From 5104d145d7b1d0059c81bfcb43180c6b6e6514e2 Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Thu, 17 Dec 2020 12:58:39 +0200 Subject: [PATCH] [Minor] Move http_headers to plugin - Support multiple DKIM results - Insert DKIM trace symbols - Always disable callbacks if we got a header - Make the plugin default-disabled - Disable callbacks instead of virtual symbols --- conf/modules.d/http_headers.conf | 22 +++++++ rules/rspamd.lua | 1 - {rules => src/plugins/lua}/http_headers.lua | 65 +++++++++++++-------- 3 files changed, 63 insertions(+), 25 deletions(-) create mode 100644 conf/modules.d/http_headers.conf rename {rules => src/plugins/lua}/http_headers.lua (71%) diff --git a/conf/modules.d/http_headers.conf b/conf/modules.d/http_headers.conf new file mode 100644 index 000000000..51e5b82f8 --- /dev/null +++ b/conf/modules.d/http_headers.conf @@ -0,0 +1,22 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/http_headers.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/http_headers.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/http_headers.html + +http_headers { + # This module is default-disabled + enabled = false; + + .include(try=true,priority=5) "${DBDIR}/dynamic/http_headers.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/http_headers.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/http_headers.conf" +} diff --git a/rules/rspamd.lua b/rules/rspamd.lua index 64aefa9d1..c7efab76a 100644 --- a/rules/rspamd.lua +++ b/rules/rspamd.lua @@ -33,7 +33,6 @@ dofile(local_rules .. '/html.lua') dofile(local_rules .. '/headers_checks.lua') dofile(local_rules .. '/subject_checks.lua') dofile(local_rules .. '/misc.lua') -dofile(local_rules .. '/http_headers.lua') dofile(local_rules .. '/forwarding.lua') dofile(local_rules .. '/mid.lua') dofile(local_rules .. '/bitcoin.lua') diff --git a/rules/http_headers.lua b/src/plugins/lua/http_headers.lua similarity index 71% rename from rules/http_headers.lua rename to src/plugins/lua/http_headers.lua index d02ac24f7..b5018a225 100644 --- a/rules/http_headers.lua +++ b/src/plugins/lua/http_headers.lua @@ -33,6 +33,14 @@ local dkim_symbols = { symbol_tempfail = 'R_DKIM_TEMPFAIL', symbol_na = 'R_DKIM_NA', symbol_permfail = 'R_DKIM_PERMFAIL', + symbol_trace = 'DKIM_TRACE', +} + +local dkim_trace = { + pass = '+', + fail = '-', + temperror = '?', + permerror = '~', } local dmarc_symbols = { @@ -73,7 +81,7 @@ if opts then end -- Disable DKIM checks if passed via HTTP headers -rspamd_config:add_condition("R_DKIM_ALLOW", function(task) +rspamd_config:add_condition("DKIM_CHECK", function(task) local hdr = task:get_request_header('DKIM') if hdr then @@ -84,30 +92,43 @@ rspamd_config:add_condition("R_DKIM_ALLOW", function(task) return true end - local obj = parser:get_object() + local p_obj = parser:get_object() + local results = p_obj['results'] + if not results and p_obj['result'] then + results = {{result = p_obj['result'], domain = 'unknown'}} + end - if obj['result'] then - if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header') - elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header') - elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then - task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header') - elseif obj['result'] == 'permfail' then - task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header') - elseif obj['result'] == 'na' then - task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header') + if results then + for _, obj in ipairs(results) do + local dkim_domain = obj['domain'] or 'unknown' + if obj['result'] == 'pass' or obj['result'] == 'allow' then + task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_trace'], 1.0, + string.format('%s:%s', dkim_domain, dkim_trace.pass)) + elseif obj['result'] == 'fail' or obj['result'] == 'reject' then + task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_trace'], 1.0, + string.format('%s:%s', dkim_domain, dkim_trace.fail)) + elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then + task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_trace'], 1.0, + string.format('%s:%s', dkim_domain, dkim_trace.temperror)) + elseif obj['result'] == 'permfail' then + task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_trace'], 1.0, + string.format('%s:%s', dkim_domain, dkim_trace.permerror)) + elseif obj['result'] == 'na' then + task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header') + end end - - return false end end - return true + return false end) -- Disable SPF checks if passed via HTTP headers -rspamd_config:add_condition("R_SPF_ALLOW", function(task) +rspamd_config:add_condition("SPF_CHECK", function(task) local hdr = task:get_request_header('SPF') if hdr then @@ -134,15 +155,13 @@ rspamd_config:add_condition("R_SPF_ALLOW", function(task) elseif obj['result'] == 'na' then task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header') end - - return false end end - return true + return false end) -rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task) +rspamd_config:add_condition("DMARC_CALLBACK", function(task) local hdr = task:get_request_header('DMARC') if hdr then @@ -171,11 +190,9 @@ rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task) elseif obj['result'] == 'na' then task:insert_result(dmarc_symbols['na'], 1.0, 'http header') end - - return false end end - return true + return false end) -- 2.39.5