[Minor] Fix comments

diff --git a/conf/modules.d/phishing.conf b/conf/modules.d/phishing.conf
index 61bcfb1ac42dc396a4a2d07c4da212e2d9a5b98d..480b3c8d4db20dee601e3a5ed8cfc87f18df8d13 100644 (file)
--- a/conf/modules.d/phishing.conf
+++ b/conf/modules.d/phishing.conf
@@ -21,7 +21,7 @@ phishing {
     openphish_map = "https://www.openphish.com/feed.txt";
     # Disabled by default
     phishtank_enabled = false;
-    phishtank_map = "https://rspamd.com/phishtank/online-valid.json.zst";
+    phishtank_map = "https://maps.rspamd.com/phishtank/online-valid.json.zst";
 
     # Make exclusions for known redirectors
     redirector_domains = [

diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index 83b02c32e1cea847444469f88428c401684f70c4..3ae035b441b19f57a4c442a09285e5295ec4f60c 100644 (file)
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -263,9 +263,50 @@ local function arc_callback(task)
     end
   end
 
-  -- Now we can verify all signatures
+  --[[
+  1.  Collect all ARC Sets currently attached to the message.  If there
+       are none, the Chain Validation Status is "none" and the algorithm
+       stops here.  The maximum number of ARC Sets that can be attached
+       to a message is 50.  If more than the maximum number exist the
+       Chain Validation Status is "fail" and the algorithm stops here.
+       In the following algorithm, the maximum ARC instance value is
+       referred to as "N".
+
+   2.  If the Chain Validation Status of the highest instance value ARC
+       Set is "fail", then the Chain Validation status is "fail" and the
+       algorithm stops here.
+
+   3.  Validate the structure of the Authenticated Received Chain.  A
+       valid ARC has the following conditions:
+
+       1.  Each ARC Set MUST contain exactly one each of the three ARC
+           header fields (AAR, AMS, and AS).
+
+       2.  The instance values of the ARC Sets MUST form a continuous
+           sequence from 1..N with no gaps or repetition.
+
+       3.  The "cv" value for all ARC-Seal header fields must be non-
+           failing.  For instance values > 1, the value must be "pass".
+           For instance value = 1, the value must be "none".
+
+       *  If any of these conditions are not met, the Chain Validation
+          Status is "fail" and the algorithm stops here.
+
+   4.  Validate the AMS with the greatest instance value (most recent).
+       If validation fails, then the Chain Validation Status is "fail"
+       and the algorithm stops here.
+
+   5 - 7. Optional, not implemented
+   8.  Validate each AS beginning with the greatest instance value and
+       proceeding in decreasing order to the AS with the instance value
+       of 1.  If any AS fails to validate, the Chain Validation Status
+       is "fail" and the algorithm stops here.
+   9.  If the algorithm reaches this step, then the Chain Validation
+       Status is "pass", and the algorithm is complete.
+  ]]--
+
   local processed = 0
-  local sig = cbdata.sigs[#cbdata.sigs]
+  local sig = cbdata.sigs[#cbdata.sigs] -- last AMS
   local ret,err = dkim_verify(task, sig.header, arc_signature_cb, 'arc-sign')
 
   if not ret then