From: Andrew Lewis Date: Thu, 23 Jan 2020 18:25:47 +0000 (+0200) Subject: [Minor] dkim_signing: auth_only is a misnomer X-Git-Tag: 2.3~55^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=c296be57e97c770b0c3b2d0f9f1b36f4f34824b9;p=rspamd.git [Minor] dkim_signing: auth_only is a misnomer --- diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf index 9528427b4..4b5682b77 100644 --- a/conf/modules.d/arc.conf +++ b/conf/modules.d/arc.conf @@ -33,12 +33,12 @@ arc { allow_hdrfrom_multiple = false; # If true, username does not need to contain matching domain allow_username_mismatch = false; - # If false, messages from authenticated users are not selected for signing - auth_only = false; # Default path to key, can include '$domain' and '$selector' variables #path = "${DBDIR}/arc/$domain.$selector.key"; # Default selector to use selector = "arc"; + # If false, messages from authenticated users are not selected for signing + sign_authenticated = false; # If false, inbound messages are not selected for signing sign_inbound = true; # If false, messages from local networks are not selected for signing diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf index 6577735d5..42cb0e2b8 100644 --- a/conf/modules.d/dkim_signing.conf +++ b/conf/modules.d/dkim_signing.conf @@ -31,12 +31,12 @@ dkim_signing { allow_hdrfrom_multiple = false; # If true, username does not need to contain matching domain allow_username_mismatch = false; - # If false, messages from authenticated users are not selected for signing - auth_only = true; # Default path to key, can include '$domain' and '$selector' variables #path = "/var/lib/rspamd/dkim/$domain.$selector.key"; # Default selector to use selector = "dkim"; + # If false, messages from authenticated users are not selected for signing + sign_authenticated = true; # If false, messages from local networks are not selected for signing sign_local = true; # Symbol to add when message is signed diff --git a/lualib/lua_cfg_transform.lua b/lualib/lua_cfg_transform.lua index a82bae1b7..bdcc82635 100644 --- a/lualib/lua_cfg_transform.lua +++ b/lualib/lua_cfg_transform.lua @@ -444,6 +444,18 @@ return function(cfg) end end + -- DKIM signing/ARC legacy + for _, mod in ipairs({'dkim_signing', 'arc'}) do + if cfg[mod] then + if cfg[mod].auth_only ~= nil then + if cfg[mod].sign_authenticated ~= nil then + logger.warnx(rspamd_config, 'both auth_only (%s) and sign_authenticated (%s) for %s are specified, prefer auth_only', cfg[mod].auth_only, cfg[mod].sign_authenticated, mod) + end + cfg.[mod].sign_authenticated = cfg.[mod].auth_only + end + end + end + if cfg.dkim and cfg.dkim.sign_headers and type(cfg.dkim.sign_headers) == 'table' then -- Flatten cfg.dkim.sign_headers = table.concat(cfg.dkim.sign_headers, ':') diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua index 42b595670..53a8a8f0f 100644 --- a/lualib/lua_dkim_tools.lua +++ b/lualib/lua_dkim_tools.lua @@ -156,7 +156,7 @@ local function prepare_dkim_signing(N, task, settings) is_local = true end - if settings.auth_only and auser then + if settings.sign_authenticated and auser then lua_util.debugm(N, task, 'user is authenticated') is_authed = true elseif (settings.sign_networks and settings.sign_networks:get_key(ip)) then @@ -167,7 +167,7 @@ local function prepare_dkim_signing(N, task, settings) elseif settings.sign_inbound and not is_local and not auser then lua_util.debugm(N, task, 'mail was sent to us') else - lua_util.debugm(N, task, 'ignoring unauthenticated mail') + lua_util.debugm(N, task, 'mail is ineligible for signing') return false,{} end @@ -212,7 +212,7 @@ local function prepare_dkim_signing(N, task, settings) local function is_skip_sign() return not (settings.sign_networks and is_sign_networks) and - not (settings.auth_only and is_authed) and + not (settings.sign_authenticated and is_authed) and not (settings.sign_local and is_local) end diff --git a/lualib/rspamadm/configwizard.lua b/lualib/rspamadm/configwizard.lua index 6de3e9c26..d5b56ccb1 100644 --- a/lualib/rspamadm/configwizard.lua +++ b/lualib/rspamadm/configwizard.lua @@ -277,7 +277,7 @@ local function setup_dkim_signing(cfg, changes) local sign_type = readline_default('Enter your choice (1, 2, 3, 4) [default: 1]: ', '1') local sign_networks local allow_mismatch - local auth_only + local sign_authenticated local use_esld local sign_domain = 'pet luacheck' @@ -311,11 +311,11 @@ local function setup_dkim_signing(cfg, changes) end if sign_type ~= '3' then - auth_only = ask_yes_no( - string.format('Do you want to sign mail from %s only? ', + sign_authenticated = ask_yes_no( + string.format('Do you want to sign mail from %s? ', highlight('authenticated users')), true) else - auth_only = true + sign_authenticated = true end if fun.any(function(s) return s == sign_domain end, defined_auth_types) then @@ -416,7 +416,7 @@ local function setup_dkim_signing(cfg, changes) end res_tbl.use_esld = use_esld - res_tbl.auth_only = auth_only + res_tbl.sign_authenticated = sign_authenticated end local function check_redis_classifier(cls, changes) diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index 22eb59603..1b6d1c430 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -76,7 +76,7 @@ local settings = { allow_hdrfrom_mismatch_sign_networks = false, allow_hdrfrom_multiple = false, allow_username_mismatch = false, - auth_only = true, + sign_authenticated = true, domain = {}, path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'arc', '$domain.$selector.key'), sign_local = true, diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 23956b3c2..283aa5051 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -32,7 +32,7 @@ local settings = { allow_hdrfrom_multiple = false, allow_username_mismatch = false, allow_pubkey_mismatch = true, - auth_only = true, + sign_authenticated = true, check_pubkey = false, domain = {}, path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'dkim', '$domain.$selector.key'),