : 'headers_ham'); }, ); } my $IP_ADDRESS = IP_ADDRESS; sub new { my $class = shift; $class = ref($class) || $class; my ($main, $msg, $opts) = @_; my $self = { 'main' => $main, 'msg' => $msg, 'score' => 0, 'test_log_msgs' => { }, # deprecated since 4.0, renamed to test_logs to prevent conflicts 'test_logs' => { }, 'test_names_hit' => [ ], 'subtest_names_hit' => [ ], 'spamd_result_log_items' => [ ], 'tests_already_hit' => { }, 'get_cache' => { }, 'tag_data' => { }, 'rule_errors' => 0, 'disable_auto_learning' => 0, 'auto_learn_status' => undef, 'auto_learn_force_status' => undef, 'conf' => $main->{conf}, 'async' => Mail::SpamAssassin::AsyncLoop->new($main), 'master_deadline' => $msg->{master_deadline}, # dflt inherited from msg 'deadline_exceeded' => 0, # time limit exceeded, skipping further tests 'tmpfiles' => { }, 'uri_detail_list' => { }, 'subjprefix' => undef, }; dbg("check: pms new, time limit in %.3f s", $self->{master_deadline} - time) if $self->{master_deadline}; if (defined $opts && $opts->{disable_auto_learning}) { $self->{disable_auto_learning} = 1; } # used with "mass-check --loghits" if ($self->{main}->{save_pattern_hits}) { $self->{save_pattern_hits} = 1; $self->{pattern_hits} = { }; } delete $self->{should_log_rule_hits}; my $dbgcache = would_log('dbg', 'rules'); if ($dbgcache || $self->{save_pattern_hits}) { $self->{should_log_rule_hits} = 1; } # known valid tags that might not get their entry in pms->{tag_data} # in some circumstances my $tag_data_ref = $self->{tag_data}; foreach (qw(SUMMARY REPORT SUBJPREFIX RBL)) { $tag_data_ref->{$_} = '' } foreach (qw(AWL AWLMEAN AWLCOUNT AWLPRESCORE DCCB DCCR DCCREP PYZOR DKIMIDENTITY DKIMDOMAIN DKIMSELECTOR BAYESTC BAYESTCLEARNED BAYESTCSPAMMY BAYESTCHAMMY HAMMYTOKENS SPAMMYTOKENS TOKENSUMMARY)) { $tag_data_ref->{$_} = undef; # exist, but undefined } bless ($self, $class); $self; } sub DESTROY { my ($self) = shift; # best practices: prevent potential calls to eval and to system routines # in code of a DESTROY method from clobbering global variables $@ and $! local($@,$!); # keep outer error handling unaffected by DESTROY # Bug 5808 - cleanup tmpfiles foreach my $fn (keys %{$self->{tmpfiles}}) { unlink($fn) or dbg("check: cannot unlink $fn: $!"); } } ########################################################################### =item $status->check () Runs the SpamAssassin rules against the message pointed to by the object. =cut sub check { my ($self) = shift; my $master_deadline = $self->{master_deadline}; if (!$master_deadline) { $self->check_timed(@_); } else { my $t = Mail::SpamAssassin::Timeout->new({ deadline => $master_deadline }); my $err = $t->run(sub { $self->check_timed(@_) }); if (time > $master_deadline && !$self->{deadline_exceeded}) { info("check: exceeded time limit in pms check"); $self->{deadline_exceeded} = 1; } } } sub check_timed { my ($self) = @_; local ($_); $self->{learned_points} = 0; $self->{body_only_points} = 0; $self->{head_only_points} = 0; $self->{score} = 0; # flush any old stale DNS responses $self->{main}->{resolver}->flush_responses(); # clear NetSet cache before every check to prevent it growing too large foreach my $nset_name (qw(internal_networks trusted_networks msa_networks)) { my $netset = $self->{conf}->{$nset_name}; $netset->ditch_cache() if $netset; } $self->{main}->call_plugins ("check_start", { permsgstatus => $self }); # in order of slowness; fastest first, slowest last. # we do ALL the tests, even if a spam triggers lots of them early on. # this lets us see ludicrously spammish mails (score: 40) etc., which # we can then immediately submit to spamblocking services. # # TODO: change this to do welcomelist/blocklists first? probably a plan # NOTE: definitely need AWL stuff last, for regression-to-mean of score # TVD: we may want to do more than just clearing out the headers, but ... $self->{msg}->delete_header('X-Spam-.*'); # Resident Mail::SpamAssassin code will possibly never change score # sets, even if bayes becomes available. So we should do a quick check # to see if we should go from {0,1} to {2,3}. We of course don't need # to do this switch if we're already using bayes ... ;) my $set = $self->{conf}->get_score_set(); if (($set & 2) == 0 && $self->{main}->{bayes_scanner} && $self->{main}->{bayes_scanner}->is_scan_available() && $self->{conf}->{use_bayes_rules}) { dbg("check: scoreset $set but bayes is available, switching scoresets"); $self->{conf}->set_score_set ($set|2); } dbg("check: using scoreset $set in M:S:Pms"); # The primary check functionality occurs via a plugin call. For more # information, please see: Mail::SpamAssassin::Plugin::Check if (!$self->{main}->call_plugins ("check_main", { permsgstatus => $self })) { # did anything happen? if not, this is fatal if (!$self->{main}->have_plugin("check_main")) { die "check: no loaded plugin implements 'check_main': cannot scan!\n". "Check that the necessary '.pre' files are in the config directory.\n". "At a minimum, v320.pre loads the Check plugin which is required.\n"; } } # delete temporary storage and memory allocation used during checking $self->delete_fulltext_tmpfile(); # now that we've finished checking the mail, clear out this cache # to avoid unforeseen side-effects. $self->{get_cache} = { }; # Round the score to 3 decimal places to avoid rounding issues # We assume required_score to be properly rounded already. # add 0 to force it back to numeric representation instead of string. $self->{score} = (sprintf "%0.3f", $self->{score}) + 0; dbg("check: is spam? score=".$self->{score}. " required=".$self->{conf}->{required_score}); dbg("check: tests=".$self->get_names_of_tests_hit()); dbg("check: subtests=".$self->get_names_of_subtests_hit("dbg")); $self->{is_spam} = $self->is_spam(); $self->{main}->{resolver}->bgabort(); $self->{main}->call_plugins ("check_end", { permsgstatus => $self }); 1; } # Called from Check.pm after Plugins check_cleanup calls # Cleanup and finish things before learning/rewrites etc # TODO: document? sub check_cleanup { my ($self) = shift; # Create subjprefix if (defined $self->{subjprefix}) { $self->{tag_data}->{SUBJPREFIX} = $self->{subjprefix}; } # Create reports $self->{tag_data}->{REPORT} = ''; $self->{tag_data}->{SUMMARY} = ''; my $test_logs = $self->{test_logs}; my $scores = $self->{conf}->{scores}; foreach my $rule (@{$self->{test_names_hit}}) { my $score = $scores->{$rule}; my $area = $test_logs->{$rule}->{area} || ''; my $desc = $test_logs->{$rule}->{desc} || ''; if ($score >= 10 || $score <= -10) { $score = sprintf("%4.0f", $score); } else { $score = sprintf("%4.1f", $score); } my $terse = ''; my $long = ''; if (defined $test_logs->{$rule}->{msg}) { my @msgs; if (($self->{conf}->{tflags}->{$rule}||'') =~ /\bnolog\b/) { push(@msgs, '*REDACTED*'); } else { @msgs = @{$test_logs->{$rule}->{msg}}; } local $1; foreach my $msg (@msgs) { while ($msg =~ s/^(.{30,48})\s//) { $terse .= sprintf ("[%s]\n", $1); if (length($1) > 47) { $long .= sprintf ("%78s\n", "[$1]"); } else { $long .= sprintf ("%27s [%s]\n", "", $1); } } $terse .= sprintf ("[%s]\n", $msg); if (length($msg) > 47) { $long .= sprintf ("%78s\n", "[$msg]"); } else { $long .= sprintf ("%27s [%s]\n", "", $msg); } } } $self->{tag_data}->{REPORT} .= sprintf ("* %s %s %s%s\n%s", $score, $rule, $area, $self->_wrap_desc($desc, 4+length($rule)+length($score)+length($area), "* "), ($terse ? "* " . $terse : '')); $self->{tag_data}->{SUMMARY} .= sprintf ("%s %-22s %s%s\n%s", $score, $rule, $area, $self->_wrap_desc($desc, 3+length($rule)+length($score)+length($area), " " x 28), $long); } } ########################################################################### =item $status->learn() After a mail message has been checked, this method can be called. If the score is outside a certain range around the threshold, ie. if the message is judged more-or-less definitely spam or definitely non-spam, it will be fed into SpamAssassin's learning systems (currently the naive Bayesian classifier), so that future similar mails will be caught. =cut sub learn { my ($self) = shift; my $master_deadline = $self->{master_deadline}; if (!$master_deadline) { $self->learn_timed(@_); } else { my $t = Mail::SpamAssassin::Timeout->new({ deadline => $master_deadline }); my $err = $t->run(sub { $self->learn_timed(@_) }); if (time > $master_deadline && !$self->{deadline_exceeded}) { info("learn: exceeded time limit in pms learn"); $self->{deadline_exceeded} = 1; } } } sub learn_timed { my ($self) = @_; if (!$self->{conf}->{bayes_auto_learn} || !$self->{conf}->{use_bayes} || $self->{disable_auto_learning}) { $self->{auto_learn_status} = "disabled"; return; } my ($isspam, $force_autolearn, $force_autolearn_names, $arrayref); $arrayref = $self->{main}->call_plugins ("autolearn_discriminator", { permsgstatus => $self }); $isspam = $arrayref->[0]; $force_autolearn = $arrayref->[1]; $force_autolearn_names = $arrayref->[2]; #AUTOLEARN_FORCE FLAG INFORMATION if (defined $force_autolearn and $force_autolearn > 0) { $self->{auto_learn_force_status} = "yes"; if (defined $force_autolearn_names) { $self->{auto_learn_force_status} .= " ($force_autolearn_names)"; } } else { $self->{auto_learn_force_status} = "no"; } if (!defined $isspam) { $self->{auto_learn_status} = 'no'; return; } my $timer = $self->{main}->time_method("learn"); $self->{main}->call_plugins ("autolearn", { permsgstatus => $self, isspam => $isspam }); # bug 3704: temporarily override learn's ability to re-learn a message my $orig_learner = $self->{main}->init_learner({ "no_relearn" => 1 }); my $eval_stat; eval { my $learnstatus = $self->{main}->learn ($self->{msg}, undef, $isspam, 0); if ($learnstatus->did_learn()) { $self->{auto_learn_status} = $isspam ? "spam" : "ham"; } # This must wait until the did_learn call. $learnstatus->finish(); $self->{main}->finish_learner(); # for now if (exists $self->{main}->{bayes_scanner}) { $self->{main}->{bayes_scanner}->force_close(); } 1; } or do { $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; }; # reset learner options to their original values $self->{main}->init_learner($orig_learner); if (defined $eval_stat) { dbg("learn: auto-learning failed: $eval_stat"); $self->{auto_learn_status} = "failed"; } } =item $score = $status->get_autolearn_points() Return the message's score as computed for auto-learning. Certain tests are ignored: - rules with tflags set to 'learn' (the Bayesian rules) - rules with tflags set to 'userconf' (user welcome/block-listing rules, etc) - rules with tflags set to 'noautolearn' Also note that auto-learning occurs using scores from either scoreset 0 or 1, depending on what scoreset is used during message check. It is likely that the message check and auto-learn scores will be different. =cut sub get_autolearn_points { my ($self) = @_; $self->_get_autolearn_points(); return $self->{autolearn_points}; } =item $score = $status->get_head_only_points() Return the message's score as computed for auto-learning, ignoring all rules except for header-based ones. =cut sub get_head_only_points { my ($self) = @_; $self->_get_autolearn_points(); return $self->{head_only_points}; } =item $score = $status->get_learned_points() Return the message's score as computed for auto-learning, ignoring all rules except for learning-based ones. =cut sub get_learned_points { my ($self) = @_; $self->_get_autolearn_points(); return $self->{learned_points}; } =item $score = $status->get_body_only_points() Return the message's score as computed for auto-learning, ignoring all rules except for body-based ones. =cut sub get_body_only_points { my ($self) = @_; $self->_get_autolearn_points(); return $self->{body_only_points}; } =item $score = $status->get_autolearn_force_status() Return whether a message's score included any rules that are flagged as autolearn_force. =cut sub get_autolearn_force_status { my ($self) = @_; $self->_get_autolearn_points(); return $self->{autolearn_force}; } =item $rule_names = $status->get_autolearn_force_names() Return a list of comma separated list of rule names if a message's score included any rules that are flagged as autolearn_force. =cut sub get_autolearn_force_names { my ($self) = @_; my ($names); $self->_get_autolearn_points(); $names = $self->{autolearn_force_names}; if (defined $names) { #remove trailing comma $names =~ s/,$//; } else { $names = ""; } return $names; } sub _get_autolearn_testtype { my ($self, $test) = @_; return '' unless defined $test; return 'head' if $test == $Mail::SpamAssassin::Conf::TYPE_HEAD_TESTS || $test == $Mail::SpamAssassin::Conf::TYPE_HEAD_EVALS; return 'body' if $test == $Mail::SpamAssassin::Conf::TYPE_BODY_TESTS || $test == $Mail::SpamAssassin::Conf::TYPE_BODY_EVALS || $test == $Mail::SpamAssassin::Conf::TYPE_RAWBODY_TESTS || $test == $Mail::SpamAssassin::Conf::TYPE_RAWBODY_EVALS || $test == $Mail::SpamAssassin::Conf::TYPE_URI_TESTS || $test == $Mail::SpamAssassin::Conf::TYPE_URI_EVALS; return 'meta' if $test == $Mail::SpamAssassin::Conf::TYPE_META_TESTS; return ''; } sub _get_autolearn_points { my ($self) = @_; return if (exists $self->{autolearn_points}); # ensure it only gets computed once, even if we return early $self->{autolearn_points} = 0; my $conf = $self->{conf}; # This function needs to use use sum($score[scoreset % 2]) not just {score}. # otherwise we shift what we autolearn on and it gets really weird. - tvd my $orig_scoreset = $conf->get_score_set(); my $new_scoreset = $orig_scoreset; my $scores = $conf->{scores}; if (($orig_scoreset & 2) == 0) { # we don't need to recompute dbg("learn: auto-learn: currently using scoreset $orig_scoreset"); } else { $new_scoreset = $orig_scoreset & ~2; dbg("learn: auto-learn: currently using scoreset $orig_scoreset, recomputing score based on scoreset $new_scoreset"); $scores = $conf->{scoreset}->[$new_scoreset]; } my $tflags = $conf->{tflags}; my $points = 0; # Just in case this function is called multiple times, clear out the # previous calculated values $self->{learned_points} = 0; $self->{body_only_points} = 0; $self->{head_only_points} = 0; $self->{autolearn_force} = 0; foreach my $test (@{$self->{test_names_hit}}) { my $force_type = ''; # According to the documentation, noautolearn, userconf, and learn # rules are ignored for autolearning. if (exists $tflags->{$test}) { next if $tflags->{$test} =~ /\bnoautolearn\b/; next if $tflags->{$test} =~ /\buserconf\b/; # Keep track of the learn points for an additional autolearn check. # Use the original scoreset since it'll be 0 in sets 0 and 1. if ($tflags->{$test} =~ /\blearn\b/) { # we're guaranteed that the score will be defined $self->{learned_points} += $conf->{scoreset}->[$orig_scoreset]->{$test}; next; } #IF ANY RULES ARE AUTOLEARN FORCE, SET THAT FLAG if ($tflags->{$test} =~ /\bautolearn_force\b/) { $self->{autolearn_force}++; #ADD RULE NAME TO LIST $self->{autolearn_force_names}.