Projects
home:rottame:mail
postfix-rate-policyd
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 13
View file
rubygem-postfix-rate-policyd.spec
Changed
@@ -1,7 +1,7 @@ %define mod_name postfix-rate-policyd %define mod_full_name %{mod_name}-%{version} Name: rubygem-postfix-rate-policyd -Version: 1.0.1 +Version: 1.0.2 Release: 0 Summary: Intercom mail policyd rubygem License: Apache-2.0
View file
postfix-rate-policyd-1.0.1.gem/checksums.yaml.gz -> postfix-rate-policyd-1.0.2.gem/checksums.yaml.gz
Changed
@@ -1,7 +1,7 @@ --- SHA256: - metadata.gz: a652724655ec830d9f9c54f5ef86afe5b75313b63fdc0428d917140727ee1ad1 - data.tar.gz: 7cabafca34854dcbfea0f7c41a4c04be221ca5fa85f80a6f4ee0e82f9aee8cfb + metadata.gz: f8216609f5b4a1b4d51015280067b3e744bbcdedf1856ed55c4558d7e85b3907 + data.tar.gz: 01a3f0dea7dcb0fcfa85df5a3642ac72b516a88714715057ec80455bc075b218 SHA512: - metadata.gz: 19842b98ba8adccb585a2607b8e13cf3367a14b7c4df69cbbe8905691dabd0eb719557f25eb05722e0e4a4c5c715d8d2bcc1a148b7f6a893b44408e2dee9f190 - data.tar.gz: af736185ead11446463b99d30d3830d84ad42b535e8c53a85c16bf60411f6b55486feafc7c45cf702b75748b0a5e7c2121d473daf08740e75d485bec72942838 + metadata.gz: 43d400e5b378427d6a30b3db801f45ea8787b9465592d8037fa0f3d4130170615c0102a0e95898c9995300eb15abf4c128b013cb7193c6223c323e5053226802 + data.tar.gz: a4bc88909b1e192dc157cfb8cc3f9cdb9010b485935f9415a2620da58210fb824f744718daa324bb71c0a3ba4ed00dd5b57b2898d945ce79eda856196261f9b6
View file
postfix-rate-policyd-1.0.1.gem/data/lib/postfix/rate/policyd/heuristics.rb -> postfix-rate-policyd-1.0.2.gem/data/lib/postfix/rate/policyd/heuristics.rb
Changed
@@ -114,10 +114,11 @@ def check_heuristics(request) h = Store.new(request) - if res = h.check_address(request.client_address) && !address_check_whitelist(request) - blacklist_address!(request.client_address, res) - warn "Heuristics: identity '#{request.entity.label}' has been disabled: #{res}" - request.entity.disable!(res) + message = h.check_address(request.client_address) + if message && request.entity.policy.heuristics && !address_check_whitelist(request) + blacklist_address!(request.client_address, message) + warn "Heuristics: identity '#{request.entity.label}' has been disabled: #{message}" + request.entity.disable!(message) else request.entity.tracker.heuristics = h.data end
View file
postfix-rate-policyd-1.0.1.gem/data/lib/postfix/rate/policyd/version.rb -> postfix-rate-policyd-1.0.2.gem/data/lib/postfix/rate/policyd/version.rb
Changed
@@ -1,7 +1,7 @@ module Postfix module Rate module Policyd - VERSION = "1.0.1" + VERSION = "1.0.2" end end end
View file
postfix-rate-policyd-1.0.1.gem/data/spec/helpers/database_helpers.rb -> postfix-rate-policyd-1.0.2.gem/data/spec/helpers/database_helpers.rb
Changed
@@ -1,3 +1,5 @@ +require 'ostruct' + module DatabaseHelpers def self.init_database(debug = false) options = {} @@ -31,6 +33,54 @@ Sequel::Model.db.execute_dui "DELETE FROM trackers;" end - Postfix::Rate::Models.init + config = OpenStruct.new( + trackers: {}, + policies: + { + "name"=>"default", + "h_max_addresses"=>5, + "h_activity_threshold"=>14400, + "h_interval"=>1800, + "h_interval_count"=>50, + "h_grace_threshold"=>1296000, + "description"=>"Default Policy", + "interval"=>3600, + "heuristics"=>false, + "count"=>10, + "recipients"=>20, + "volume"=>"nil" + }, + { + "name"=>"default_for_addresses", + "h_max_addresses"=>5, + "h_activity_threshold"=>14400, + "h_interval"=>1800, + "h_interval_count"=>50, + "h_grace_threshold"=>1296000, + "description"=>"Default Policy for unauthenticated addresses", + "interval"=>86400, + "heuristics"=>true, + "count"=>200, + "recipients"=>200, + "volume"=>"nil" + }, + { + "name"=>"default_for_identities", + "h_max_addresses"=>5, + "h_activity_threshold"=>14400, + "h_interval"=>1800, + "h_interval_count"=>50, + "h_grace_threshold"=>1296000, + "description"=>"Default Policy for authenticated identities", + "interval"=>86400, + "heuristics"=>true, + "count"=>500, + "recipients"=>1000, + "volume"=>"nil" + } + + ) + + Postfix::Rate::Models.init(config) end end \ No newline at end of file
View file
postfix-rate-policyd-1.0.1.gem/data/spec/heuristics_spec.rb -> postfix-rate-policyd-1.0.2.gem/data/spec/heuristics_spec.rb
Changed
