[Feature] rbl: support checking returncodes by CIDR

lualib/plugins/rbl.lua

@@ -107,7 +107,7 @@ local rule_schema_tbl = {
   ipv6 = ts.boolean:is_optional(),
   is_whitelist = ts.boolean:is_optional(),
   local_exclude_ip_map = ts.string:is_optional(),
-  matcher = ts.one_of { "equality", "luapattern", "regexp" }:is_optional(),
+  matcher = ts.one_of { "equality", "luapattern", "radix", "regexp" }:is_optional(),
   monitored_address = ts.string:is_optional(),
   no_ip = ts.boolean:is_optional(),
   process_script = ts.string:is_optional(),

src/plugins/lua/rbl.lua

@@ -21,7 +21,6 @@ end
 
 local hash = require 'rspamd_cryptobox_hash'
 local rspamd_logger = require 'rspamd_logger'
-local rspamd_regexp = require 'rspamd_regexp'
 local rspamd_util = require 'rspamd_util'
 local rspamd_ip = require "rspamd_ip"
 local fun = require 'fun'
@@ -218,24 +217,34 @@ end
 
 local matchers = {}
 
-matchers.equality = function(to_match, pattern)
-  return to_match == pattern
+matchers.radix = function(_, _, real_ip, map)
+  return map and map:get_key(real_ip) or false
 end
 
-matchers.luapattern = function(to_match, pattern)
-  return string.find(to_match, '^' .. pattern .. '$') and true or false
+matchers.equality = function(codes, to_match)
+  if type(codes) ~= 'table' then return codes == to_match end
+  for _, ip in ipairs(codes) do
+    if to_match == ip then
+      return true
+    end
+  end
+  return false
 end
 
-matchers.regexp = function(to_match, pattern)
-  local re = rspamd_regexp.get_cached(pattern)
-  if not re then
-    re = rspamd_regexp.create_cached(pattern)
-    if not re then
-      rspamd_logger.errx('regexp did not compile: %s', pattern)
-      return false
+matchers.luapattern = function(codes, to_match)
+  if type(codes) ~= 'table' then
+    return string.find(to_match, '^' .. codes .. '$') and true or false
+  end
+  for _, pattern in ipairs(codes) do
+    if string.find(to_match, '^' .. pattern .. '$') then
+      return true
     end
   end
-  return re:match(to_match)
+  return false
+end
+
+matchers.regexp = function(_, to_match, _, map)
+  return map and map:get_key(to_match) or false
 end
 
 local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_table_elt, match)
@@ -297,6 +306,8 @@ local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_tabl
     return
   end
 
+  local returncodes_maps = rbl.returncodes_maps or {}
+
   for _, result in ipairs(results) do
     local ipstr = result:to_string()
     lua_util.debugm(N, task, '%s DNS result %s', to_resolve, ipstr)
@@ -315,12 +326,10 @@ local function rbl_dns_process(task, rbl, to_resolve, results, err, resolve_tabl
       end
     elseif rbl.returncodes then
       for s, codes in pairs(rbl.returncodes) do
-        for _, v in ipairs(codes) do
-          if match(ipstr, v) then
-            foundrc = true
-            insert_results(s)
-            break
-          end
+        local res = match(codes, ipstr, result, returncodes_maps[s])
+        if res then
+          foundrc = true
+          insert_results(s)
         end
       end
     end
@@ -1077,6 +1086,19 @@ local function add_rbl(key, rbl, global_opts)
         def_type, rbl.symbol)
   end
 
+  local match_type = rbl.matcher
+  if match_type and rbl.returncodes and (match_type == 'radix' or match_type == 'regexp') then
+    if not rbl.returncodes_maps then
+      rbl.returncodes_maps = {}
+    end
+    for label, v in pairs(rbl.returncodes) do
+      if type(v) ~= 'table' then
+        v = {v}
+      end
+      rbl.returncodes_maps[label] = lua_maps.map_add_from_ucl(v, match_type, string.format('%s_%s RBL returncodes', label, rbl.symbol))
+    end
+  end
+
   if rbl.url_compose_map then
     local lua_urls_compose = require "lua_urls_compose"
     rbl.url_compose_map = lua_urls_compose.add_composition_map(rspamd_config, rbl.url_compose_map)

test/functional/configs/merged-override.conf

@@ -296,8 +296,9 @@ rbl {
       ignore_defaults = true;
       emails = true;
       emails_domainonly = true
+      matcher = "radix";
       returncodes = {
-        RSPAMD_EMAILBL = "127.0.0.2";
+        RSPAMD_EMAILBL = "127.0.0.2/32";
       }
     }
     URIBL_NUMERIC {