="$test,"; } # Bug 7907 local $1; if ($tflags->{$test} =~ /\bautolearn_(body|header)\b/) { $force_type = $1; } } # ignore tests with 0 score (or undefined) in this scoreset next if !$scores->{$test}; # Go ahead and add points to the proper locations # Changed logic because in testing, I was getting both head and body. Bug 5503 # Cleanup logic, Bug 7905/7906 my $type = $self->_get_autolearn_testtype($conf->{test_types}->{$test}); if ($force_type eq 'header' || ($force_type eq '' && $type eq 'head')) { $self->{head_only_points} += $scores->{$test}; dbg("learn: auto-learn: adding header points $scores->{$test} ($test)"); } elsif ($force_type eq 'body' || ($force_type eq '' && $type eq 'body')) { $self->{body_only_points} += $scores->{$test}; dbg("learn: auto-learn: adding body points $scores->{$test} ($test)"); } elsif ($type eq 'meta') { if ($conf->{meta_dependencies}->{$test}) { my $dep_head = 0; my $dep_body = 0; foreach my $deptest (@{$conf->{meta_dependencies}->{$test}}) { my $deptype = $self->_get_autolearn_testtype($conf->{test_types}->{$deptest}); if ($deptype eq 'head') { $dep_head++; } elsif ($deptype eq 'body') { $dep_body++; } } if ($dep_head || $dep_body) { my $dep_total = $dep_head + $dep_body; my $p_head = sprintf "%0.3f", $scores->{$test} * ($dep_head / $dep_total); my $p_body = sprintf "%0.3f", $scores->{$test} * ($dep_body / $dep_total); $self->{head_only_points} += $p_head; $self->{body_only_points} += $p_body; dbg("learn: auto-learn: adding $p_head header and $p_body body points, $dep_head/$dep_body ratio ($test)"); } else { dbg("learn: auto-learn: not considered as header or body points, no header/body deps ($test)"); } } else { dbg("learn: auto-learn: not considered as header or body points, no meta deps ($test)"); } } else { dbg("learn: auto-learn: not considered as header or body points, ignored ruletype ($test)"); } $points += $scores->{$test}; } # Figure out the final value we'll use for autolearning $points = (sprintf "%0.3f", $points) + 0; dbg("learn: auto-learn: message score: ".$self->{score}.", computed score for autolearn: $points"); $self->{autolearn_points} = $points; } ########################################################################### =item $isspam = $status->is_spam () After a mail message has been checked, this method can be called. It will return 1 for mail determined likely to be spam, 0 if it does not seem spam-like. =cut sub is_spam { my ($self) = @_; # changed to test this so sub-tests can ask "is_spam" during a run return ($self->{score} >= $self->{conf}->{required_score}); } ########################################################################### =item $list = $status->get_names_of_tests_hit () After a mail message has been checked, this method can be called. It will return a comma-separated string, listing all the symbolic test names of the tests which were triggered by the mail. =cut sub get_names_of_tests_hit { my ($self) = @_; return join(',', sort @{$self->{test_names_hit}}); } =item $list = $status->get_names_of_tests_hit_with_scores_hash () After a mail message has been checked, this method can be called. It will return a pointer to a hash for rule & score pairs for all the symbolic test names and individual scores of the tests which were triggered by the mail. =cut sub get_names_of_tests_hit_with_scores_hash { my ($self) = @_; #BASED ON CODE FOR TESTSSCORES TAG my $scores = $self->{conf}->{scores}; my %testsscores; $testsscores{$_} = $scores->{$_} || '0' for @{$self->{test_names_hit}}; return \%testsscores; } =item $list = $status->get_names_of_tests_hit_with_scores () After a mail message has been checked, this method can be called. It will return a comma-separated string of rule=score pairs for all the symbolic test names and individual scores of the tests which were triggered by the mail. =cut sub get_names_of_tests_hit_with_scores { my ($self) = @_; #BASED ON CODE FOR TESTSSCORES TAG my $scores = $self->{conf}->{scores}; return join(',', map($_ . '=' . ($scores->{$_} || '0'), sort @{$self->{test_names_hit}})) || "none"; } ########################################################################### =item $list = $status->get_names_of_subtests_hit () After a mail message has been checked, this method can be called. It will return a comma-separated string, listing all the symbolic test names of the meta-rule sub-tests which were triggered by the mail. Sub-tests are the normally-hidden rules, which score 0 and have names beginning with two underscores, used in meta rules. If a parameter of collapsed or dbg is passed, the output will be a condensed array of sub-tests with multiple hits reduced to one entry. If the parameter of dbg is passed, the output will be a condensed string of sub-tests with multiple hits reduced to one entry with the number of hits in parentheses. Some information is also added at the end regarding the multiple hits. =cut sub get_names_of_subtests_hit { my ($self, $mode) = @_; if (defined $mode && ($mode eq 'dbg' || $mode eq 'collapsed')) { # This routine prints only one instance of a subrule hit with a count of how many times it hit if greater than 1 my $total_hits = scalar(@{$self->{subtest_names_hit}}); return '' if !$total_hits; my %subtest_names_hit; $subtest_names_hit{$_}++ foreach @{$self->{subtest_names_hit}}; my @subtests = sort keys %subtest_names_hit; my $deduplicated_hits = scalar(@subtests); my @result; foreach my $rule (@subtests) { if ($subtest_names_hit{$rule} > 1) { push @result, "$rule($subtest_names_hit{$rule})"; } else { push @result, $rule; } } if ($mode eq 'dbg') { return join(',', @result)." (Total Subtest Hits: $total_hits / Deduplicated Total Hits: $deduplicated_hits)"; } else { return join(',', @result); } } else { # Return the simpler string with duplicates and commas return join(',', sort @{$self->{subtest_names_hit}}); } } ########################################################################### =item $num = $status->get_score () After a mail message has been checked, this method can be called. It will return the message's score. =cut sub get_score { my ($self) = @_; return $self->{score}; } # left as backward compatibility sub get_hits { my ($self) = @_; return $self->{score}; } ########################################################################### =item $num = $status->get_required_score () After a mail message has been checked, this method can be called. It will return the score required for a mail to be considered spam. =cut sub get_required_score { my ($self) = @_; return $self->{conf}->{required_score}; } # left as backward compatibility sub get_required_hits { my ($self) = @_; return $self->{conf}->{required_score}; } ########################################################################### =item $num = $status->get_autolearn_status () After a mail message has been checked, this method can be called. It will return one of the following strings depending on whether the mail was auto-learned or not: "ham", "no", "spam", "disabled", "failed", "unavailable". It also returns is flagged with auto_learn_force, it will also include the status and the rules hit. For example: "autolearn_force=yes (AUTOLEARNTEST_BODY)" =cut sub get_autolearn_status { my ($self) = @_; my ($status) = $self->{auto_learn_status} || "unavailable"; if (defined $self->{auto_learn_force_status}) { $status .= " autolearn_force=".$self->{auto_learn_force_status}; } return $status; } ########################################################################### =item $report = $status->get_report () Deliver a "spam report" on the checked mail message. This contains details of how many spam detection rules it triggered. The report is returned as a multi-line string, with the lines separated by C<\n> characters. =cut sub get_report { my ($self) = @_; if (!exists $self->{'report'}) { my $report; my $timer = $self->{main}->time_method("get_report"); $report = $self->{conf}->{report_template}; $report ||= '(no report template found)'; $report = $self->_replace_tags($report); $report =~ s/\n*$/\n\n/s; $self->{report} = $report; } return $self->{report}; } ########################################################################### =item $preview = $status->get_content_preview () Give a "preview" of the content. This is returned as a multi-line string, with the lines separated by C<\n> characters, containing a fully-decoded, safe, plain-text sample of the first few lines of the message body. =cut sub get_content_preview { my ($self) = @_; my $str = ''; my @ary = @{$self->get_decoded_stripped_body_text_array()}; shift @ary; # drop the subject line my $numlines = 3; while (length ($str) < 200 && @ary && $numlines-- > 0) { $str .= shift @ary; } # in case the last line was huge, trim it back to around 200 chars local $1; $str =~ s/^(.{200}).+$/$1 [...]/gm; chomp ($str); $str .= "\n"; # now, some tidy-ups that make things look a bit prettier $str =~ s/-----Original Message-----.*$//gm; $str =~ s/This is a multi-part message in MIME format\.//gs; $str =~ s/[-_*.]{10,}//gs; $str =~ s/\s+/ /gs; # add "Content preview:" ourselves, so that the text aligns # correctly with the template -- then trim it off. We don't # have to get this *exactly* right, but it's nicer if we # make a bit of an effort ;) $str = Mail::SpamAssassin::Util::wrap($str, " ", "Content preview: ", 75, 1); $str =~ s/^Content preview:\s+//gs; return $str; } ########################################################################### =item $msg = $status->get_message() Return the object representing the message being scanned. =cut sub get_message { my ($self) = @_; return $self->{msg}; } ########################################################################### =item $status->rewrite_mail () Rewrite the mail message. This will at minimum add headers, and at maximum MIME-encapsulate the message text, to reflect its spam or not-spam status. The function will return a scalar of the rewritten message. The actual modifications depend on the configuration (see C<Mail::SpamAssassin::Conf> for more information). The possible modifications are as follows: =over 4 =item To:, From: and Subject: modification on spam mails Depending on the configuration, the To: and From: lines can have a user-defined RFC 2822 comment appended for spam mail. The subject line may have a user-defined string prepended to it for spam mail. =item X-Spam-* headers for all mails Depending on the configuration, zero or more headers with names beginning with C<X-Spam-> will be added to mail depending on whether it is spam or ham. =item spam message with report_safe If report_safe is set to true (1), then spam messages are encapsulated into their own message/rfc822 MIME attachment without any modifications being made. If report_safe is set to false (0), then the message will only have the above headers added/modified. =back =cut sub rewrite_mail { my ($self) = @_; my $timer = $self->{main}->time_method("rewrite_mail"); my $msg = $self->{msg}->get_mbox_separator() || ''; if ($self->{is_spam} && $self->{conf}->{report_safe}) { $msg .= $self->rewrite_report_safe(); } else { $msg .