DMARC: Check DKIM alignment

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 0b710ce63081e3f03f22812fe1f80ddf1a190a37..b8e709d990e77b01fe54754ca43d96e400dca665 100644 (file)
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -305,13 +305,16 @@ dkim_module_check (struct rspamd_task *task,
        }
 
        if (res == DKIM_REJECT) {
-               rspamd_task_insert_result (task, dkim_module_ctx->symbol_reject, score_deny, NULL);
+               rspamd_task_insert_result (task, dkim_module_ctx->symbol_reject, score_deny,
+                       g_list_prepend (NULL, rspamd_mempool_strdup (task->task_pool, ctx->domain)));
        }
        else if (res == DKIM_TRYAGAIN) {
-               rspamd_task_insert_result (task, dkim_module_ctx->symbol_tempfail, 1, NULL);
+               rspamd_task_insert_result (task, dkim_module_ctx->symbol_tempfail, 1,
+                       g_list_prepend (NULL, rspamd_mempool_strdup (task->task_pool, ctx->domain)));
        }
        else if (res == DKIM_CONTINUE) {
-               rspamd_task_insert_result (task, dkim_module_ctx->symbol_allow, score_allow, NULL);
+               rspamd_task_insert_result (task, dkim_module_ctx->symbol_allow, score_allow,
+                       g_list_prepend (NULL, rspamd_mempool_strdup (task->task_pool, ctx->domain)));
        }
 }
 

diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua
index 906f9f96b6c7d9da432ec7a2121530312a7c0a41..af9b98960952b5f377eb52a357d823737fb28170 100644 (file)
--- a/src/plugins/lua/dmarc.lua
+++ b/src/plugins/lua/dmarc.lua
@@ -117,29 +117,26 @@ local function dmarc_callback(task)
       return
     end
 
-    if strict_spf then
-      -- Handle subdomains
-    end
-    if strict_dkim then
-      -- Handle subdomain
-    end
-    
     -- Check dkim and spf symbols
     local spf_ok = false
     local dkim_ok = false
     if task:get_symbol(symbols['spf_allow_symbol']) then
       efrom = task:get_from(1)
-      if efrom and efrom[1] and efrom[1]['domain'] and
-        from and from[1] and from[1]['domain'] and
-        not from[2] then
+      if efrom and efrom[1] and efrom[1]['domain'] then
           if efrom[1]['domain'] == from[1]['domain'] then
             spf_ok = true
+          elseif not strict_spf then
+            -- XXX: use tld list here and generate top level domain
           end
       end
     end
-    if task:get_symbol(symbols['dkim_allow_symbol']) then
-      -- XXX: Check DKIM alignment
-      dkim_ok = true
+    local das = task:get_symbol(symbols['dkim_allow_symbol'])
+    if das and das[1] and das[1]['options'] and das[1]['options'][0] then
+      if from[1]['domain'] == das[1]['options'][0] then
+        dkim_ok = true
+      elseif not strict_dkim then
+        -- XXX: use tld list here and generate top level domain
+      end
     end
 
     local res = 0.5
@@ -151,7 +148,7 @@ local function dmarc_callback(task)
         end
       elseif strict_policy then
         if not pct or pct == 100 or (math.random(100) <= pct) then
-          task:insert_result('DMARC_POLICY_DENY', res)
+          task:insert_result('DMARC_POLICY_REJECT', res)
         end
       else
         task:insert_result('DMARC_POLICY_SOFTFAIL', res)
@@ -176,7 +173,7 @@ local function dmarc_callback(task)
     -- XXX: handle rua and push data to redis
   end
   
-  if from and from[1]['domain'] then
+  if from and from[1]['domain'] and not from[2] then
     -- XXX: use tld list here and generate top level domain
     local dmarc_domain = '_dmarc.' .. from[1]['domain']
     task:get_resolver():resolve_txt(task:get_session(), task:get_mempool(),