File Coverage

blib/lib/Mail/MtPolicyd/Plugin/SaAwlAction.pm
Criterion Covered Total %
statement 9 51 17.6
branch 0 24 0.0
condition 0 12 0.0
subroutine 3 6 50.0
pod 1 2 50.0
total 13 95 13.6


line stmt bran cond sub pod time code
1             package Mail::MtPolicyd::Plugin::SaAwlAction;
2              
3 1     1   1533 use Moose;
  1         4  
  1         9  
4 1     1   6628 use namespace::autoclean;
  1         4  
  1         11  
5              
6             our $VERSION = '1.23'; # VERSION
7             # ABSTRACT: mtpolicyd plugin for checking spamassassin AWL reputation
8              
9              
10             extends 'Mail::MtPolicyd::Plugin';
11             with 'Mail::MtPolicyd::Plugin::Role::Scoring';
12             with 'Mail::MtPolicyd::Plugin::Role::UserConfig' => {
13             'uc_attributes' => [ 'enabled', 'mode' ],
14             };
15              
16 1     1   125 use Mail::MtPolicyd::Plugin::Result;
  1         2  
  1         718  
17              
18             has 'result_from' => ( is => 'rw', isa => 'Str', required => 1 );
19             has 'enabled' => ( is => 'rw', isa => 'Str', default => 'on' );
20             has 'mode' => ( is => 'rw', isa => 'Str', default => 'reject' );
21              
22             has 'reject_message' => (
23             is => 'ro', isa => 'Str', default => 'sender address/ip has bad reputation',
24             );
25              
26             has 'score' => ( is => 'rw', isa => 'Maybe[Num]' );
27             has 'score_factor' => ( is => 'rw', isa => 'Maybe[Num]' );
28              
29             has 'min_count' => ( is => 'rw', isa => 'Int', default => 10 );
30              
31             has 'threshold' => ( is => 'rw', isa => 'Num', default => 5 );
32             has 'match' => ( is => 'rw', isa => 'Str', default => 'gt');
33              
34             sub matches {
35 0     0 0   my ( $self, $score ) = @_;
36              
37 0 0 0       if( $self->match eq 'gt' && $score >= $self->threshold ) {
    0 0        
38 0           return 1;
39             } elsif ( $self->match eq 'lt' && $score <= $self->threshold ) {
40 0           return 1;
41             }
42              
43 0           return 0;
44             }
45              
46             sub run {
47 0     0 1   my ( $self, $r ) = @_;
48 0           my $addr = $r->attr('sender');
49 0           my $ip = $r->attr('client_address');
50 0           my $session = $r->session;
51              
52 0           my $enabled = $self->get_uc( $session, 'enabled' );
53 0 0         if( $enabled eq 'off' ) {
54 0           return;
55             }
56              
57 0           my $result_key = 'sa-awl-'.$self->result_from.'-result';
58 0 0         if( ! defined $session->{$result_key} ) {
59 0           $self->log( $r, 'no SaAwlLookup result for '.$self->result_from.' found!');
60 0           return;
61             }
62 0           my ( $count, $score ) = @{$session->{$result_key}};
  0            
63 0 0 0       if( ! defined $count || ! defined $score) {
64 0           return; # there was no entry in AWL
65             }
66            
67 0 0         if( $count < $self->min_count ) {
68 0           $self->log( $r, 'sender awl reputation below min_count' );
69 0           return;
70             }
71              
72 0 0         if( ! $self->matches( $score ) ) {
73 0           return;
74             }
75              
76 0           $self->log( $r, 'matched SA AWL threshold action '.$self->name );
77 0 0         if( ! $r->is_already_done('sa-awl-'.$self->name.'-score') ) {
78 0 0         if( $self->score ) {
    0          
79 0           $self->add_score($r, $self->name => $self->score);
80             } elsif( $self->score_factor ) {
81 0           $self->add_score($r, $self->name => $score * $self->score_factor);
82             }
83             }
84              
85 0           my $mode = $self->get_uc( $session, 'mode' );
86 0 0         if( $mode eq 'reject' ) {
87 0           return Mail::MtPolicyd::Plugin::Result->new(
88             action => $self->_get_reject_action( $addr, $ip, $score ),
89             abort => 1,
90             );
91             }
92 0 0 0       if( $mode eq 'accept' || $mode eq 'dunno' ) {
93 0           return Mail::MtPolicyd::Plugin::Result->new_dunno;
94             }
95              
96 0           return;
97             }
98              
99             sub _get_reject_action {
100 0     0     my ( $self, $sender, $ip, $score ) = @_;
101 0           my $message = $self->reject_message;
102 0           $message =~ s/%IP%/$ip/;
103 0           $message =~ s/%SENDER%/$sender/;
104 0           $message =~ s/%SCORE%/$score/;
105 0           return('reject '.$message);
106             }
107              
108             __PACKAGE__->meta->make_immutable;
109              
110             1;
111              
112             __END__
113              
114             =pod
115              
116             =encoding UTF-8
117              
118             =head1 NAME
119              
120             Mail::MtPolicyd::Plugin::SaAwlAction - mtpolicyd plugin for checking spamassassin AWL reputation
121              
122             =head1 VERSION
123              
124             version 1.23
125              
126             =head1 DESCRIPTION
127              
128             This plugin will execute an action or score based on a previous lookup
129             done with SaAwlLookup plugin.