= $self->rewrite_no_report_safe(); } return $msg; } # Make the line endings in the passed string reference appropriate # for the original mail. Callers must note bug 5250: don't rewrite # the message body, since that will corrupt 8bit attachments/MIME parts. # sub _fixup_report_line_endings { my ($self, $strref) = @_; if ($self->{msg}->{line_ending} ne "\n") { $$strref =~ s/\r?\n/$self->{msg}->{line_ending}/gs; } } sub _get_added_headers { my ($self, $which) = @_; my $str = ''; # use string appends to put this back together -- I finally benchmarked it. # join() is 56% of the speed of just using string appends. ;) foreach my $hf_ref (@{$self->{conf}->{$which}}) { my($hfname, $hfbody) = @$hf_ref; my $line = $self->_process_header($hfname,$hfbody); $line = $self->mime_encode_header($line); $str .= "X-Spam-$hfname: $line\n"; } return $str; }; # rewrite the message in report_safe mode # should not be called directly, use rewrite_mail instead # sub rewrite_report_safe { my ($self) = @_; my $tag; # This is the original message. We do not want to make any modifications so # we may recover it if necessary. It will be put into the new message as a # message/rfc822 MIME part. my $original = $self->{msg}->get_pristine(); # This is the new message. my $newmsg = ''; # the character set of a report my $report_charset = $self->{conf}->{report_charset} || "UTF-8"; # the SpamAssassin report my $report = $self->get_report(); if (!utf8::is_utf8($report)) { # already in octets } else { # encode to octets if (uc $report_charset eq 'UTF-8') { dbg("check: encoding report to $report_charset"); utf8::encode($report); # very fast } else { dbg("check: encoding report to $report_charset. Slow, to be avoided!"); $report = Encode::encode($report_charset, $report); # slow } } # get original headers, "pristine" if we can do it my $from = $self->{msg}->get_pristine_header("From"); my $to = $self->{msg}->get_pristine_header("To"); my $cc = $self->{msg}->get_pristine_header("Cc"); my $subject = $self->{msg}->get_pristine_header("Subject"); my $msgid = $self->{msg}->get_pristine_header('Message-Id'); my $date = $self->{msg}->get_pristine_header("Date"); # It'd be nice to do this with a foreach loop, but with only three # possibilities right now, it's easier not to... if (defined $self->{conf}->{rewrite_header}->{Subject}) { # Add a prefix to the subject if needed $subject = "\n" if !defined $subject; if (defined $self->{subjprefix}) { $tag = $self->_replace_tags($self->{subjprefix}); $tag =~ s/\n/ /gs; $subject = $tag . $subject; } # Add a **SPAM** prefix $tag = $self->_replace_tags($self->{conf}->{rewrite_header}->{Subject}); $tag =~ s/\n/ /gs; # strip tag's newlines $subject =~ s/^(?:\Q${tag}\E )?/${tag} /g; # For some reason the tag may already be there!? } if (defined $self->{conf}->{rewrite_header}->{To}) { $to = "\n" if !defined $to; my $tag = $self->_replace_tags($self->{conf}->{rewrite_header}->{To}); $tag =~ s/\n/ /gs; # strip tag's newlines $to =~ s/(?:\t\Q(${tag})\E)?$/\t(${tag})/; } if (defined $self->{conf}->{rewrite_header}->{From}) { $from = "\n" if !defined $from; my $tag = $self->_replace_tags($self->{conf}->{rewrite_header}->{From}); $tag =~ s/\n+//gs; # strip tag's newlines $from =~ s/(?:\t\Q(${tag})\E)?$/\t(${tag})/; } # add report headers to message $newmsg .= "From: $from" if defined $from; $newmsg .= "To: $to" if defined $to; $newmsg .= "Cc: $cc" if defined $cc; $newmsg .= "Subject: $subject" if defined $subject; $newmsg .= "Date: $date" if defined $date; $newmsg .= "Message-Id: $msgid" if defined $msgid; $newmsg .= $self->_get_added_headers('headers_spam'); if (defined $self->{conf}->{report_safe_copy_headers}) { my %already_added = map { $_ => 1 } qw/from to cc subject date message-id/; foreach my $hdr (@{$self->{conf}->{report_safe_copy_headers}}) { next if exists $already_added{lc $hdr}; my @hdrtext = $self->{msg}->get_pristine_header($hdr); $already_added{lc $hdr}++; if (lc $hdr eq "received") { # add Received at the top ... my $rhdr = ""; foreach (@hdrtext) { $rhdr .= "$hdr: $_"; } $newmsg = "$rhdr$newmsg"; } else { foreach (@hdrtext) { $newmsg .= "$hdr: $_"; } } } } # jm: add a SpamAssassin Received header to note markup time etc. # emulates the fetchmail style. # tvd: do this after report_safe_copy_headers so Received will be done correctly $newmsg = "Received: from localhost by " . Mail::SpamAssassin::Util::fq_hostname() . "\n" . "\twith SpamAssassin (version " . Mail::SpamAssassin::Version() . ");\n" . "\t" . Mail::SpamAssassin::Util::time_to_rfc822_date() . "\n" . $newmsg; # MIME boundary my $boundary = "----------=_" . sprintf("%08X.%08X",time,int(rand(2 ** 32))); # ensure it's unique, so we can't be attacked this way while ($original =~ /^\Q${boundary}\E(?:--)?$/m) { $boundary .= "/".sprintf("%08X",int(rand(2 ** 32))); } # determine whether Content-Disposition should be "attachment" or "inline" my $disposition; my $ct = $self->{msg}->get_header("Content-Type"); if (defined $ct && $ct ne '' && $ct !~ m{text/plain}i) { $disposition = "attachment"; $report .= $self->_replace_tags($self->{conf}->{unsafe_report_template}); # if we wanted to defang the attachment, this would be the place } else { $disposition = "inline"; } my $type = "message/rfc822"; $type = "text/plain" if $self->{conf}->{report_safe} > 1; my $description = $self->{conf}->{'encapsulated_content_description'}; # Note: the message should end in blank line since mbox format wants # blank line at end and messages may be concatenated! In addition, the # x-spam-type parameter is fixed since we will use it later to recognize # original messages that can be extracted. $newmsg .= <<"EOM"; MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="$boundary" This is a multi-part message in MIME format. --$boundary Content-Type: text/plain; charset=$report_charset Content-Disposition: inline Content-Transfer-Encoding: 8bit $report --$boundary Content-Type: $type; x-spam-type=original Content-Description: $description Content-Disposition: $disposition Content-Transfer-Encoding: 8bit EOM my $newmsgtrailer = "\n--$boundary--\n\n"; # now fix line endings in both headers, report_safe body parts, # and new MIME boundaries and structure $self->_fixup_report_line_endings(\$newmsg); $self->_fixup_report_line_endings(\$newmsgtrailer); $newmsg .= $original.$newmsgtrailer; return $newmsg; } # rewrite the message in non-report_safe mode (just headers) # should not be called directly, use rewrite_mail instead # sub rewrite_no_report_safe { my ($self) = @_; my $ntag; my $pref_subject = 0; # put the pristine headers into an array # skip the X-Spam- headers, but allow the X-Spam-Prev headers to remain. # since there may be a missing header/body # my @pristine_headers = split(/^/m, $self->{msg}->get_pristine_header()); for (my $line = 0; $line <= $#pristine_headers; $line++) { next unless ($pristine_headers[$line] =~ /^X-Spam-(?!Prev-)/i); splice @pristine_headers, $line, 1 while ($pristine_headers[$line] =~ /^(?:X-Spam-(?!Prev-)|[ \t])/i); $line--; } my $separator = ''; if (@pristine_headers && $pristine_headers[$#pristine_headers] =~ /^\s*$/) { $separator = pop @pristine_headers; } my $addition = 'headers_ham'; if($self->{is_spam}) { # special-case: Subject lines. ensure one exists, if we're # supposed to mark it up. my $created_subject = 0; my $subject = $self->{msg}->get_pristine_header('Subject'); if (!defined($subject) && $self->{is_spam} && exists $self->{conf}->{rewrite_header}->{'Subject'}) { push(@pristine_headers, "Subject: \n"); $created_subject = 1; } # Deal with header rewriting foreach (@pristine_headers) { # if we're not going to do a rewrite, skip this header! next if (!/^(From|Subject|To):/i); my $hdr = ucfirst(lc($1)); next if (!defined $self->{conf}->{rewrite_header}->{$hdr}); # pop the original version onto the end of the header array if ($created_subject) { push(@pristine_headers, "X-Spam-Prev-Subject: (nonexistent)\n"); } else { push(@pristine_headers, "X-Spam-Prev-$_"); } # Figure out the rewrite piece my $tag = $self->_replace_tags($self->{conf}->{rewrite_header}->{$hdr}); $tag =~ s/\n/ /gs; # The tag should be a comment for this header ... $tag = "($tag)" if ($hdr =~ /^(?:From|To)$/); if (defined $self->{subjprefix}) { $ntag = $self->_replace_tags($self->{subjprefix}); $ntag =~ s/\n/ /gs; $ntag =~ s/\s+$//; local $1; s/^([^:]+:)[ \t]*(?:\Q${ntag}\E )?/$1 ${ntag} /i; } s/^([^:]+:)[ \t]*(?:\Q${tag}\E )?/$1 ${tag} /i; } $addition = 'headers_spam'; } else { # special-case: Subject lines. ensure one exists, if we're # supposed to mark it up. my $created_subject = 0; my $subject = $self->{msg}->get_pristine_header('Subject'); if (!defined($subject) && exists $self->{conf}->{rewrite_header}->{'Subject'}) { push(@pristine_headers, "Subject: \n"); $created_subject = 1; } # Deal with header rewriting foreach (@pristine_headers) { # if we're not going to do a rewrite, skip this header! next if (!/^(Subject):/i); my $hdr = ucfirst(lc($1)); next if (!defined $self->{conf}->{rewrite_header}->{$hdr}); if (defined $self->{subjprefix}) { $ntag = $self->_replace_tags($self->{subjprefix}); $ntag =~ s/\n/ /gs; $ntag =~ s/\s+$//; local $1; s/^([^:]+:)[ \t]*(?:\Q${ntag}\E )?/$1 ${ntag} /i; } } } # Break the pristine header set into two blocks; $new_hdrs_pre is the stuff # that we want to ensure comes before any SpamAssassin markup headers, # like the Return-Path header (see bug 3409). # # all the rest of the message headers (as left in @pristine_headers), is # to be placed after the SpamAssassin markup hdrs. Once one of those headers # is seen, all further headers go into that set; it's assumed that it's an # old copy of the header, or attempted spoofing, if it crops up halfway # through the headers. my $new_hdrs_pre = ''; if (@pristine_headers && $pristine_headers[0] =~ /^Return-Path:/i) { $new_hdrs_pre .= shift(@pristine_headers); while (@pristine_headers && $pristine_headers[0] =~ /^[ \t]/) { $new_hdrs_pre .= shift(@pristine_headers); } } $new_hdrs_pre .= $self->_get_added_headers($addition); # fix up line endings appropriately my $newmsg = $new_hdrs_pre . join('',@pristine_headers) . $separator; $self->_fixup_report_line_endings(\$newmsg); return $newmsg.$self->{msg}->get_pristine_body(); } # encode a header field body into ASCII as per RFC 2047 # sub mime_encode_header { my ($self, $text) = @_; utf8::encode($text) if utf8::is_utf8($text); my $result = ''; for my $line (split(/^/, $text)) { if ($line =~ /^[\x09\x20-\x7E]*\r?\n\z/s) { $result .= $line; # no need for encoding } else { my $prefix = ''; my $suffix = ''; local $1; if ($line =~ s/( (?: ^ | [ \t] ) [\x09\x20-\x7E]* (?: \r?\n )? ) \z//xs) { $suffix = $1; } elsif ($line =~ s/(\r?\n)\z//s) { $suffix = $1; } if ($line =~ s/^ ( [\x09\x20-\x7E]* (?: [ \t] | \z ) )//xs) { $prefix = $1; } if ($line eq '') { $result .= $prefix . $suffix; } else { my $qp_enc_count = $line =~ tr/=?_\x00-\x1F\x7F-\xFF//; if (length($line) + $qp_enc_count*2 <= 4 * int(length($line)+2)/3) { # RFC 2047: Upper case should be used for hex digits A through F $line =~ s{ ( [=?_\x00-\x20\x7F-\xFF] ) } { $1 eq ' ' ? '_' : sprintf("=%02X", ord $1) }xges; $result .= $prefix . '=?UTF-8?Q?' . $line; } else { $result .= $prefix . '=?UTF-8?B?' . base64_encode($line); } $result .= '?=' . $suffix; } } } dbg("markup: mime_encode_header: %s", $result); return $result; } sub _process_header { my ($self, $hdr_name, $hdr_data) = @_; $hdr_data = $self->_replace_tags($hdr_data); # as octets $hdr_data =~ s/(?:\r?\n)+$//; # make sure there are no trailing newlines ... if ($self->{conf}->{fold_headers}) { if ($hdr_data =~ /\n/) { $hdr_data =~ s/\s*\n\s*/\n\t/g; return $hdr_data; } else { # use '!!' instead of ': ' so it doesn't wrap on the space my $hdr = "X-Spam-$hdr_name!!$hdr_data"; $hdr = Mail::SpamAssassin::Util::wrap($hdr, "\t", "", 79, 0, '(?<=[\s,])'); # make sure there are no blank lines in headers # buggy wrap might not prefix blank lines with \t, so use \s* (bug 7672) $hdr =~ s/^\s*\n//gm; return (split (/!!/, $hdr, 2))[1]; # just return the data part } } else { $hdr_data =~ s/\n/ /g; # Can't have newlines in headers, unless folded return $hdr_data; } } sub _replace_tags { my $self = shift; my $text = shift; # default to leaving the original string in place, if we cannot find # a tag for it (bug 4793) local($1); $text =~ s{_([A-Z][A-Z0-9]*(?:_[A-Z0-9]+)*(?:\(.*?\))?)_}{ my $tag = $1; my $result; if ($tag =~ /^ADDEDHEADER(?:HAM|SPAM|)\z/) { # Bug 6278: break infinite recursion through _get_added_headers and # _get_tag on an attempt to use such tag in add_header template } else { $result = $self->get_tag_raw($tag); if (!ref $result) { utf8::encode($result) if utf8::is_utf8($result); } elsif (ref $result eq 'ARRAY') { my @values = @$result; # avoid modifying referenced array for (@values) { utf8::encode($_) if utf8::is_utf8($_) } $result = join(' ', @values); } } defined $result ? $result : "_${tag}_"; }ge; return $text; } ########################################################################### # public API for plugins =item $status->action_depends_on_tags($tags, $code, @args) Enqueue the supplied subroutine reference C<$code>, to become runnable when all the specified tags become available. The C<$tags> may be a simple scalar - a tag name, or a listref of tag names. The subroutine C<&$code> when called will be passed a C<permessagestatus> object as its first argument, followed by the supplied (optional) list C<@args> . =cut sub action_depends_on_tags { my($self, $tags, $code, @args) = @_; ref $code eq 'CODE' or die "action_depends_on_tags: argument must be a subroutine ref"; # tag names on which the given action depends my @dep_tags = !ref $tags ? $tags : @$tags; # uppercase tag, but not args, f.e. HEADER(foo) local($1,$2); foreach (@dep_tags) { if (/^ ([^\(]+) (\(.