@@ -398,4 +398,159 @@ end end end + + context 'policy with heuristics disabled' do + let :identity do + id = Postfix::Rate::Models::AuthenticatedIdentity.new(identity: 'sender@foo.bar') + id.policy = Postfix::Rate::Models::Policy.find(name: 'default') + id.save + id + end + + context 'should update the heuristics data' do + it 'should initialize the heuristics data' do + id = identity + req = request + entity = subject.fetch_entity(req) + + expect { + subject.check_heuristics(req) + }.to change{entity.tracker.heuristics} + end + + it 'should add the new address in the heuristics data' do + id = identity + req = request + entity = subject.fetch_entity(req) + subject.update_quota(req) + + req1 = request + req1.set_attribute 'client_address', '2.3.4.5' + req1.new_instance! + entity = subject.fetch_entity(req1) + + expect { + subject.check_heuristics(req1) + }.to change{entity.tracker.heuristics:addresses.count}.to(2) + end + + it 'should update the address data' do + id = identity + req = request + entity = subject.fetch_entity(req) + subject.update_quota(req) + + Timecop.travel(10.seconds.from_now) do + req1 = request + entity = subject.fetch_entity(req1) + + expect { + subject.check_heuristics(req1) + }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_seen} + .and change{entity.tracker.heuristics:addresses'1.2.3.4':total_count} + .and change{entity.tracker.heuristics:addresses'1.2.3.4':last_count} + end + end + + it 'last_count is a rolling average' do + id = identity + req = request + entity = subject.fetch_entity(req) + subject.update_quota(req) + + Timecop.travel((entity.policy.h_interval/2).seconds.from_now) do + req1 = request + entity = subject.fetch_entity(req1) + + expect { + subject.check_heuristics(req1) + }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_count}.to(1.5) + end + end + + it 'should reset last_count' do + id = identity + req = request + entity = subject.fetch_entity(req) + subject.update_quota(req) + + Timecop.travel((entity.policy.h_interval+10).seconds.from_now) do + req1 = request + entity = subject.fetch_entity(req1) + + entity.tracker.heuristics:addresses'1.2.3.4':last_count = 100 + + expect { + subject.check_heuristics(req1) + }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_count}.to(1) + end + end + end + + context 'should not ban the identity' do + it 'when clients has multiple addresses and one address over quota' do + id = identity + req = request + subject.fetch_entity(req) + subject.update_quota(req) + + req1 = request + req1.set_attribute 'client_address', '2.3.4.5' + req1.new_instance! + subject.fetch_entity(req1) + subject.update_quota(req1) + + req2 = request + req2.set_attribute 'client_address', '2.3.4.5' + req2.new_instance! + entity = subject.fetch_entity(req2) + + entity.tracker.heuristics:addresses'2.3.4.5':last_count = entity.policy.h_interval_count + entity.tracker.heuristics:addresses'2.3.4.5':total_count = entity.policy.h_interval_count + + Timecop.travel(10.seconds.from_now) do + expect { + subject.check_heuristics(req2) + }.to not_change{entity.disabled} + .and not_change{Postfix::Rate::Models::NetworkAddress.where(flags: 'b').count} + end + end + + it 'when client is sending from too many addresses' do + id = identity + req = request + entity = subject.fetch_entity(req) + + # build and store the maximum allowed amount of addresses + addresses = 1.upto(entity.policy.h_max_addresses).map do | n | + "1.1.1.#{n}" + end + + addresses.each.with_index do | addr, idx | + req = request + req.set_attribute 'client_address', addr + req.new_instance! + entity = subject.fetch_entity(req) + subject.update_quota(req) + end + + # now attempt a request from a new address + req = request + req.set_attribute 'client_address', '2.2.2.2' + req.new_instance! + entity = subject.fetch_entity(req) + + # should forget 1.1.1.1 and store 2.2.2.2 + new_addresses = addresses.dup + new_addresses.shift + new_addresses.push('2.2.2.2') + + expect { + subject.check_heuristics(req) + }.to not_change{entity.disabled} + .and not_change{Postfix::Rate::Models::NetworkAddress.where(flags: 'b').count} + .and not_change{entity.tracker.heuristics:addresses.keys} + end + end + end end \ No newline at end of file
View file
postfix-rate-policyd-1.0.1.gem/metadata.gz -> postfix-rate-policyd-1.0.2.gem/metadata.gz
Changed
@@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: postfix-rate-policyd version: !ruby/object:Gem::Version - version: 1.0.1 + version: 1.0.2 platform: ruby authors: - Lele Forzani
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.