* @return new context or NULL
*/
rspamd_dkim_context_t*
-rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err)
+rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, guint time_jitter, GError **err)
{
const gchar *p, *c, *tag, *end;
gsize taglen;
}
/* Check expiration */
now = time (NULL);
- if (new->timestamp && new->timestamp > now) {
+ if (new->timestamp && now < new->timestamp && new->timestamp - now > (gint)time_jitter) {
g_set_error (err, DKIM_ERROR, DKIM_SIGERROR_FUTURE, "signature was made in future, ignoring");
return NULL;
}
* Create new dkim context from signature
* @param sig message's signature
* @param pool pool to allocate memory from
+ * @param time_jitter jitter in seconds to allow time diff while checking
* @param err pointer to error object
* @return new context or NULL
*/
-rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err);
+rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, guint time_jitter, GError **err);
/**
* Make DNS request for specified context and obtain and parse key
* - domains (map): map of domains to check (if absent all domains are checked)
* - strict_domains (map): map of domains that requires strict score for dkim
* - strict_multiplier (number): multiplier for strict domains
+ * - time_jitter (number): jitter in seconds to allow time diff while checking
*/
#include "config.h"
#define DEFAULT_SYMBOL_ALLOW "R_DKIM_ALLOW"
#define DEFAULT_CACHE_SIZE 2048
#define DEFAULT_CACHE_MAXAGE 86400
+#define DEFAULT_TIME_JITTER 60
struct dkim_ctx {
gint (*filter) (struct worker_task * task);
GHashTable *dkim_domains;
GHashTable *strict_domains;
guint strict_multiplier;
+ guint time_jitter;
rspamd_lru_hash_t *dkim_hash;
};
register_module_opt ("dkim", "domains", MODULE_OPT_TYPE_MAP);
register_module_opt ("dkim", "strict_domains", MODULE_OPT_TYPE_MAP);
register_module_opt ("dkim", "strict_multiplier", MODULE_OPT_TYPE_UINT);
+ register_module_opt ("dkim", "time_jitter", MODULE_OPT_TYPE_TIME);
return 0;
}
else {
cache_expire = DEFAULT_CACHE_MAXAGE;
}
+ if ((value = get_module_opt (cfg, "dkim", "time_jitter")) != NULL) {
+ dkim_module_ctx->time_jitter = cfg_parse_time (value, TIME_SECONDS) / 1000;
+ }
+ else {
+ dkim_module_ctx->time_jitter = DEFAULT_TIME_JITTER;
+ }
if ((value = get_module_opt (cfg, "dkim", "whitelist")) != NULL) {
if (! add_map (value, read_radix_list, fin_radix_list, (void **)&dkim_module_ctx->whitelist_ip)) {
msg_warn ("cannot load whitelist from %s", value);
#endif
/* Parse signature */
msg_debug ("create dkim signature");
- ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, &err);
+ ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, dkim_module_ctx->time_jitter, &err);
if (ctx == NULL) {
msg_info ("cannot parse DKIM context: %s", err->message);
g_error_free (err);
projects / rspamd.git / commitdiff