*)? $/x) { $_ = uc($1).(defined $2 ? $2 : ''); } } # list dependency tag names which are not already satisfied my @blocking_tags; foreach (@dep_tags) { my $data = $self->get_tag($_); if (!defined $data || $data eq '') { push @blocking_tags, $_; } } if (!@blocking_tags) { dbg("check: tagrun - tag %s was ready, runnable immediately: %s", join(', ',@dep_tags), join(', ',$code,@args)); &$code($self, @args); } else { # @{$self->{tagrun_subs}} list of all submitted subroutines # @{$self->{tagrun_actions}{$tag}} bitmask of action indices blocked by tag # $self->{tagrun_tagscnt}[$action_ind] count of tags still pending # store action details, obtain its index push(@{$self->{tagrun_subs}}, [$code,@args]); my $action_ind = $#{$self->{tagrun_subs}}; $self->{tagrun_tagscnt}[$action_ind] = scalar @blocking_tags; $self->{tagrun_actions}{$_}[$action_ind] = 1 for @blocking_tags; dbg("check: tagrun - action %s blocking on tags %s", $action_ind, join(', ',@blocking_tags)); } } # tag_is_ready() will be called by set_tag(), indicating that a given # tag just received its value, possibly unblocking an action routine # as declared by action_depends_on_tags(). # # Well-behaving plugins should call set_tag() once when a tag is fully # assembled and ready. Multiple calls to set the same tag value are handled # gracefully, but may result in premature activation of a pending action. # Setting tag values by plugins should not be done directly but only through # the public API set_tag(), otherwise a pending action release may be missed. # sub tag_is_ready { my($self, $tag) = @_; $tag = uc $tag; if (would_log('dbg', 'check')) { my $tag_val = $self->{tag_data}->{$tag}; dbg("check: tagrun - tag %s is now ready, value: %s", $tag, !defined $tag_val ? '<UNDEF>' : ref $tag_val ne 'ARRAY' ? $tag_val : 'ARY:[' . join(',',@$tag_val) . ']' ); } if (ref $self->{tagrun_actions}{$tag}) { # any action blocking on this tag? my $action_ind = 0; foreach my $action_pending (@{$self->{tagrun_actions}{$tag}}) { if ($action_pending) { $self->{tagrun_actions}{$tag}[$action_ind] = 0; if ($self->{tagrun_tagscnt}[$action_ind] <= 0) { # should not happen, warn and ignore warn "tagrun error: count for $action_ind is ". $self->{tagrun_tagscnt}[$action_ind]."\n"; } elsif (! --($self->{tagrun_tagscnt}[$action_ind])) { my($code,@args) = @{$self->{tagrun_subs}[$action_ind]}; dbg("check: tagrun - tag %s unblocking the action %s: %s", $tag, $action_ind, join(', ',$code,@args)); &$code($self, @args); } } $action_ind++; } } } # debugging aid: show actions that are still pending, waiting for their # tags to receive a value # sub report_unsatisfied_actions { my($self) = @_; my @tags; @tags = keys %{$self->{tagrun_actions}} if ref $self->{tagrun_actions}; for my $tag (@tags) { my @pending_actions = grep($self->{tagrun_actions}{$tag}[$_], (0 .. $#{$self->{tagrun_actions}{$tag}})); dbg("check: tagrun - tag %s is still blocking action %s", $tag, join(', ', @pending_actions)) if @pending_actions; } } =item $status->set_tag($tagname, $value) Set a template tag, as used in C<add_header>, report templates, etc. This API is intended for use by plugins. Tag names will be converted to an all-uppercase representation internally. Tag names must consist only of [A-Z0-9_] characters and must not contain consecutive underscores. Also the name must not start or end in an underscore, as that is the template tagging format. C<$value> can be a simple scalar (string or number), or a reference to an array, in which case the public method get_tag will join array elements using a space as a separator, returning a single string for backward compatibility. C<$value> can also be a subroutine reference, which will be evaluated each time the template is expanded. The first argument passed by get_tag to a called subroutine will be a PerMsgStatus object (this module's object), followed by optional arguments provided by a caller to get_tag. Note that perl supports closures, which means that variables set in the caller's scope can be accessed inside this C<sub>. For example: my $text = "hello world!"; $status->set_tag("FOO", sub { my $pms = shift; return $text; }); See C<Mail::SpamAssassin::Conf>'s C<TEMPLATE TAGS> and C<CAPTURING TAGS USING REGEX NAMED CAPTURE GROUPS> sections for more details on how template tags are used. =cut sub set_tag { my($self,$tag,$val) = @_; $self->{tag_data}->{uc $tag} = $val; $self->tag_is_ready($tag); } # public API for plugins =item $string = $status->get_tag($tagname) Get the current value of a template tag, as used in C<add_header>, report templates, etc. This API is intended for use by plugins. Tag names will be converted to an all-uppercase representation internally. See C<Mail::SpamAssassin::Conf>'s C<TEMPLATE TAGS> and C<CAPTURING TAGS USING REGEX NAMED CAPTURE GROUPS> sections for more details on how template tags are used. C<undef> will be returned if a tag by that name has not been defined. =cut sub get_tag { my($self, $tag, @args) = @_; return if !defined $tag; # handle TAGNAME(args) format local($1); if ($tag =~ s/\((.*?)\)$//) { @args = ($1); } $tag = uc $tag; my $data; if (exists $common_tags{$tag}) { # tag data from traditional pre-defined tag subroutines $data = $common_tags{$tag}; $data = $data->($self,@args) if ref $data eq 'CODE'; $data = join(' ',@$data) if ref $data eq 'ARRAY'; $data = "" if !defined $data; } elsif (exists $self->{tag_data}->{$tag}) { # tag data comes from $self->{tag_data}->{TAG}, typically from plugins $data = $self->{tag_data}->{$tag}; $data = $data->($self,@args) if ref $data eq 'CODE'; $data = join(' ',@$data) if ref $data eq 'ARRAY'; $data = "" if !defined $data; } return $data; } =item $string = $status->get_tag_raw($tagname, @args) Similar to C<get_tag>, but keeps a tag name unchanged (does not uppercase it), and does not convert arrayref tag values into a single string. =cut sub get_tag_raw { my($self, $tag, @args) = @_; return if !defined $tag; # handle TAGNAME(args) format local($1); if ($tag =~ s/\((.*?)\)$//) { @args = ($1); } my $data; if (exists $common_tags{$tag}) { # tag data from traditional pre-defined tag subroutines $data = $common_tags{$tag}; $data = $data->($self,@args) if ref $data eq 'CODE'; $data = "" if !defined $data; } elsif (exists $self->{tag_data}->{$tag}) { # tag data comes from $self->{tag_data}->{TAG}, typically from plugins $data = $self->{tag_data}->{$tag}; $data = $data->($self,@args) if ref $data eq 'CODE'; $data = "" if !defined $data; } return $data; } ########################################################################### # public API for plugins =item $status->set_spamd_result_item($subref) Set an entry for the spamd result log line. C<$subref> should be a code reference for a subroutine which will return a string in C<'name=VALUE'> format, similar to the other entries in the spamd result line: Jul 17 14:10:47 radish spamd[16670]: spamd: result: Y 22 - ALL_NATURAL, DATE_IN_FUTURE_03_06,DIET_1,DRUGS_ERECTILE,DRUGS_PAIN, TEST_FORGED_YAHOO_RCVD,TEST_INVALID_DATE,TEST_NOREALNAME, TEST_NORMAL_HTTP_TO_IP,UNDISC_RECIPS scantime=0.4,size=3138,user=jm, uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1, rport=33153,mid=<9PS291LhupY>,autolearn=spam C<name> and C<VALUE> must not contain C<=> or C<,> characters, as it is important that these log lines are easy to parse. The code reference will be called by spamd after the message has been scanned, and the C<PerMsgStatus::check()> method has returned. =cut sub set_spamd_result_item { my ($self, $ref) = @_; push @{$self->{spamd_result_log_items}}, $ref; } # called by spamd sub get_spamd_result_log_items { my ($self) = @_; my @ret; foreach my $ref (@{$self->{spamd_result_log_items}}) { push @ret, &$ref; } return @ret; } ########################################################################### sub _get_tag_value_for_yesno { my($self, $arg) = @_; my($arg_spam, $arg_ham); ($arg_spam, $arg_ham) = split(/,/, $arg, 2) if defined $arg; return $self->{is_spam} ? (defined $arg_spam ? $arg_spam : 'Yes') : (defined $arg_ham ? $arg_ham : 'No'); } sub _get_tag_value_for_score { my ($self, $pad) = @_; my $score = sprintf("%2.1f", $self->{score}); my $rscore = $self->_get_tag_value_for_required_score(); #Change due to bug 6419 to use Util function for consistency with spamd #and PerMessageStatus $score = Mail::SpamAssassin::Util::get_tag_value_for_score($score, $rscore, $self->{is_spam}); #$pad IS PROVIDED BY THE _SCORE(PAD)_ tag if (defined $pad && $pad =~ /^(0+| +)$/) { my $count = length($1) + 3 - length($score); $score = (substr($pad, 0, $count) . $score) if $count > 0; } return $score; } sub _get_tag_value_for_required_score { my $self = shift; return sprintf("%2.1f", $self->{conf}->{required_score}); } ########################################################################### =item $status->finish () Indicate that this C<$status> object is finished with, and can be destroyed. If you are using SpamAssassin in a persistent environment, or checking many mail messages from one C<Mail::SpamAssassin> factory, this method should be called to ensure Perl's garbage collection will clean up old status objects. =cut sub finish { my ($self) = @_; $self->{main}->call_plugins ("per_msg_finish", { permsgstatus => $self }); $self->report_unsatisfied_actions(); # Clean up temporary methods foreach my $method (@TEMPORARY_METHODS) { if (defined &{$method}) { undef &{$method}; } } @TEMPORARY_METHODS = (); # clear for next time %TEMPORARY_EVAL_GLUE_METHODS = (); # Delete out all of the members of $self. This will remove any direct # circular references and let the memory get reclaimed while also being more # efficient than a foreach() loop over the keys. %{$self} = (); } # Deprecated for clarity, only Plugins have this function sub finish_tests {} ########################################################################### =item $name = $status->get_current_eval_rule_name() Return the name of the currently-running eval rule. C<undef> is returned if no eval rule is currently being run. Useful for plugins to determine the current rule name while inside an eval test function call. =cut sub get_current_eval_rule_name { my ($self) = @_; return $self->{current_rule_name}; } ########################################################################### sub extract_message_metadata { my ($self) = @_; my $timer = $self->{main}->time_method("extract_message_metadata"); $self->{msg}->extract_message_metadata($self); foreach my $item (qw( relays_trusted relays_trusted_str num_relays_trusted relays_untrusted relays_untrusted_str num_relays_untrusted relays_internal relays_internal_str num_relays_internal relays_external relays_external_str num_relays_external num_relays_unparseable last_trusted_relay_index last_internal_relay_index )) { $self->{$item} = $self->{msg}->{metadata}->{$item}; } # International domain names (UTF-8) must be converted to ASCII-compatible # encoding (ACE) for the purpose of setting the SENDERDOMAIN and AUTHORDOMAIN # tags (explicitly required for DMARC, RFC 7489) # { local $1; my $host = ($self->get('EnvelopeFrom:first:addr:host'))[0]; # collect a FQDN, ignoring potential trailing WSP if (defined $host) { my $d = idn_to_ascii($host); $self->set_tag('SENDERDOMAIN', $d); $self->{msg}->put_metadata("X-SenderDomain", $d); dbg("metadata: X-SenderDomain: %s", $d); } my @from_doms; my %seen; foreach ($self->get('From:addr:host')) { next if $seen{$_}++; my $d = idn_to_ascii($_); push @from_doms, $d; } if (@from_doms) { $self->set_tag('AUTHORDOMAIN', @from_doms > 1 ? \@from_doms : $from_doms[0]); my $d = join(" ", @from_doms); $self->{msg}->put_metadata("X-AuthorDomain", $d); dbg("metadata: X-AuthorDomain: %s", $d); } } $self->set_tag('RELAYSTRUSTED', $self->{relays_trusted_str}); $self->set_tag('RELAYSUNTRUSTED', $self->{relays_untrusted_str}); $self->set_tag('RELAYSINTERNAL', $self->{relays_internal_str}); $self->set_tag('RELAYSEXTERNAL', $self->{relays_external_str}); $self->set_tag('LANGUAGES', $self->{msg}->get_metadata("X-Languages")); # This should happen before we get called, but just in case. if (!defined $self->{msg}->{metadata}->{html}) { $self->get_decoded_stripped_body_text_array(); } $self->{html} = $self->{msg}->{metadata}->{html}; $self->{html_all} = $self->{msg}->{metadata}->{html_all}; # allow plugins to add more metadata, read the stuff that's there, etc. $self->{main}->call_plugins ("parsed_metadata", { permsgstatus => $self }); } ########################################################################### =item $status->get_decoded_body_text_array () Returns the message body, with B<base64> or B<quoted-printable> encodings decoded, and non-text parts or non-inline attachments stripped. This is the same result text as used in 'rawbody' rules. It is returned as an array of strings, with each string being a 2-4kB chunk of the body, split from boundaries if possible. =cut sub get_decoded_body_text_array { return $_[0]->{msg}->get_decoded_body_text_array(); } =item $status->get_decoded_stripped_body_text_array () Returns the message body, decoded (as described in get_decoded_body_text_array()), with HTML rendered, and with whitespace normalized. This is the same result text as used in 'body' rules. It will always render text/html. It is returned as an array of strings, with each string representing one 'paragraph'. Paragraphs, in plain-text mails, are double-newline-separated blocks of multi-line text. =cut sub get_decoded_stripped_body_text_array { return $_[0]->{msg}->get_rendered_body_text_array(); } ########################################################################### =item $status->get (header_name [, default_value]) Returns a message header, pseudo-header or a real name, email-address or some other parsed value set by modifiers. C<header_name> is the name of a mail header, such as 'Subject', 'To', etc. Should be called in list context since 4.0. Will return list of headers content, or other values when modifiers used. If C<default_value> is given, it will be used if the requested C<header_name> does not exist. This is mainly useful when called in scalar context to set 'undef' instead of legacy '' return value when header does not exist. Appending C<:raw> modifier to the header name will inhibit decoding of quoted-printable or base-64 encoded strings. Appending C<:addr> modifier to the header name will return all email-addresses found in the header. It is mainly applicable to header fields 'From', 'Sender', 'To', 'Cc' along with their 'Resent-*' counterparts, and the 'Return-Path'. For example, all of the following will result in "example@foo" (and "example@bar"): =over 4 =item example@foo =item example@foo (Foo Blah), <example@bar> =item example@foo, example@bar =item display: example@foo (Foo Blah), example@bar ; =item Foo Blah <example@foo> =item "Foo Blah" <example@foo> =item "'Foo Blah'" <example@foo> =back Appending C<:name> modifier to the header name will return all "display names" from the header field. As with C<:addr>, it is mainly applicable to header fields 'From', 'Sender', 'To', 'Cc' along with their 'Resent-*' counterparts, and the 'Return-Path'. For example, all of the following will result in "Foo Blah" (and "Bar Baz"). One level of single quotes is stripped too, as it is often seen. =over 4 =item example@foo (Foo Blah) =item example@foo (Foo Blah), "Bar Baz" <example@bar> =item display: example@foo (Foo Blah), example@bar ; =item Foo Blah <example@foo> =item "Foo Blah" <example@foo> =item "'Foo Blah'" <example@foo> =back Appending C<:host> to the header name will return the first hostname-looking string that ends with a valid TLD. First it tries to find a match after @ character (possible email), then from any part of the header. Normal use of this would be for example 'From:addr:host' to return the hostname portion of a From-address. Appending C<:domain> to the header name implies C<:host>, but will return only domain part of the hostname, as returned by RegistryBoundaries::trim_domain(). Appending C<:ip> to the header name, will return the first IPv4 or IPv6 address string found. Could be used for example as 'X-Originating-IP:ip'. Appending C<:revip> to the header name implies C<:ip>, but will return the found IP in reverse (usually for DNSBL usage). Appending C<:first> modifier to the header name will return only the first (topmost) header, in case there are multiple ones. Similarly C<:last> will select the last one. These affect only the physical header line selection. If selected header is parsed further with C<:addr> or similar, it may return multiple results, if the selected header contains multiple addresses. There are several special pseudo-headers that can be specified: =over 4 =item C<ALL> can be used to mean the text of all the message's headers. Each header is decoded and unfolded to single line, unless called with :raw. =item C<ALL-TRUSTED> can be used to mean the text of all the message's headers that could only have been added by trusted relays. =item C<ALL-INTERNAL> can be used to mean the text of all the message's headers that could only have been added by internal relays. =item C<ALL-UNTRUSTED> can be used to mean the text of all the message's headers that may have been added by untrusted relays. To make this pseudo-header more useful for header rules the 'Received' header that was added by the last trusted relay is included, even though it can be trusted. =item C<ALL-EXTERNAL> can be used to mean the text of all the message's headers that may have been added by external relays. Like C<ALL-UNTRUSTED> the 'Received' header added by the last internal relay is included. =item C<ToCc> can be used to mean the contents of both the 'To' and 'Cc' headers. =item C<EnvelopeFrom> is the address used in the 'MAIL FROM:' phase of the SMTP transaction that delivered this message, if this data has been made available by the SMTP server. =item C<MESSAGEID> is a symbol meaning all Message-Id's found in the message; some mailing list software moves the real 'Message-Id' to 'Resent-Message-Id' or 'X-Message-Id', then uses its own one in the 'Message-Id' header. The value returned for this symbol is the text from all 3 headers, separated by newlines. =item C<X-Spam-Relays-Untrusted> is the generated metadata of untrusted relays the message has passed through =item C<X-Spam-Relays-Trusted> is the generated metadata of trusted relays the message has passed through =item C<X-Spam-Relays-External> is the generated metadata of external relays the message has passed through =item C<X-Spam-Relays-Internal> is the generated metadata of internal relays the message has passed through =back =cut # only uses two arguments, ignores $defval sub _get { my ($self, $request) = @_; my @results; my $getaddr = 0; my $getname = 0; my $getraw = 0; my $needraw = 0; my $gethost = 0; my $getdomain = 0; my $getip = 0; my $getrevip = 0; my $getfirst = 0; my $getlast = 0; # special queries - process and strip modifiers if (index($request,':') >= 0) { # triage local $1; while ($request =~ s/:([^:]*)//) { if ($1 eq 'raw') { $getraw = 1 } elsif ($1 eq 'addr') { $getaddr = $needraw = 1 } elsif ($1 eq 'name') { $getname = $needraw = 1 } elsif ($1 eq 'host') { $gethost = 1 } elsif ($1 eq 'domain') { $gethost = $getdomain = 1 } elsif ($1 eq 'ip') { $getip = 1 } elsif ($1 eq 'revip') { $getip = $getrevip = 1 } elsif ($1 eq 'first') { $getfirst = 1 } elsif ($1 eq 'last') { $getlast = 1 } } } my $request_lc = lc $request; # ALL: entire pristine or semi-raw headers if ($request eq 'ALL') { if ($getraw) { @results = $self->{msg}->get_pristine_header() =~ /^([^ \t].*?\n)(?![ \t])/smgi; } else { @results = $self->{msg}->get_all_headers(0); } return \@results; } # ALL-TRUSTED: entire trusted raw headers elsif ($request eq 'ALL-TRUSTED') { # '+1' since we added the received header even though it's not considered # trusted, so we know that those headers can be trusted too @results = $self->get_all_hdrs_in_rcvd_index_range( undef, $self->{last_trusted_relay_index}+1, undef, undef, $getraw); return \@results; } # ALL-INTERNAL: entire internal raw headers elsif ($request eq 'ALL-INTERNAL') { # '+1' for the same reason as in ALL-TRUSTED above @results = $self->get_all_hdrs_in_rcvd_index_range( undef, $self->{last_internal_relay_index}+1, undef, undef, $getraw); return \@results; } # ALL-UNTRUSTED: entire untrusted raw headers elsif ($request eq 'ALL-UNTRUSTED') { # '+1' for the same reason as in ALL-TRUSTED above @results = $self->get_all_hdrs_in_rcvd_index_range( $self->{last_trusted_relay_index}+1, undef, undef, undef, $getraw); return \@results; } # ALL-EXTERNAL: entire external raw headers elsif ($request eq 'ALL-EXTERNAL') { # '+1' for the same reason as in ALL-TRUSTED above @results = $self->get_all_hdrs_in_rcvd_index_range( $self->{last_internal_relay_index}+1, undef, undef, undef, $getraw); return \@results; } # EnvelopeFrom: the SMTP MAIL FROM: address elsif ($request_lc eq "\LEnvelopeFrom") { push @results, $self->get_envelope_from(); } # untrusted relays list, as string elsif ($request_lc eq "\LX-Spam-Relays-Untrusted") { push @results, $self->{relays_untrusted_str}; } # trusted relays list, as string elsif ($request_lc eq "\LX-Spam-Relays-Trusted") { push @results, $self->{relays_trusted_str}; } # external relays list, as string elsif ($request_lc eq "\LX-Spam-Relays-External") { push @results, $self->{relays_external_str}; } # internal relays list, as string elsif ($request_lc eq "\LX-Spam-Relays-Internal") { push @results, $self->{relays_internal_str}; } # ToCc: the combined recipients list elsif ($request_lc eq "\LToCc") { push @results, $self->{msg}->get_header('To', $getraw); push @results, $self->{msg}->get_header('Cc', $getraw); } # MESSAGEID: handle lists which move the real message-id to another # header for resending. elsif ($request eq 'MESSAGEID') { push @results, grep { defined($_) && $_ ne '' } ( $self->{msg}->get_header('X-Message-Id', $getraw), $self->{msg}->get_header('Resent-Message-Id', $getraw), $self->{msg}->get_header('X-Original-Message-ID', $getraw), $self->{msg}->get_header('Message-Id', $getraw)); } # a conventional header else { my @res = $getraw||$needraw ? $self->{msg}->raw_header($request) : $self->{msg}->get_header($request); if (!@res) { if (defined(my $m = $self->{msg}->get_metadata($request))) { push @res, $m; } } push @results, @res if @res; } # Nothing found to process further, bail out quick if (!@results) { return \@results; } # Continue processing only first (topmost) or last header if ($getfirst) { @results = ($results[0]); } elsif ($getlast) { @results = ($results[-1]); } # special addr/name if ($getaddr || $getname) { my @res; foreach my $line (@results) { next unless defined $line; # Note: parse_header_addresses always called with raw undecoded value # Skip invalid addresses here my @addrs = parse_header_addresses($line); if (@addrs) { if ($getaddr) { foreach my $addr (@addrs) { push @res, $addr->{address} if defined $addr->{address}; } } elsif ($getname) { foreach my $addr (@addrs) { next unless defined $addr->{phrase}; if ($getraw) { # phrase=name, could also be username or comment unless name found push @res, $addr->{phrase}; } else { # If :raw was not specifically asked, decode mimewords # TODO: silly call to Node module, should probably be in Util my $decoded = Mail::SpamAssassin::Message::Node::_decode_header( $addr->{phrase}, "PMS:get:$request"); # Normalize whitespace, unless it's all white-space if ($decoded =~ /\S/) { $decoded =~ s/\s+/ /gs; $decoded =~ s/^\s+//; $decoded =~ s/\s+$//; $decoded =~ s/^'(.*?)'$/$1/; # remove single quotes } push @res, $decoded if defined $decoded; } } } } } @results = @res; } # special host/domain if (@results && ($gethost || $getdomain || $getip)) { my @res; if ($gethost) { # TODO: IDN matching needs honing my $tldsRE = $self->{main}->{registryboundaries}->{valid_tlds_re}; #my $hostRE = qr/(?<![._-])\b([a-z\d][a-z\d._-]{0,251}\.${tldsRE})\b(?![._-])/i; my $hostRE = qr/(?<![._-])(\S{1,251}\.${tldsRE})(?![._-])/i; foreach my $line (@results) { next unless defined $line; my $host; if ($getaddr) { # If :addr already preparsed the line, just grab domain liberally if ($line =~ /.*\@(\S+)/) { $host = $1; } } else { # try grabbing email/msgid domain first, because user part might look like # a valid host.. if ($line =~ /.*\@${hostRE}/i) { if (is_fqdn_valid(idn_to_ascii($1), 1)) { $host = $1; } } # otherwise try hard to find a valid host if (!$host) { while ($line =~ /${hostRE}/ig) { if (is_fqdn_valid(idn_to_ascii($1), 1)) { $host = $1; last; } } } } if ($host) { if ($getdomain) { $host = $self->{main}->{registryboundaries}->trim_domain($host, 1); } push @res, $host; } } } else { my $ipRE = qr/(?<!\.)\b(${IP_ADDRESS})\b(?!\.)