@@ -41,6 +41,10 @@ composite "FORGED_MUA_MAILLIST" { | |||
composite "RBL_SPAMHAUS_XBL_ANY" { | |||
expression = "(-RBL_SPAMHAUS_XBL | -RBL_SPAMHAUS_XBL1 | -RBL_SPAMHAUS_XBL2 | -RBL_SPAMHAUS_XBL3) & RECEIVED_SPAMHAUS_XBL"; | |||
} | |||
composite "AUTH_NA" { | |||
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA"; | |||
score = 1.0; | |||
} | |||
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf" | |||
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf" |
@@ -20,6 +20,7 @@ | |||
* - symbol_allow (string): symbol to insert in case of allow (default: 'R_DKIM_ALLOW') | |||
* - symbol_reject (string): symbol to insert (default: 'R_DKIM_REJECT') | |||
* - symbol_tempfail (string): symbol to insert in case of temporary fail (default: 'R_DKIM_TEMPFAIL') | |||
* - symbol_na (string): symbol to insert in case of no signing (default: 'R_DKIM_NA') | |||
* - whitelist (map): map of whitelisted networks | |||
* - domains (map): map of domains to check | |||
* - strict_multiplier (number): multiplier for strict domains | |||
@@ -40,6 +41,7 @@ | |||
#define DEFAULT_SYMBOL_REJECT "R_DKIM_REJECT" | |||
#define DEFAULT_SYMBOL_TEMPFAIL "R_DKIM_TEMPFAIL" | |||
#define DEFAULT_SYMBOL_ALLOW "R_DKIM_ALLOW" | |||
#define DEFAULT_SYMBOL_NA "R_DKIM_NA" | |||
#define DEFAULT_CACHE_SIZE 2048 | |||
#define DEFAULT_CACHE_MAXAGE 86400 | |||
#define DEFAULT_TIME_JITTER 60 | |||
@@ -50,6 +52,7 @@ struct dkim_ctx { | |||
const gchar *symbol_reject; | |||
const gchar *symbol_tempfail; | |||
const gchar *symbol_allow; | |||
const gchar *symbol_na; | |||
rspamd_mempool_t *dkim_pool; | |||
radix_compressed_t *whitelist_ip; | |||
@@ -163,6 +166,15 @@ dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) | |||
0, | |||
NULL, | |||
0); | |||
rspamd_rcl_add_doc_by_path (cfg, | |||
"dkim", | |||
"Symbol that is added if mail is not signed", | |||
"symbol_na", | |||
UCL_STRING, | |||
NULL, | |||
0, | |||
NULL, | |||
0); | |||
rspamd_rcl_add_doc_by_path (cfg, | |||
"dkim", | |||
"Size of DKIM keys cache", | |||
@@ -284,6 +296,13 @@ dkim_module_config (struct rspamd_config *cfg) | |||
else { | |||
dkim_module_ctx->symbol_allow = DEFAULT_SYMBOL_ALLOW; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "dkim", "symbol_na")) != NULL) { | |||
dkim_module_ctx->symbol_na = ucl_obj_tostring (value); | |||
} | |||
else { | |||
dkim_module_ctx->symbol_na = DEFAULT_SYMBOL_NA; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "dkim", | |||
"dkim_cache_size")) != NULL) { | |||
@@ -376,6 +395,12 @@ dkim_module_config (struct rspamd_config *cfg) | |||
NULL, | |||
SYMBOL_TYPE_NORMAL|SYMBOL_TYPE_FINE, | |||
-1); | |||
rspamd_symbols_cache_add_symbol (cfg->cache, | |||
dkim_module_ctx->symbol_na, | |||
0, | |||
NULL, NULL, | |||
SYMBOL_TYPE_VIRTUAL|SYMBOL_TYPE_FINE, | |||
cb_id); | |||
rspamd_symbols_cache_add_symbol (cfg->cache, | |||
dkim_module_ctx->symbol_tempfail, | |||
0, | |||
@@ -769,6 +794,12 @@ dkim_symbol_callback (struct rspamd_task *task, void *unused) | |||
} | |||
} | |||
} | |||
else { | |||
rspamd_task_insert_result (task, | |||
dkim_module_ctx->symbol_na, | |||
1.0, | |||
NULL); | |||
} | |||
if (res != NULL) { | |||
rspamd_session_watcher_push (task->s); |
@@ -20,6 +20,8 @@ | |||
