rspamd
[BUG] Broken hostname_map strategy in external_relay module
Prerequisites
- Enabled external_relay with hostname_map strategy
- Direct mail delivery and indirect mail delivery via external relay
Describe the bug
I recently enabled the external_relay module, as some mails are delivered to my server via an external relay.
My /etc/rspamd/local.d/external_relay.conf:
enabled = true;
rules {
EXTERNAL_RELAY_AUTHENTICATED {
strategy = "hostname_map";
hostname_map = "${LOCAL_CONFDIR}/maps.d/external_relay_hostname.inc";
}
}
My hostname_map:
mail.example.net
However, now mail that is directly delivered to my server (i.e. the server is not listed in hostname_map at all) gets the EXTERNAL_RELAY_AUTHENTICATED symbol and use the IP address of the first received headers sender.
I think the cause of the problem is the fix for https://github.com/rspamd/rspamd/issues/4080, which completely removed the first check in the hostname_map. Therefore, set_from_rcvd is also called if the hostname is not in the hostname_map at all.
There is also a comment from someone else that seems to have problems with this change: https://github.com/rspamd/rspamd/commit/d23dfcf2cd1fdec36e51268718f2e7b198900992#commitcomment-72248968
Steps to Reproduce
- Configure external_relay as described above
- Receive mail from a server that is not on the hostname_map
- See that
EXTERNAL_RELAY_AUTHENTICATEDsymbol is set and wrong IP address is used.
Expected behavior
For servers not on the hostname_map, the EXTERNAL_RELAY_AUTHENTICATED symbol should not be set and the IP address should not be overridden from a received header.
Versions
Rspamd daemon version 3.2
Additional Information
I propose to add back at least the following code, if the support for direct relays is not required:
if not hostname_map:get_key(from_hn) then
lua_util.debugm(N, task, 'sending hostname (%s) is not a relay', from_hn)
return
end
I am closing the issue, since the fix was already released with rspamd 3.3 and it works for me with rspamd 3.3 and 3.4.