/; foreach my $line (@results) { next unless defined $line; my $host; if ($line =~ $ipRE) { $host = $getrevip ? reverse_ip_address($1) : $1; } push @res, $host if defined $host; } } @results = @res; } return \@results; } # optimized for speed # $_[0] is self # $_[1] is request # $_[2] is defval sub get { my $cache = $_[0]->{get_cache}; my $found = []; if (exists $cache->{$_[1]}) { # return cache entry if it is known # (measured hit/attempts rate on a production mailer is about 47%) $found = $cache->{$_[1]}; } else { # fill in a cache entry $found = _get(@_); # filter out undefined @$found = grep { defined } @$found; $cache->{$_[1]} = $found; } # if the requested header wasn't found, we should return a default value # as specified by the caller: if defval argument is present it represents # a default value even if undef; if defval argument is absent a default # value is an empty string for upwards compatibility if (@$found) { # new list context usage in 4.0, return all values always if (wantarray) { return @$found; } # legacy scalar context expected only single return value for some # queries, without a newline if ($_[1] =~ /:(?:addr|name|host|domain|ip|revip)\b/ || $_[1] eq 'EnvelopeFrom') { my $res = $found->[0]; $res =~ s/\n\z$//; return $res; } else { return join('', @$found); } } elsif (@_ > 2) { return wantarray ? ($_[2]) : $_[2]; } else { return wantarray ? () : ''; } } ########################################################################### # uri parsing from plain text: # The goals are to find URIs in plain text spam that are intended to be clicked on or copy/pasted, but # ignore random strings that might look like URIs, for example in uuencoded files, and to ignore # URIs that spammers might seed in spam in ways not visible or clickable to add work to spam filters. # When we extract a domain and look it up in an RBL, an FP on deciding that the text is a URI is not much # of a problem, as the only cost is an extra RBL lookup. The same FP is worse if the URI is used in matching rule # because it could lead to a rule FP, as in bug 5780 with WIERD_PORT matching random uuencoded strings. # The principles of the following code are 1) if ThunderBird or Outlook Express would linkify a string, # then we should attempt to parse it as a URI; 2) Where TBird and OE parse differently, choose to do what is most # likely to find a domain for the RBL tests; 3) If it begins with a scheme or www\d*\. or ftp\. assume that # it is a URI; 4) If it does not then require that the start of the string looks like a FQDN with a valid TLD; # 5) Reject strings that after parsing, URLDecoding, and redirection processing don't have a valid TLD # # We get the entire URI that would be linkified before dealing with it, in order to do the right thing # with URI-encodings and redirecting URIs. # # The delimiters for start of a URI in TBird are @(`{|[\"'<>,\s in OE they are ("<\s # # Tbird allows .,?';-! in a URI but ignores [.,?';-!]* at the end. # TBird's end delimiters are )`{}|[]"<>\s but ) is only an end delmiter if there is no ( in the URI # OE only uses space as a delimiter, but ignores [~!@#^&*()_+`-={}|[]:";'<>?,.]* at the end. # # Both TBird and OE decide that a URI is an email address when there is '@' character embedded in it. # TBird has some additional restrictions on email URIs: They cannot contain non-ASCII characters and their end # delimiters include ( and ' # # bug 4522: ISO2022 format mail, most commonly Japanese SHIFT-JIS, inserts a three character escape sequence ESC ( . sub _tbirdurire { my ($self) = @_; # Cached? return $self->{tbirdurire} if exists $self->{tbirdurire}; # a hybrid of tbird and oe's version of uri parsing my $tbirdstartdelim = '><"\'`,{[(|\s' . "\x1b\xa0"; # The \x1b as per bug 4522 # \xa0 (nbsp) added 7/2019 my $iso2022shift = "\x1b" . '\(.'; # bug 4522 my $tbirdenddelim = '><"`}\]{[|\s' . "\x1b\xa0"; # The \x1b as per bug 4522 # \xa0 (nbsp) added 7/2019 my $nonASCII = '\x80-\xff'; # schemeless uri start delimiter, combo of most punctuations and delims above my $scstartdelim = qr/[\!\"\#\$\&\'\(\)\*\+\,\/\:\;\<\=\>\?\@\[\\\]\^\`\{\|\}\~\s\x1b\xa0]/; # bug 7100: we allow a comma to delimit the end of an email address because it will never appear in a domain name, and # it's a common thing to find in text my $tbirdenddelimemail = $tbirdenddelim . ',(\'' . $nonASCII; # tbird ignores non-ASCII mail addresses for now, until RFC changes my $tbirdenddelimplusat = $tbirdenddelimemail . '@'; # valid TLDs my $tldsRE = $self->{main}->{registryboundaries}->{valid_tlds_re}; # knownscheme regexp looks for either a https?: or ftp: scheme, or www\d*\. or ftp\. prefix, i.e., likely to start a URL # schemeless regexp looks for a valid TLD at the end of what may be a FQDN, followed by optional ., optional :portnum, optional /rest_of_uri my $urischemeless = qr/([a-z\d][a-z\d._-]{0,251}\.${tldsRE})\.?(?::\d{1,5})?(?:\/[^$tbirdenddelim]{1,2048})?/i; my $uriknownscheme = qr/(?:(?:https?|ftp):\/\/|(?:www\d{0,2}|ftp)\.)[^$tbirdenddelim]{1,2048}/i; my $urimailscheme = qr/(?:mailto:[^$tbirdenddelimemail]{1,2048}|[^$tbirdenddelimplusat]{1,251}\@[^$tbirdenddelimemail]{1,251})/i; $self->{tbirdurire} = qr/(?:\b|(?<=$iso2022shift)|(?<=[$tbirdstartdelim])) (?:(?:($uriknownscheme)(?=(?:[$tbirdenddelim]|\z))) | (?:($urimailscheme)(?=(?:[$tbirdenddelimemail]|\z))) | (?:(?:^|(?<=$scstartdelim))($urischemeless)(?=(?:[$tbirdenddelim]|\z))))/ix; return $self->{tbirdurire}; } =item $status->get_uri_list () Returns an array of all unique URIs found in the message. It takes a combination of the URIs found in the rendered (decoded and HTML stripped) body and the URIs found when parsing the HTML in the message. Will also set $status->{uri_list} (the array as returned by this function). The returned array will include the "raw" URI as well as "slightly cooked" versions. For example, the single URI 'http://%77w%77.example.com/' will get turned into: ( 'http://%77w%77.example.com/', 'http://www.example.com/' ) =cut sub get_uri_list { my ($self) = @_; # use cached answer if available if (exists $self->{uri_list}) { return @{$self->{uri_list}}; } my %uris; # $self->{redirect_num} = 0; # get URIs from text/HTML parsing while(my($uri, $info) = each %{ $self->get_uri_detail_list() }) { if ($info->{cleaned}) { foreach (@{$info->{cleaned}}) { $uris{$_} = 1; # count redirection attempts and log it # if (my @http = m{\b(https?:/{0,2})}gi) { # $self->{redirect_num} = $#http if ($#http > $self->{redirect_num}); # } } } } @{$self->{uri_list}} = keys %uris; # $self->set_tag('URILIST', @uris == 1 ? $uris[0] : \@uris) if @uris; return @{$self->{uri_list}}; } =item $status->get_uri_detail_list () Returns a hash reference of all unique URIs found in the message and various data about where the URIs were found in the message. It takes a combination of the URIs found in the rendered (decoded and HTML stripped) body and the URIs found when parsing the HTML in the message. Will also set $status->{uri_detail_list} (the hash reference as returned by this function). The hash format looks something like this: raw_uri => { types => { a => 1, img => 1, parsed => 1, domainkeys => 1, unlinked => 1, schemeless => 1 }, cleaned => [ canonicalized_uri ], anchor_text => [ "click here", "no click here" ], domains => { domain1 => 1, domain2 => 1 }, hosts => { host1 => domain1, host2 => domain2 }, } C<raw_uri> is whatever the URI was in the message itself (http://spamassassin.apache%2Eorg/). Uris parsed from text will be prefixed with scheme if missing (http://, mailto: etc). HTML uris are as found. C<types> is a hash of the HTML tags (lowercase) which referenced the raw_uri. I<parsed> is a faked type which specifies that the raw_uri was seen in the rendered text. I<domainkeys> is defined when raw_uri was found from DK/DKIM d= field. I<unlinked> is defined when it's assumed that MUA will not linkify uri (found in body without scheme or www. prefix). I<schemeless> is always added for uris without scheme, regardless of linkifying (i.e. email address found in body without mailto:). C<cleaned> is an array of the raw and canonicalized version of the raw_uri (http://spamassassin.apache%2Eorg/, https://spamassassin.apache.org/). C<anchor_text> is an array of the anchor text (text between <a> and </a>), if any, which linked to the URI. C<domains> is a hash of the domains found in the canonicalized URIs. C<hosts> is a hash of unstripped hostnames found in the canonicalized URIs as hash keys, with their domain part stored as a value of each hash entry. =cut sub get_uri_detail_list { my ($self) = @_; # process only once, use unique uri_detail_list_run flag, # in case add_uri_detail_list has already been called if ($self->{uri_detail_list_run}) { return $self->{uri_detail_list}; } $self->{uri_detail_list_run} = 1; my $timer = $self->{main}->time_method("get_uri_detail_list"); # process text parsed uris $self->_process_text_uri_list(); # process html uris $self->_process_html_uri_list(); # process dkim uris $self->_process_dkim_uri_list(); return $self->{uri_detail_list}; } sub _process_text_uri_list { my ($self) = @_; # Use decoded stripped body, which does not contain HTML my $textary = $self->get_decoded_stripped_body_text_array(); my $tbirdurire = $self->_tbirdurire; my %seen; my $would_log_uri_all = would_log('dbg', 'uri-all') == 2; # cache foreach my $text (@$textary) { # a workaround for [perl #69973] bug: # Invalid and tainted utf-8 char crashes perl 5.10.1 in regexp evaluation # Bug 6225, regexp and string should both be utf8, or none of them; # untainting string also seems to avoid the crash # # Bug 6225: untaint the string in an attempt to work around a perl crash local $_ = untaint_var($text); local($1,$2,$3); while (/$tbirdurire/igo) { my $rawuri = $1||$2||$3; my $schost = $4; my $rawtype = defined $1 ? 'scheme' : defined $2 ? 'mail' : 'schemeless'; $rawuri =~ s/(^[^(]*)\).*$/$1/; # as per ThunderBird, ) is an end delimiter if there is no ( preceding it $rawuri =~ s/[-~!@#^&*()_+=:;\'?,.]*$//; # remove trailing string of punctuations that TBird ignores next if exists $seen{$rawuri}; $seen{$rawuri} = 1; # Ignore bogus mail captures (@ might have been trimmed from the end above..) next if $rawtype eq 'mail' && index($rawuri, '@') == -1; dbg("uri: found rawuri from text ($rawtype): $rawuri") if $would_log_uri_all; # Quick ignore if schemeless host not valid next if defined $schost && !is_fqdn_valid($schost, 1); # Ignore cid: mid: as they can be mistaken for emails, # these should not be parsed from stripped body in any case. # Example: [cid:image001.png@01D4986E.E3459640] next if $rawuri =~ /^[cm]id:/i; # Ignore empty uris next if $rawuri =~ /^\w+:\/{0,2}$/i; my $types = {parsed => 1}; # If it's a hostname that was just sitting out in the # open, without a protocol, and not inside of an HTML tag, # the we should add the proper protocol in front, rather # than using the base URI. my $uri = $rawuri; if ($uri !~ /^(?:https?|ftp|mailto):/i) { if ($uri =~ /^ftp\./i) { $uri = "ftp://$uri"; } elsif ($uri =~ /^www\d{0,2}\./i) { $uri = "http://$uri"; } elsif ($uri =~ /\/.+\@/) { # if a "/" is found before @ it cannot be a valid email address $uri = "http://$uri"; } elsif (index($uri, '@') != -1) { # This is not linkified by MUAs: foo@bar%2Ecom # This IS linkified: foo@bar%2Ebar.com # And this is linkified: foo@bar%2Ecom?foo.com&bar (woot??) # And this is linkified with Outlook: foo@bar%2Ecom&foo (woot??) # ... # Skip if no dot found after @, tested without urldecoding, # quick skip for crap like Vi@gra. next unless $uri =~ /\@.+?\./; next if index($uri, ' ') != -1; # ignore garbled $uri =~ s/^(?:skype|e?-?mail)?:+//i; # strip common misparses $uri = "mailto:$uri"; } else { # some spammers are using unschemed URIs to escape filters # flag that this is a URI that MUAs don't linkify so only use for RBLs # (TODO: why only use for RBLs?? why not uri rules? Use tflags to choose?) next if index($uri, '.') == -1; # skip unless dot found, garbage $uri = "http://$uri"; $types->{unlinked} = 1; } # Mark any of those schemeless $types->{schemeless} = 1; } if ($uri =~ /^mailto:/i) { # MUAs linkify and urldecode mailto:foo%40bar%2Fcom $uri = Mail::SpamAssassin::Util::url_encode($uri) if $uri =~ /\%[0-9a-f]{2}/i; # Skip unless @ found after decoding, then check tld is valid next unless $uri =~ /\@([^?&>]*)/; my $host = $1; $host =~ s/(?:\%20)+$//; # strip trailing %20 from host next unless $self->{main}->{registryboundaries}->is_domain_valid($host); } dbg("uri: parsed uri from text ($rawtype): $uri") if $would_log_uri_all; $self->add_uri_detail_list($uri, $types, 'parsed', 1); } } } sub _process_html_uri_list { my ($self) = @_; # get URIs from HTML parsing # use the metadata version since $self->{html_all} may not be setup foreach my $html (@{$self->{msg}->{metadata}->{html_all}}) { my $detail = $html->{uri_detail} || { }; $self->{'uri_truncated'} = 1 if $html->{uri_truncated}; # canonicalize the HTML parsed URIs while(my($uri, $info) = each %{ $detail }) { if ($self->add_uri_detail_list($uri, $info->{types}, 'html', 0)) { # Need also to copy and uniq anchor text if (exists $info->{anchor_text}) { my %seen; foreach (grep { !