fix: fixed trash check, added spam check for common spam pattern

forwardemail · Dec 28, 2024 · d380b43 · d380b43
1 parent f9559ef
commit d380b43
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 2 deletions.
diff --git a/app/models/messages.js b/app/models/messages.js
@@ -59,11 +59,13 @@ const Messages = new mongoose.Schema(
     // expires and retention date
     exp: {
       type: Boolean,
-      required: true
+      required: true,
+      index: true
     },
     rdate: {
       type: Date,
-      required: true
+      required: true,
+      index: true
     },
 
     // internal date

diff --git a/helpers/get-database.js b/helpers/get-database.js
@@ -730,6 +730,14 @@ async function getDatabase(
                     $in: mailboxes.map((m) => m._id.toString())
                   },
                   undeleted: 0
+                },
+                {
+                  mailbox: {
+                    $in: mailboxes.map((m) => m._id.toString())
+                  },
+                  created_at: {
+                    $lte: dayjs().subtract(days, 'days').toDate().toISOString()
+                  }
                 }
               ]
             }
@@ -784,6 +792,23 @@ async function getDatabase(
 
           const existingHashes = db.prepare(sql.query).pluck().all(sql.values);
 
+          for (const hash of existingHashes) {
+            if (hashSet.has(hash)) continue;
+
+            const sql = builder.build({
+              type: 'remove',
+              table: 'Attachments',
+              condition: {
+                created_at: { $lte: now },
+                counterUpdated: { $lte: now },
+                hash
+              }
+            });
+
+            db.prepare(sql.query).run(sql.values);
+          }
+
+          /*
           // TODO: this is too slow, it took 1 hour in production
           db.transaction((hashes) => {
             for (const hash of hashes) {
@@ -801,6 +826,7 @@ async function getDatabase(
               db.prepare(sql.query).run(sql.values);
             }
           }).immediate(existingHashes);
+          */
         }
       } catch (err) {
         logger.fatal(err, { session });

diff --git a/helpers/is-arbitrary.js b/helpers/is-arbitrary.js
@@ -16,6 +16,8 @@ const logger = require('#helpers/logger');
 const parseHostFromDomainOrAddress = require('#helpers/parse-host-from-domain-or-address');
 const parseRootDomain = require('#helpers/parse-root-domain');
 
+const REGEX_WARMUP = new RE2(/ \|(?: [a-zA-Z\d]{7,}){2}$/);
+
 const REGEX_BLOCKED_PHRASES = new RE2(
   /recorded you|you've been hacked|account is hacked|personal data has leaked/im
 );
@@ -272,6 +274,15 @@ function isArbitrary(session, headers) {
   //       (and the From is [email protected] and the To is [email protected], but the Reply-To needs to be different)
   //       (otherwise the spammer/attacker would never get the response to the email)
   //
+
+  //
+  // NOTE: it appears that IP warmup or spoofing is occurring where the pattern is:
+  //       `Subject: Some Phrase Here | 72X8FMN 2MAX439`
+  //                                    72X8FMN 9RR6V1T
+  //                                    ^ 7 chars ^ 7 chars (A-Z 0-9)
+  if (subject && REGEX_WARMUP.test(subject)) {
+    throw new SMTPError('Spam', { responseCode: 421 });
+  }
 }
 
 module.exports = isArbitrary;