2015-10-19 17:59:08 +02:00
|
|
|
--[[
|
|
|
|
Copyright (c) 2015, Vsevolod Stakhov <vsevolod@highsecure.ru>
|
2016-02-04 10:37:21 +01:00
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
2015-10-19 17:59:08 +02:00
|
|
|
]]--
|
|
|
|
|
|
|
|
local logger = require "rspamd_logger"
|
|
|
|
local ucl = require "ucl"
|
|
|
|
|
2016-10-12 18:05:12 +02:00
|
|
|
local spf_symbols = {
|
|
|
|
symbol_allow = 'R_SPF_ALLOW',
|
|
|
|
symbol_deny = 'R_SPF_FAIL',
|
|
|
|
symbol_softfail = 'R_SPF_SOFTFAIL',
|
|
|
|
symbol_neutral = 'R_SPF_NEUTRAL',
|
|
|
|
symbol_tempfail = 'R_SPF_DNSFAIL',
|
|
|
|
symbol_na = 'R_SPF_NA',
|
|
|
|
symbol_permfail = 'R_SPF_PERMFAIL',
|
|
|
|
}
|
|
|
|
|
|
|
|
local dkim_symbols = {
|
|
|
|
symbol_allow = 'R_DKIM_ALLOW',
|
|
|
|
symbol_deny = 'R_DKIM_REJECT',
|
|
|
|
symbol_tempfail = 'R_DKIM_TEMPFAIL',
|
|
|
|
symbol_na = 'R_DKIM_NA',
|
|
|
|
symbol_permfail = 'R_DKIM_PERMFAIL',
|
|
|
|
}
|
|
|
|
|
|
|
|
local dmarc_symbols = {
|
|
|
|
allow = 'DMARC_POLICY_ALLOW',
|
|
|
|
badpolicy = 'DMARC_BAD_POLICY',
|
|
|
|
dnsfail = 'DMARC_DNSFAIL',
|
|
|
|
na = 'DMARC_NA',
|
|
|
|
reject = 'DMARC_POLICY_REJECT',
|
|
|
|
softfail = 'DMARC_POLICY_SOFTFAIL',
|
|
|
|
quarantine = 'DMARC_POLICY_QUARANTINE',
|
|
|
|
}
|
|
|
|
|
|
|
|
local opts = rspamd_config:get_all_opt('dmarc')
|
|
|
|
if opts and opts['symbols'] then
|
|
|
|
for k,_ in pairs(dmarc_symbols) do
|
|
|
|
if opts['symbols'][k] then
|
|
|
|
dmarc_symbols[k] = opts['symbols'][k]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-11-13 12:13:47 +01:00
|
|
|
opts = rspamd_config:get_all_opt('dkim')
|
2016-10-12 18:05:12 +02:00
|
|
|
if opts then
|
|
|
|
for k,_ in pairs(dkim_symbols) do
|
|
|
|
if opts[k] then
|
|
|
|
dkim_symbols[k] = opts[k]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-11-13 12:13:47 +01:00
|
|
|
opts = rspamd_config:get_all_opt('spf')
|
2016-10-12 18:05:12 +02:00
|
|
|
if opts then
|
|
|
|
for k,_ in pairs(spf_symbols) do
|
|
|
|
if opts[k] then
|
|
|
|
spf_symbols[k] = opts[k]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-10-19 17:59:08 +02:00
|
|
|
-- Disable DKIM checks if passed via HTTP headers
|
|
|
|
rspamd_config:add_condition("R_DKIM_ALLOW", function(task)
|
|
|
|
local hdr = task:get_request_header('DKIM')
|
|
|
|
|
|
|
|
if hdr then
|
|
|
|
local parser = ucl.parser()
|
|
|
|
local res, err = parser:parse_string(tostring(hdr))
|
2015-10-19 18:13:33 +02:00
|
|
|
if not res then
|
2015-10-19 17:59:08 +02:00
|
|
|
logger.infox(task, "cannot parse DKIM header: %1", err)
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
2015-10-19 18:13:33 +02:00
|
|
|
local obj = parser:get_object()
|
|
|
|
|
|
|
|
if obj['result'] then
|
|
|
|
if obj['result'] == 'pass' or obj['result'] == 'allow' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'permfail' then
|
|
|
|
task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'na' then
|
|
|
|
task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')
|
2015-10-19 17:59:08 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
return true
|
|
|
|
end)
|
|
|
|
|
2017-08-26 08:18:04 +02:00
|
|
|
-- Disable SPF checks if passed via HTTP headers
|
2015-10-19 17:59:08 +02:00
|
|
|
rspamd_config:add_condition("R_SPF_ALLOW", function(task)
|
|
|
|
local hdr = task:get_request_header('SPF')
|
|
|
|
|
|
|
|
if hdr then
|
|
|
|
local parser = ucl.parser()
|
|
|
|
local res, err = parser:parse_string(tostring(hdr))
|
2015-10-19 18:13:33 +02:00
|
|
|
if not res then
|
2015-10-19 17:59:08 +02:00
|
|
|
logger.infox(task, "cannot parse SPF header: %1", err)
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
2015-10-19 18:13:33 +02:00
|
|
|
local obj = parser:get_object()
|
|
|
|
|
|
|
|
if obj['result'] then
|
|
|
|
if obj['result'] == 'pass' or obj['result'] == 'allow' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(spf_symbols['symbol_allow'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(spf_symbols['symbol_deny'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'neutral' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(spf_symbols['symbol_neutral'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'softfail' then
|
|
|
|
task:insert_result(spf_symbols['symbol_softfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'permfail' then
|
|
|
|
task:insert_result(spf_symbols['symbol_permfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'na' then
|
|
|
|
task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header')
|
2015-10-19 17:59:08 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
return true
|
|
|
|
end)
|
|
|
|
|
|
|
|
rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)
|
|
|
|
local hdr = task:get_request_header('DMARC')
|
|
|
|
|
|
|
|
if hdr then
|
|
|
|
local parser = ucl.parser()
|
|
|
|
local res, err = parser:parse_string(tostring(hdr))
|
2015-10-19 18:13:33 +02:00
|
|
|
if not res then
|
2015-10-19 17:59:08 +02:00
|
|
|
logger.infox(task, "cannot parse DMARC header: %1", err)
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
2015-10-19 18:13:33 +02:00
|
|
|
local obj = parser:get_object()
|
|
|
|
|
|
|
|
if obj['result'] then
|
|
|
|
if obj['result'] == 'pass' or obj['result'] == 'allow' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dmarc_symbols['allow'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dmarc_symbols['reject'], 1.0, 'http header')
|
2015-10-19 18:13:33 +02:00
|
|
|
elseif obj['result'] == 'quarantine' then
|
2016-10-12 18:05:12 +02:00
|
|
|
task:insert_result(dmarc_symbols['quarantine'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'tempfail' then
|
|
|
|
task:insert_result(dmarc_symbols['dnsfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'softfail' or obj['result'] == 'none' then
|
|
|
|
task:insert_result(dmarc_symbols['softfail'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'permfail' or obj['result'] == 'badpolicy' then
|
|
|
|
task:insert_result(dmarc_symbols['badpolicy'], 1.0, 'http header')
|
|
|
|
elseif obj['result'] == 'na' then
|
|
|
|
task:insert_result(dmarc_symbols['na'], 1.0, 'http header')
|
2015-10-19 17:59:08 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
return true
|
|
|
|
end)
|
|
|
|
|