$seen{$_}++ } @{$info->{anchor_text}}) { push @{$self->{uri_detail_list}->{$uri}->{anchor_text}}, $_; } } } } } } sub _process_dkim_uri_list { my ($self) = @_; # This parses of DKIM for URIs disagrees with documentation and bug 6700 votes to disable # this functionality # 2013-01-07 # This functionality is re-enabled as a configuration option disabled by # default (bug 7087) # 2014-10-06 # Look for the domain in DK/DKIM headers if ($self->{conf}->{parse_dkim_uris}) { foreach my $dk ( $self->get('DomainKey-Signature'), $self->get('DKIM-Signature') ) { while ($dk =~ /\bd\s*=\s*([^;]+)/g) { my $d = $1; $d =~ s/\s+//g; # prefix with domainkeys: so it doesn't merge with identical keys $self->add_uri_detail_list("domainkeys:$d", {'domainkeys'=>1, 'nocanon'=>1, 'noclean'=>1}, 'domainkeys', 1); } } } } =item $status->add_uri_detail_list ($raw_uri, $types, $source, $valid_domain) Adds values to internal uri_detail_list. When used from Plugins, recommended to call from parsed_metadata (along with register_method_priority, -10) so other Plugins calling get_uri_detail_list() will see it. C<raw_uri> is the URI to be added. The only required parameter. C<types> is an optional hash reference, contents are added to uri_detail_list->{types} (see get_uri_detail_list for known keys). I<parsed> is default is no hash given. I<nocanon> does not run uri_list_canonicalize (no redirector, uri fixing). I<noclean> skips adding uri_detail_list->{cleaned}, so it would not be used in "uri" rule checks, but domain/hosts would still be used for URIBL/RBL purposes. C<source> is an optional simple string, only used for debug logging purposes to identify where uri originates from (default: "parsed"). C<valid_domain> is an optional boolean (0/1). If true, uri will not be added unless hostname/domain is in valid format and contains a valid TLD. (default: 0) =cut sub add_uri_detail_list { my ($self, $uri, $types, $source, $valid_domain) = @_; $types = {'parsed' => 1} unless defined $types; $source ||= 'parsed'; my (%domains, %hosts, %cleaned); my $udl = $self->{uri_detail_list}; dbg("uri: canonicalizing $source uri: $uri"); my @uris; if ($types->{nocanon}) { push @uris, $uri; } else { @uris = uri_list_canonicalize($self->{conf}->{redirector_patterns}, [$uri], $self->{main}->{registryboundaries}); } foreach my $cleanuri (@uris) { # Make sure all the URIs are nice and short if (length($cleanuri) > MAX_URI_LENGTH) { $self->{'uri_truncated'} = 1; $cleanuri = substr($cleanuri, 0, MAX_URI_LENGTH); } dbg("uri: cleaned uri: $cleanuri"); $cleaned{$cleanuri} = 1; my ($domain, $host) = $self->{main}->{registryboundaries}->uri_to_domain($cleanuri); if (defined $domain) { dbg("uri: added host: $host domain: $domain"); $domains{$domain} = 1; $hosts{$host} = $domain; } } # Bail out if no good uri found return unless %cleaned; # Bail out if no domains/hosts found? return if $valid_domain && !%domains; # Merge cleaned if (!$types->{noclean}) { if ($udl->{$uri}->{cleaned}) { $cleaned{$_} = 1 foreach (@{$udl->{$uri}->{cleaned}}); } @{$udl->{$uri}->{cleaned}} = keys %cleaned; } # Domains/hosts (there might not be any) $udl->{$uri}->{domains}->{$_} = 1 foreach keys %domains; $udl->{$uri}->{hosts}->{$_} = $hosts{$_} foreach keys %hosts; # Types $udl->{$uri}->{types}->{$_} = 1 foreach keys %$types; # Invalidate uri_list cache delete $self->{uri_list}; return 1; } ########################################################################### # Deprecated since 4.0, meta rules do not depend on priorities anymore sub ensure_rules_are_complete {} ########################################################################### # use a separate sub here, for brevity # called out of generated eval sub handle_eval_rule_errors { my ($self, $rulename) = @_; warn "rules: failed to run $rulename test, skipping:\n\t($@)\n"; $self->{rule_errors}++; } sub register_plugin_eval_glue { my ($self, $function) = @_; if (!$function) { warn "rules: empty function name"; return; } # only need to call this once per fn (globally) return if exists $TEMPORARY_EVAL_GLUE_METHODS{$function}; $TEMPORARY_EVAL_GLUE_METHODS{$function} = undef; # return if it's not an eval_plugin function return if (!exists $self->{conf}->{eval_plugins}->{$function}); # return if it's been registered already return if ($self->can ($function) && defined &{'Mail::SpamAssassin::PerMsgStatus::'.$function}); my $evalstr = <<"ENDOFEVAL"; { package Mail::SpamAssassin::PerMsgStatus; sub $function { my (\$self) = shift; my \$plugin = \$self->{conf}->{eval_plugins}->{$function}; return \$plugin->$function (\$self, \@_); } 1; } ENDOFEVAL eval $evalstr . '; 1' ## no critic or do { my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; warn "rules: failed to compile method '$function': $eval_stat\n"; $self->{rule_errors}++; }; # ensure this method is deleted if finish() is called push (@TEMPORARY_METHODS, $function); } ########################################################################### =item $status->clear_test_state() DEPRECATED, UNNEEDED SINCE 4.0 =cut sub clear_test_state {} ########################################################################### # internal API, called only by got_hit() # TODO: refactor and merge this into that function sub _handle_hit { my ($self, $rule, $score, $area, $ruletype, $desc) = @_; $self->{main}->call_plugins ("hit_rule", { permsgstatus => $self, rulename => $rule, ruletype => $ruletype, score => $score }); # ignore meta-match sub-rules. if (index($rule, '__') == 0) { push(@{$self->{subtest_names_hit}}, $rule); return; } # this should not happen; warn about it if (!defined $score) { warn "rules: score undef for rule '$rule' in '$area' '$desc'"; return; } # this should not happen; warn about NaN (bug 3364) if ($score != $score) { warn "rules: score '$score' for rule '$rule' in '$area' '$desc'"; return; } # Add the rule hit to the score $self->{score} += $score; push(@{$self->{test_names_hit}}, $rule); # Save for report processing $self->{test_logs}->{$rule}->{area} = $area; $self->{test_logs}->{$rule}->{desc} = $desc; } sub _wrap_desc { my ($self, $desc, $firstlinelength, $prefix) = @_; my $firstline = " " x $firstlinelength; my $wrapped = Mail::SpamAssassin::Util::wrap($desc, $prefix, $firstline, $self->{conf}->{report_wrap_width}, 0); $wrapped =~ s/^\s+//s; $wrapped; } ########################################################################### =item $status->got_hit ($rulename, $desc_prepend [, name => value, ...]) Register a hit against a rule in the ruleset. There are two mandatory arguments. These are C<$rulename>, the name of the rule that fired, and C<$desc_prepend>, which is a short string that will be prepended to the rules C<describe> string in output reports. In addition, callers can supplement that with the following optional data: =over 4 =item score => $num Optional: the score to use for the rule hit. If unspecified, the value from the C<Mail::SpamAssassin::Conf> object's C<{scores}> hash will be used (a configured score), and in its absence the C<defscore> option value. =item defscore => $num Optional: the score to use for the rule hit if neither the option C<score> is provided, nor a configured score value is provided. =item value => $num Optional: the value to assign to the rule; the default value is C<1>. I<tflags multiple> rules use values of greater than 1 to indicate multiple hits. This value is accessible to meta rules. =item ruletype => $type Optional, but recommended: the rule type string. This is used in the C<hit_rule> plugin call, called by this method. If unset, I<'unknown'> is used. =item tflags => $string Optional: a string, i.e. a space-separated list of additional tflags to be appended to an existing list of flags in $self->{conf}->{tflags}, such as: "nice noautolearn multiple". No syntax checks are performed. =item description => $string Optional: a custom rule description string. This is used in the C<hit_rule> plugin call, called by this method. If unset, the static description is used. =back Backward compatibility: the two mandatory arguments have been part of this API since SpamAssassin 2.x. The optional I<name=<gt>value> pairs, however, are a new addition in SpamAssassin 3.2.0. =cut sub got_hit { my ($self, $rule, $area, %params) = @_; my $conf_ref = $self->{conf}; my $dynamic_score_provided; my $score = $params{score}; if (defined $score) { # overrides any configured scores $dynamic_score_provided = 1; } else { $score = $conf_ref->{scores}->{$rule}; $score = $params{defscore} if !defined $score; } # adding a hit does nothing if we don't have a score -- we probably # shouldn't have run it in the first place if (!$score) { return; } # ensure that rule values always result in an *increase* # of $self->{tests_already_hit}->{$rule}: my $value = $params{value}; if (!$value || $value <= 0) { $value = 1 } my $tflags_ref = $conf_ref->{tflags}; my $tflags_add = $params{tflags}; if (defined $tflags_add && $tflags_add ne '') { $_ = (!defined $_ || $_ eq '') ? $tflags_add : ($_ . ' ' . $tflags_add) for $tflags_ref->{$rule}; }; my $already_hit = $self->{tests_already_hit}->{$rule} || 0; # don't count hits multiple times, unless 'tflags multiple' is on if ($already_hit && ($tflags_ref->{$rule}||'') !~ /\bmultiple\b/) { return; } $self->rule_ready($rule, 1); # mark ready for metas $self->{tests_already_hit}->{$rule} = $already_hit + $value; # default ruletype, if not specified: $params{ruletype} ||= 'unknown'; if ($dynamic_score_provided) { # copy it to static for proper reporting $conf_ref->{scoreset}->[$_]->{$rule} = $score for (0..3); $conf_ref->{scores}->{$rule} = $score; } my $rule_descr = $params{description}; if (defined $rule_descr) { $conf_ref->{descriptions}->{$rule} = $rule_descr; # save dynamic descr. } else { $rule_descr = $conf_ref->get_description_for_rule($rule); # static } # Bug 6880 Set Rule Description to something that says no rule #$rule_descr = $rule if !defined $rule_descr || $rule_descr eq ''; $rule_descr = "No description available." if !defined $rule_descr || $rule_descr eq ''; if (defined $self->{conf}->{rewrite_header}->{Subject}) { my $rule_subjprefix = $conf_ref->{subjprefix}->{$rule}; if (defined $rule_subjprefix) { dbg("subjprefix: setting Subject prefix to $rule_subjprefix"); $self->{subjprefix} ||= ''; if (index($self->{subjprefix}, $rule_subjprefix) == -1) { $self->{subjprefix} .= $rule_subjprefix . " "; # save dynamic subject prefix. } } } $self->_handle_hit($rule, $score, $area, $params{ruletype}, $rule_descr); return 1; } =item $status->rule_ready ($rulename [, $no_async]) Mark an asynchronous rule ready, so it can be considered for meta rule evaluation. Asynchronous rule is a rule whose eval-function returns undef, marking that it's not ready yet, expecting results later. $status->rule_ready() must be called later to mark it ready, alternatively $status->got_hit() also does this. If neither is called, then any meta rule that depends on this rule might not evaluate. Optional boolean $no_async skips checking if there are pending async DNS lookups for the rule. =cut sub rule_ready { my ($self, $rule, $no_async) = @_; # Ready already? return if exists $self->{tests_already_hit}->{$rule}; if (!$no_async && $self->get_async_pending_rules($rule)) { # Can't be ready if there are pending DNS lookups, ignore for now. return; } # record rules that depend on this, so do_meta_tests will be run foreach (keys %{$self->{conf}->{meta_deprules}->{$rule}}) { $self->{meta_check_ready}->{$_} = 1; } # mark ready $self->{tests_already_hit}->{$rule} ||= 0; } ########################################################################### =item $status->test_log ($text [, $rulename]) Add $text log entry for a hit rule in final message REPORT/SUMMARY. Usually called just before got_hit(), to describe for example what URI the rule matched on. Optional <$rulename> argument is recommended to make sure log is written to correct rule. If rulename is not provided, get_current_eval_rule_name() is used as fallback. Can be called multiple times per rule for additional entries. =cut sub test_log { my ($self, $msg, $rulename) = @_; $rulename ||= $self->get_current_eval_rule_name(); return if !defined $rulename; push @{$self->{test_logs}->{$rulename}->{msg}}, $msg; } ########################################################################### # helper for get() sub get_envelope_from { my ($self) = @_; # Cached? return $self->{envelopefrom} if exists $self->{envelopefrom}; # bug 2142: # Get the SMTP MAIL FROM:, aka. the "envelope sender", if our # calling app has helpfully marked up the source message # with it. Various MTAs and calling apps each have their # own idea of what header to use for this! see my $envf; # Rely on the 'envelope-sender-header' header if the user has configured one. # Assume that because they have configured it, their MTA will always add it. # This will prevent us falling through and picking up inappropriate headers. if (defined $self->{conf}->{envelope_sender_header}) { # get the most recent (topmost) copy - there can be only one EnvelopeSender. $envf = ($self->get($self->{conf}->{envelope_sender_header}.":first:addr"))[0]; # ok if it contains an "@" sign, or is "" (ie. "<>" without the < and >) if (defined $envf && (index($envf, '@') > 0 || $envf eq '')) { dbg("message: using envelope_sender_header '%s' as EnvelopeFrom: '%s'", $self->{conf}->{envelope_sender_header}, $envf); $self->{envelopefrom} = $envf; return $envf; } # Warn them if it's configured, but not there or not usable. if (defined $envf) { dbg("message: envelope_sender_header '%s': '%s' is not valid, ignoring", $self->{conf}->{envelope_sender_header}, $envf); } else { dbg("message: