From 3e81b1d1123ff4e1fadba53a9b75222bd667a006 Mon Sep 17 00:00:00 2001
From: Soha Jin <soha@lohu.info>
Date: Tue, 11 Jul 2023 20:28:07 +0800
Subject: [PATCH] [Feature] external_relay: add ip_map strategy

---
 src/plugins/lua/external_relay.lua            | 42 +++++++++++++++++++
 .../functional/cases/380_external_relay.robot |  7 ++++
 .../configs/maps/external_relay.ip_map        |  2 +
 test/functional/configs/merged-local.conf     |  4 ++
 test/functional/messages/received7.eml        | 17 ++++++++
 5 files changed, 72 insertions(+)
 create mode 100644 test/functional/configs/maps/external_relay.ip_map
 create mode 100644 test/functional/messages/received7.eml

diff --git a/src/plugins/lua/external_relay.lua b/src/plugins/lua/external_relay.lua
index 9f65490e95..9c0f06ff89 100644
--- a/src/plugins/lua/external_relay.lua
+++ b/src/plugins/lua/external_relay.lua
@@ -61,6 +61,12 @@ local config_schema = ts.shape{
         strategy = 'hostname_map',
         symbol = ts.string:is_optional(),
       },
+      ts.shape{
+        ip_map = lua_maps.map_schema,
+        priority = ts.number:is_optional(),
+        strategy = 'ip_map',
+        symbol = ts.string:is_optional(),
+      },
     }
   ),
 }
@@ -182,6 +188,42 @@ strategies.hostname_map = function(rule)
   end
 end
 
+strategies.ip_map = function(rule)
+  local ip_map = lua_maps.map_add_from_ucl(rule.ip_map, 'radix', 'external relay IPs')
+  if not ip_map then
+    rspamd_logger.errx(rspamd_config, "couldn't add map %s; won't register symbol %s",
+        rule.ip_map, rule.symbol)
+    return
+  end
+
+  return function(task)
+    local from_ip = task:get_from_ip()
+    if not (from_ip and from_ip:is_valid()) then
+      lua_util.debugm(N, task, 'sender\'s IP is missing')
+      return
+    end
+
+    if not ip_map:get_key(from_ip) then
+      lua_util.debugm(N, task, 'sender\'s ip (%s) is not a relay', from_ip)
+      return
+    end
+
+    local rcvd_hdrs = task:get_received_headers()
+    local num_rcvd = #rcvd_hdrs
+    -- Try find sending IP in Received headers
+    for i, rcvd in ipairs(rcvd_hdrs) do
+      if rcvd.real_ip then
+        local rcvd_ip = rcvd.real_ip
+        if rcvd_ip:is_valid() and (not ip_map:get_key(rcvd_ip) or i == num_rcvd) then
+          return set_from_rcvd(task, rcvd)
+        end
+      end
+    end
+
+    rspamd_logger.errx(task, 'found nothing useful in Received headers')
+  end
+end
+
 strategies['local'] = function(rule)
   return function(task)
     local from_ip = task:get_from_ip()
diff --git a/test/functional/cases/380_external_relay.robot b/test/functional/cases/380_external_relay.robot
index ff301626e5..459aaac785 100644
--- a/test/functional/cases/380_external_relay.robot
+++ b/test/functional/cases/380_external_relay.robot
@@ -33,6 +33,13 @@ EXTERNAL RELAY HOSTNAME MAP
   Expect Symbol With Exact Options  EXTERNAL_RELAY_TEST
   ...  IP=192.0.2.1  HOSTNAME=mail.example.org  HELO=mail.example.org
 
+EXTERNAL RELAY IP MAP
+  Scan File  ${RSPAMD_TESTDIR}/messages/received7.eml
+  ...  Settings={symbols_enabled [EXTERNAL_RELAY_TEST, EXTERNAL_RELAY_IP_MAP]}
+  ...  IP=198.51.100.1
+  Expect Symbol With Exact Options  EXTERNAL_RELAY_TEST
+  ...  IP=4.31.198.44  HOSTNAME=foobar.example.org  HELO=foobar.example.org
+
 EXTERNAL RELAY LOCAL
   Scan File  ${RSPAMD_TESTDIR}/messages/ham.eml
   ...  Settings={symbols_enabled [EXTERNAL_RELAY_TEST, EXTERNAL_RELAY_LOCAL]}
diff --git a/test/functional/configs/maps/external_relay.ip_map b/test/functional/configs/maps/external_relay.ip_map
new file mode 100644
index 0000000000..f5b106f691
--- /dev/null
+++ b/test/functional/configs/maps/external_relay.ip_map
@@ -0,0 +1,2 @@
+2001:db8::/32
+198.51.100.0/24
diff --git a/test/functional/configs/merged-local.conf b/test/functional/configs/merged-local.conf
index 572e778193..8aeb4f4574 100644
--- a/test/functional/configs/merged-local.conf
+++ b/test/functional/configs/merged-local.conf
@@ -48,6 +48,10 @@ external_relay {
       hostname_map = "{= env.TESTDIR =}/configs/maps/external_relay.hostname_map";
       strategy = "hostname_map";
     }
+    EXTERNAL_RELAY_IP_MAP {
+      ip_map = "{= env.TESTDIR =}/configs/maps/external_relay.ip_map";
+      strategy = "ip_map";
+    }
     EXTERNAL_RELAY_LOCAL {
       strategy = "local";
     }
diff --git a/test/functional/messages/received7.eml b/test/functional/messages/received7.eml
new file mode 100644
index 0000000000..fa946ec1e9
--- /dev/null
+++ b/test/functional/messages/received7.eml
@@ -0,0 +1,17 @@
+Received: from localhost (localhost [2001:db8:114::514])
+ by ietfa.amsl.com (Postfix) with ESMTP id 00E7712024B
+ for <cfrg@ietfa.amsl.com>; Tue,  7 May 2019 14:01:07 -0700 (PDT)
+Received: from mail.example.org ([198.51.100.233])
+ by lame.example.net (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id k8UsBTUjeiTe for <cfrg@ietfa.amsl.com>;
+ Tue,  7 May 2019 14:01:04 -0700 (PDT)
+Received: from foobar.example.org ([4.31.198.44])
+ by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id k8UsBTUjeiTe for <cfrg@ietfa.amsl.com>;
+ Tue,  7 May 2019 14:01:04 -0700 (PDT)
+Received: from mail.example.org ([198.51.100.2])
+ by foobar.example.org (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id k8UsBTUjeiTe for <cfrg@ietfa.amsl.com>;
+ Tue,  7 May 2019 14:01:04 -0700 (PDT)
+
+haha