Vsevolod Stakhov
5 years ago
1 changed files with 17 additions and 15 deletions
+ 17
- 15
src/plugins/lua/dmarc.lua
View File
| @@ -288,7 +288,7 @@ local function dmarc_check_record(task, record, is_tld) | |||
| return true, result | |||
| end | |||
| local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| local function dmarc_validate_policy(task, policy, hdrfromdom, dmarc_esld) | |||
| local reason = {} | |||
| -- Check dkim and spf symbols | |||
| @@ -312,7 +312,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| end | |||
| else | |||
| local spf_tld = rspamd_util.get_tld(spf_domain) | |||
| if rspamd_util.strequal_caseless(spf_tld, policy.domain) then | |||
| if rspamd_util.strequal_caseless(spf_tld, dmarc_esld) then | |||
| spf_ok = true | |||
| else | |||
| table.insert(reason, "SPF not aligned (relaxed)") | |||
| @@ -326,7 +326,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| end | |||
| else | |||
| local spf_tld = rspamd_util.get_tld(spf_domain) | |||
| if rspamd_util.strequal_caseless(spf_tld, policy.domain) then | |||
| if rspamd_util.strequal_caseless(spf_tld, dmarc_esld) then | |||
| spf_tmpfail = true | |||
| end | |||
| end | |||
| @@ -365,7 +365,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| else | |||
| local dkim_tld = rspamd_util.get_tld(domain) | |||
| if rspamd_util.strequal_caseless(dkim_tld, policy.domain) then | |||
| if rspamd_util.strequal_caseless(dkim_tld, dmarc_esld) then | |||
| dkim_ok = true | |||
| else | |||
| dkim_violated = "DKIM not aligned (relaxed)" | |||
| @@ -381,7 +381,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| else | |||
| local dkim_tld = rspamd_util.get_tld(domain) | |||
| if rspamd_util.strequal_caseless(dkim_tld, policy.domain) then | |||
| if rspamd_util.strequal_caseless(dkim_tld, dmarc_esld) then | |||
| dkim_tmpfail = true | |||
| end | |||
| end | |||
| @@ -411,9 +411,9 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| local function handle_dmarc_failure(what, reason_str) | |||
| if not policy.pct or policy.pct == 100 then | |||
| task:insert_result(what, 1.0, | |||
| task:insert_result(dmarc_symbols[what], 1.0, | |||
| policy.domain .. ' : ' .. reason_str, policy.dmarc_policy) | |||
| disposition = "quarantine" | |||
| disposition = what | |||
| else | |||
| if (math.random(100) > policy.pct) then | |||
| if (not no_sampling_domains or | |||
| @@ -422,7 +422,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "sampled_out") | |||
| sampled_out = true | |||
| else | |||
| task:insert_result(what, 1.0, | |||
| task:insert_result(dmarc_symbols[what], 1.0, | |||
| policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "local_policy") | |||
| disposition = what | |||
| end | |||
| @@ -459,7 +459,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom) | |||
| ' : ' .. 'SPF/DKIM temp error', policy.dmarc_policy) | |||
| else | |||
| -- We can now check the failed policy and maybe send report data elt | |||
| local reason_str = table.concat(reason, ',') | |||
| local reason_str = table.concat(reason, ', ') | |||
| if policy.dmarc_policy == 'quarantine' then | |||
| handle_dmarc_failure('quarantine', reason_str) | |||
| @@ -577,20 +577,20 @@ local function dmarc_callback(task) | |||
| local dmarc_domain_policy = {} | |||
| local dmarc_tld_policy = {} | |||
| local function process_dmarc_policy(policy, is_tld) | |||
| lua_util.debugm(N, task, "validate DMARC policy (is_tld=%s): %s", | |||
| is_tld, policy) | |||
| local function process_dmarc_policy(policy, final) | |||
| lua_util.debugm(N, task, "validate DMARC policy (final=%s): %s", | |||
| true, policy) | |||
| if policy.err and policy.symbol then | |||
| -- In case of fatal errors or final check for tld, we give up and | |||
| -- insert result | |||
| if is_tld or policy.fatal then | |||
| if final or policy.fatal then | |||
| task:insert_result(policy.symbol, 1.0, policy.err) | |||
| maybe_force_action(task, policy.disposition) | |||
| return true | |||
| end | |||
| elseif policy.dmarc_policy then | |||
| dmarc_validate_policy(task, policy, hfromdom) | |||
| dmarc_validate_policy(task, policy, hfromdom, dmarc_domain) | |||
| return true -- We have a more specific version, use it | |||
| end | |||
| @@ -656,7 +656,9 @@ local function dmarc_callback(task) | |||
| -- We have checked both tld and real domain (if different) | |||
| if not process_dmarc_policy(dmarc_domain_policy, false) then | |||
| -- Try tld policy as well | |||
| process_dmarc_policy(dmarc_tld_policy, true) | |||
| if not process_dmarc_policy(dmarc_tld_policy, true) then | |||
| process_dmarc_policy(dmarc_domain_policy, true) | |||
| end | |||
| end | |||
| end | |||
| end | |||
Loading…