envelope_sender_header '%s' not found in message", $self->{conf}->{envelope_sender_header}); } # Couldn't get envelope-sender using the configured header. $self->{envelopefrom} = undef; return; } # User hasn't given us a header to trust, so try to guess the sender. # use the "envelope-sender" string found in the Received headers, # if possible... use the last untrusted header, in case there's # trusted headers. my $lasthop = $self->{relays_untrusted}->[0]; my $lasthop_str = 'last untrusted'; if (!defined $lasthop) { # no untrusted headers? in that case, the message is ALL_TRUSTED. # use the first trusted header (ie. the oldest, originating one). $lasthop = $self->{relays_trusted}->[-1]; $lasthop_str = 'first trusted'; } if (defined $lasthop) { $envf = $lasthop->{envfrom}; # ok if it contains an "@" sign, or is "" (ie. "<>" without the < and >) if (defined $envf && (index($envf, '@') > 0 || $envf eq '')) { dbg("message: using $lasthop_str relay envelope-from as EnvelopeFrom: '$envf'"); $self->{envelopefrom} = $envf; return $envf; } } # WARNING: a lot of list software adds an X-Sender for the original env-from # (including Yahoo! Groups). Unfortunately, fetchmail will pick it up and # reuse it as the env-from for *its* delivery -- even though the list # software had used a different env-from in the intervening delivery. Hence, # if this header is present, and there's a fetchmail sig in the Received # lines, we cannot trust any Envelope-From headers, since they're likely to # be incorrect fetchmail guesses. my $x_sender = ($self->get("X-Sender:first:addr"))[0]; if (defined $x_sender && index($x_sender, '@') != -1) { foreach ($self->get("Received")) { if (index($_, '(fetchmail') != -1) { dbg("message: X-Sender and fetchmail signatures found, cannot trust envelope-from"); $self->{envelopefrom} = undef; return; } } } # procmailrc notes this (we now recommend adding it to Received instead) if (defined($envf = ($self->get("X-Envelope-From:first:addr"))[0])) { # heuristic: this could have been relayed via a list which then used # a *new* Envelope-from. check if ($self->get("ALL") =~ /^Received:.*?^X-Envelope-From:/smi) { dbg("message: X-Envelope-From header found after 1 or more Received lines, cannot trust envelope-from"); $self->{envelopefrom} = undef; return; } else { dbg("message: using X-Envelope-From header as EnvelopeFrom: '$envf'"); $self->{envelopefrom} = $envf; return $envf; } } # qmail, new-inject(1) if (defined($envf = ($self->get("Envelope-Sender:first:addr"))[0])) { # heuristic: this could have been relayed via a list which then used # a *new* Envelope-from. check if ($self->get("ALL") =~ /^Received:.*?^Envelope-Sender:/smi) { dbg("message: Envelope-Sender header found after 1 or more Received lines, cannot trust envelope-from"); } else { dbg("message: using Envelope-Sender header as EnvelopeFrom: '$envf'"); $self->{envelopefrom} = $envf; return $envf; } } # Postfix, sendmail, amavisd-new, ... # RFC 2821 requires it: # When the delivery SMTP server makes the "final delivery" of a # message, it inserts a return-path line at the beginning of the mail # data. This use of return-path is required; mail systems MUST support # it. The return-path line preserves the information in the <reverse- # path> from the MAIL command. if (defined($envf = ($self->get("Return-Path:first:addr"))[0])) { # heuristic: this could have been relayed via a list which then used # a *new* Envelope-from. check if ($self->get("ALL") =~ /^Received:.*?^Return-Path:/smi) { dbg("message: Return-Path header found after 1 or more Received lines, cannot trust envelope-from"); } else { dbg("message: using Return-Path header as EnvelopeFrom: '$envf'"); $self->{envelopefrom} = $envf; return $envf; } } # give up. $self->{envelopefrom} = undef; return; } ########################################################################### # helper for get(ALL-*). get() caches its results, so don't call this # directly unless you need a range of headers not covered by the ALL-* # psuedo-headers! # Get all the headers found between an index range of received headers, the # index doesn't care if we could parse the received headers or not. # Use undef for the $start_rcvd or $end_rcvd numbers to start/end with the # first/last header in the message, otherwise indicate the index number you # want to start/end at. Set $include_start_rcvd or $include_end_rcvd to 0 to # indicate you don't want to include the received header found at the start or # end indexes... basically toggles between [s,e], [s,e), (s,e], (s,e). sub get_all_hdrs_in_rcvd_index_range { my ($self, $start_rcvd, $end_rcvd, $include_start_rcvd, $include_end_rcvd, $getraw) = @_; # prevent bad input causing us to return the first header found return if (defined $end_rcvd && $end_rcvd < 0); $include_start_rcvd = 1 unless defined $include_start_rcvd; $include_end_rcvd = 1 unless defined $include_end_rcvd; my $cur_rcvd_index = -1; # none found yet my @results; my @hdrs; if ($getraw) { @hdrs = $self->{msg}->get_pristine_header() =~ /^([^ \t].*?\n)(?![ \t])/smgi; } else { @hdrs = split(/^/m, $self->{msg}->get_all_headers(0)); } foreach my $hdr (@hdrs) { if ($hdr =~ /^Received:/i) { $cur_rcvd_index++; next if (defined $start_rcvd && !$include_start_rcvd && $start_rcvd == $cur_rcvd_index); last if (defined $end_rcvd && !$include_end_rcvd && $end_rcvd == $cur_rcvd_index); } if ((!defined $start_rcvd || $start_rcvd <= $cur_rcvd_index) && (!defined $end_rcvd || $cur_rcvd_index < $end_rcvd)) { push @results, $hdr; } elsif (defined $end_rcvd && $cur_rcvd_index == $end_rcvd) { push @results, $hdr; last; } } if (wantarray) { return @results; } else { my $result = join('', @results); return ($result eq '' ? undef : $result); } } ########################################################################### sub sa_die { Mail::SpamAssassin::sa_die(@_); } ########################################################################### =item $status->create_fulltext_tmpfile (fulltext_ref) This function creates a temporary file containing the passed scalar reference data. If no scalar is passed, full/pristine message text is assumed. This is typically used by external programs like pyzor and dccproc, to avoid hangs due to buffering issues. All tempfiles are automatically cleaned up by PerMsgStatus destructor. =cut sub create_fulltext_tmpfile { my ($self, $fulltext) = @_; my $pristine; if (!defined $fulltext) { if (defined $self->{fulltext_tmpfile}) { return $self->{fulltext_tmpfile}; } $fulltext = \$self->{msg}->get_pristine(); $pristine = 1; } my ($tmpf, $tmpfh) = Mail::SpamAssassin::Util::secure_tmpfile(); $tmpfh or die "failed to create a temporary file"; # record all created files so we can remove on DESTROY $self->{tmpfiles}->{$tmpf} = 1; # PerlIO's buffered print writes in 8 kB chunks - which can be slow. # print $tmpfh $$fulltext or die "error writing to $tmpf: $!"; # # reducing the number of writes and bypassing extra buffering in PerlIO # speeds up writing of larger text by a factor of 2 my $nwrites; for (my $ofs = 0; $ofs < length($$fulltext); $ofs += $nwrites) { $nwrites = $tmpfh->syswrite($$fulltext, length($$fulltext)-$ofs, $ofs); defined $nwrites or die "error writing to $tmpf: $!"; } close $tmpfh or die "error closing $tmpf: $!"; $self->{fulltext_tmpfile} = $tmpf if $pristine; dbg("check: create_fulltext_tmpfile, written %d bytes to file %s", length($$fulltext), $tmpf); return $tmpf; } =item $status->delete_fulltext_tmpfile (tmpfile) Will cleanup after a $status->create_fulltext_tmpfile() call. Deletes the temporary file and uncaches the filename. Generally there no need to call this, PerMsgStatus destructor cleans up all tmpfiles. =cut sub delete_fulltext_tmpfile { my ($self, $tmpfile) = @_; $tmpfile = $self->{fulltext_tmpfile} if !defined $tmpfile; if (defined $tmpfile && $self->{tmpfiles}->{$tmpfile}) { unlink($tmpfile) or dbg("cannot unlink $tmpfile: $!"); if ($self->{fulltext_tmpfile} && $tmpfile eq $self->{fulltext_tmpfile}) { delete $self->{fulltext_tmpfile}; } delete $self->{tmpfiles}->{$tmpfile}; } } ########################################################################### sub all_from_addrs { my ($self) = @_; if (exists $self->{all_from_addrs}) { return @{$self->{all_from_addrs}}; } my @addrs; # Resent- headers take priority, if present. see bug 672 my @resent = $self->get('Resent-From:first:addr'); if (@resent) { @addrs = @resent; } else { # bug 2292: Used to use find_all_addrs_in_line() with the same headers, # but the would catch addresses in comments which caused FNs for things # like welcomelist_from. Since all of these are From headers, there # should only be 1 address in each anyway (not exactly true, RFC 2822 # allows multiple addresses in a From header field) # *** since 4.0 all addresses are returned from Header correctly *** # bug 3366: some addresses come in as 'foo@bar...', which is invalid. # so deal with the multiple periods. # TODO: 4.0 need :first:addr here ? Why check so many headers ? ## no critic @addrs = map { tr/././s; $_ } grep { $_ ne '' } ($self->get('From:addr'), # std $self->get('Envelope-Sender:addr'), # qmail: new-inject(1) $self->get('Resent-Sender:addr'), # procmailrc manpage $self->get('X-Envelope-From:addr'), # procmailrc manpage $self->get('EnvelopeFrom:addr')); # SMTP envelope # http://www.cs.tut.fi/~jkorpela/headers.html is useful here } # Remove duplicate addresses my %addrs = map { $_ => 1 } @addrs; @addrs = keys %addrs; dbg("eval: all '*From' addrs: " . join(" ", @addrs)); $self->{all_from_addrs} = \@addrs; return @addrs; } =item all_from_addrs_domains This function returns all the various from addresses in a message using all_from_addrs() and then returns only the domain names. =cut sub all_from_addrs_domains { my ($self) = @_; if (exists $self->{all_from_addrs_domains}) { return @{$self->{all_from_addrs_domains}}; } #TEST POINT - my @addrs = ("test.voipquotes2.net","test.voipquotes2.co.uk"); #Start with all the normal from addrs my @addrs = all_from_addrs($self); dbg("eval: all '*From' addrs domains (before): " . join(" ", @addrs)); #Take just the domain with a dummy localpart #removing invalid and duplicate domains my(%addrs_seen, @addrs_filtered); foreach my $a (@addrs) { my $domain = $self->{main}->{registryboundaries}->uri_to_domain($a); next if !defined $domain || $addrs_seen{lc $domain}++; push(@addrs_filtered, 'dummy@'.$domain); } dbg("eval: all '*From' addrs domains (after uri to domain): " . join(" ", @addrs_filtered)); $self->{all_from_addrs_domains} = \@addrs_filtered; return @addrs_filtered; } sub all_to_addrs { my ($self) = @_; if (exists $self->{all_to_addrs}) { return @{$self->{all_to_addrs}}; } my @addrs; # Resent- headers take priority, if present. see bug 672 my @resent = ( $self->get('Resent-To:first:addr'), $self->get('Resent-Cc:first:addr') ); if (@resent) { @addrs = @resent; } else { # OK, a fetchmail trick: try to find the recipient address from # the most recent 3 Received lines. This is required for sendmail, # since it does not add a helpful header like exim, qmail # or Postfix do. # my @rcvd = ($self->get('Received'))[0 .. 2]; my @rcvdaddrs; foreach my $line (@rcvd) { next unless defined $line; if ($line =~ / for <?(\S+\@(\S+?))>?;/) { if (is_fqdn_valid(idn_to_ascii($2), 1)) { push @rcvdaddrs, $1; } } } # TODO: 4.0 use :first:addr ? Why so many headers ? @addrs = ( @rcvdaddrs, $self->get('To:addr'), # std $self->get('Apparently-To:addr'), # sendmail, from envelope $self->get('Delivered-To:addr'), # Postfix, poss qmail $self->get('Envelope-Recipients:addr'), # qmail: new-inject(1) $self->get('Apparently-Resent-To:addr'), # procmailrc manpage $self->get('X-Envelope-To:addr'), # procmailrc manpage $self->get('Envelope-To:addr'), # exim $self->get('X-Delivered-To:addr'), # procmail quick start $self->get('X-Original-To:addr'), # procmail quick start $self->get('X-Rcpt-To:addr'), # procmail quick start $self->get('X-Real-To:addr'), # procmail quick start $self->get('Cc:addr')); # std # those are taken from various sources; thanks to Nancy McGough, who # noted some in <http://www.ii.com/internet/robots/procmail/qs/#envelope> } my %seen; my @result = grep { !$seen{$_}++ } @addrs; dbg("eval: all '*To' addrs: " . join(" ", @result)); $self->{all_to_addrs} = \@result; return @result; # http://www.cs.tut.fi/~jkorpela/headers.html is useful here, also # http://www.exim.org/pipermail/exim-users/Week-of-Mon-20001009/021672.html } ########################################################################### # Save and tag regex named captures, $captures is ref to %- results sub set_captures { my ($self, $captures) = @_; foreach my $cname (keys %$captures) { next unless $cname =~ /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)*$/; # safety check my @cvals = do { my %seen; grep { !$seen{$_}++ } @{$captures->{$cname}} }; $self->set_tag($cname, @cvals == 1 ? $cvals[0] : \@cvals); } } ########################################################################### 1; __END__ =back =head1 SEE ALSO Mail::SpamAssassin(3) spamassassin(1)