130              
131             =head1 PARAMETERS
132              
133             =over
134              
135             =item result_from (required)
136              
137             Take the AWL information from the result of this plugin.
138              
139             The plugin in must be executed before this plugin.
140              
141             =item (uc_)enabled (default: on)
142              
143             Enable/disable this plugin.
144              
145             =item (uc_)mode (default: reject)
146              
147             If set to 'passive' no action will be returned.
148              
149             =item reject_message (default: 'sender address/ip has bad reputation')
150              
151             Could be used to specify an custom reject message.
152              
153             =item score (default: empty)
154              
155             A score to apply to the message.
156              
157             =item score_factor (default: empty)
158              
159             A factor to apply the SA score to the message.
160              
161             Do not configure a score if you want to use the factor.
162              
163             =item min_count (default: 10)
164              
165             The minimum count of mails/scores spamassassin must have
166             done on this sender/ip before the AWL entry is used.
167              
168             If the count in AWLs auto-whitelist table is below this
169             count the test will be skipped.
170              
171             =item threshold (default: 5)
172              
173             At this threshold the action or score will be applied.
174              
175             =item match (default: gt)
176              
177             The default is to match values greater("gt") than the threshold.
178              
179             When configured with 'lt' AWL scores less than the threshold will
180             be matched.
181              
182             =back
183              
184             =head1 EXAMPLE
185              
186             Check that AWL is active in your SA/amavis configuration:
187              
188             loadplugin Mail::SpamAssassin::Plugin::AWL
189             use_auto_whitelist 1
190              
191             Make sure that mtpolicyd has permissions to read the auto-whitelist db:
192              
193             $ usermod -G amavis mtpolicyd
194             $ chmod g+rx /var/lib/amavis/.spamassassin
195             $ chmod g+r /var/lib/amavis/.spamassassin/auto-whitelist
196              
197             Make sure it stays like this when its recreated in your SA local.cf:
198              
199             auto_whitelist_file_mode 0770
200              
201             Net::Server does not automatically set supplementary groups.
202             You have to do that in mtpolicyd.conf:
203              
204             group="mtpolicyd amavis"
205              
206             Permissions may be different on your system.
207              
208             To check that mtpolicyd can access the file try:
209              
210             $ sudo -u mtpolicyd -- head -n0 /var/lib/amavis/.spamassassin/auto-whitelist
211              
212             Now use it in mtpolicyd.conf:
213              
214             <Plugin amavis-reputation>
215             module = "SaAwlLookup"
216             db_file = "/var/lib/amavis/.spamassassin/auto-whitelist"
217             </Plugin>
218              
219             For whitelisting you may configure it like:
220              
221             <Plugin awl-whitelist>
222             module = "SaAwlAction"
223             result_from = "amavis-reputation"
224             mode = "accept"
225             match = "lt"
226             threshold = "0"
227             </Plugin>
228              
229             Or apply a score based for bad AWL reputation (score > 5):
230              
231             <Plugin awl-score-bad>
232             module = "SaAwlAction"
233             result_from = "amavis-reputation"
234             mode = "passive"
235             match = "gt"
236             threshold = 6
237             score = 5
238             </Plugin>
239              
240             Or apply the score value from AWL with an factor:
241              
242             <Plugin awl-score-bad>
243             module = "SaAwlAction"
244             result_from = "amavis-reputation"
245             mode = "passive"
246             match = "gt"
247             threshold = 5
248             score_factor = 0.5
249             </Plugin>
250              
251             If the score in AWL is >5 it will apply the score with an factor of 0.5.
252             When the score in AWL is 8 it will apply a score of 4.
253              
254             Or just reject all mail with a bad reputation:
255              
256             <Plugin awl-reject>
257             module = "SaAwlAction"
258             result_from = "amavis-reputation"
259             mode = "reject"
260             match = "gt"
261             threshold = 5
262             reject_message = "bye bye..."
263             </Plugin>
264              
265             =head1 Troubleshooting
266              
267             =head2 Check content of spamassassin AWL auto-whitelist
268              
269             To check the content of the auto-whitelist database use the sa-awl command:
270              
271             $ sa-awl /var/lib/amavis/.spamassassin/auto-whitelist | grep <user>
272              
273             =head1 SEE ALSO
274              
275             =over
276              
277             =item Spamassassin AutoWhitelist manual
278              
279             L<http://wiki.apache.org/spamassassin/AutoWhitelist>
280              
281             =item Spamassassin AWL plugin reference
282              
283             L<http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_AWL.html>
284              
285             =back
286              
287             =head1 AUTHOR
288              
289             Markus Benning <ich@markusbenning.de>
290              
291             =head1 COPYRIGHT AND LICENSE
292              
293             This software is Copyright (c) 2014 by Markus Benning <ich@markusbenning.de>.
294              
295             This is free software, licensed under:
296              
297             The GNU General Public License, Version 2, June 1991
298              
299             =cut