* - symbol_allow (string): symbol to insert (default: 'R_SPF_ALLOW') | |||
* - symbol_fail (string): symbol to insert (default: 'R_SPF_FAIL') | |||
* - symbol_softfail (string): symbol to insert (default: 'R_SPF_SOFTFAIL') | |||
* - symbol_na (string): symbol to insert (default: 'R_SPF_NA') | |||
* - symbol_dnsfail (string): symbol to insert (default: 'R_SPF_DNSFAIL') | |||
* - whitelist (map): map of whitelisted networks | |||
*/ | |||
@@ -36,6 +38,7 @@ | |||
#define DEFAULT_SYMBOL_NEUTRAL "R_SPF_NEUTRAL" | |||
#define DEFAULT_SYMBOL_ALLOW "R_SPF_ALLOW" | |||
#define DEFAULT_SYMBOL_DNSFAIL "R_SPF_DNSFAIL" | |||
#define DEFAULT_SYMBOL_NA "R_SPF_NA" | |||
#define DEFAULT_CACHE_SIZE 2048 | |||
#define DEFAULT_CACHE_MAXAGE 86400 | |||
@@ -46,6 +49,7 @@ struct spf_ctx { | |||
const gchar *symbol_neutral; | |||
const gchar *symbol_allow; | |||
const gchar *symbol_dnsfail; | |||
const gchar *symbol_na; | |||
rspamd_mempool_t *spf_pool; | |||
radix_compressed_t *whitelist_ip; | |||
@@ -143,6 +147,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) | |||
0, | |||
NULL, | |||
0); | |||
rspamd_rcl_add_doc_by_path (cfg, | |||
"spf", | |||
"Symbol that is added if no SPF policy is found", | |||
"symbol_na", | |||
UCL_STRING, | |||
NULL, | |||
0, | |||
NULL, | |||
0); | |||
rspamd_rcl_add_doc_by_path (cfg, | |||
"spf", | |||
"Size of SPF parsed records cache", | |||
@@ -205,6 +218,13 @@ spf_module_config (struct rspamd_config *cfg) | |||
else { | |||
spf_module_ctx->symbol_dnsfail = DEFAULT_SYMBOL_DNSFAIL; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "spf", "symbol_na")) != NULL) { | |||
spf_module_ctx->symbol_na = ucl_obj_tostring (value); | |||
} | |||
else { | |||
spf_module_ctx->symbol_na = DEFAULT_SYMBOL_NA; | |||
} | |||
if ((value = | |||
rspamd_config_get_module_opt (cfg, "spf", "spf_cache_size")) != NULL) { | |||
cache_size = ucl_obj_toint (value); | |||
@@ -231,6 +251,11 @@ spf_module_config (struct rspamd_config *cfg) | |||
NULL, NULL, | |||
SYMBOL_TYPE_VIRTUAL, | |||
cb_id); | |||
rspamd_symbols_cache_add_symbol (cfg->cache, | |||
spf_module_ctx->symbol_na, 0, | |||
NULL, NULL, | |||
SYMBOL_TYPE_VIRTUAL, | |||
cb_id); | |||
rspamd_symbols_cache_add_symbol (cfg->cache, | |||
spf_module_ctx->symbol_neutral, 0, | |||
NULL, NULL, | |||
@@ -417,7 +442,13 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task, | |||
struct spf_resolved *l; | |||
struct rspamd_async_watcher *w = ud; | |||
if (record && record->elts->len > 0 && record->domain) { | |||
if (record && record->elts->len == 0) { | |||
rspamd_task_insert_result (task, | |||
spf_module_ctx->symbol_na, | |||
1, | |||
NULL); | |||
} | |||
else if (record && record->elts->len > 0 && record->domain) { | |||
if ((l = rspamd_lru_hash_lookup (spf_module_ctx->spf_hash, | |||
record->domain, task->tv.tv_sec)) == NULL) { | |||
@@ -472,6 +503,10 @@ spf_symbol_callback (struct rspamd_task *task, void *unused) | |||
if (!rspamd_spf_resolve (task, spf_plugin_callback, w)) { | |||
msg_info_task ("cannot make spf request for [%s]", | |||
task->message_id); | |||
rspamd_task_insert_result (task, | |||
spf_module_ctx->symbol_dnsfail, | |||
1, | |||
"(SPF): spf DNS fail"); | |||
} | |||
else { | |||
rspamd_session_watcher_push (task->s); |