Parcourir la source
[Fix] Do not blacklist mail by SPF/DMARC for local/authed users
Issue: #2871tags/1.9.3
Vsevolod Stakhov
il y a 5 ans
2 fichiers modifiés avec 36 ajouts et 5 suppressions
+ 2
- 2
src/plugins/lua/dmarc.lua
Voir le fichier
| @@ -564,13 +564,13 @@ local function dmarc_callback(task) | |||
| local seen_invalid = false | |||
| if dmarc_checks ~= 2 then | |||
| rspamd_logger.infox(task, "skip DMARC checks as either SPF or DKIM were not checked"); | |||
| rspamd_logger.infox(task, "skip DMARC checks as either SPF or DKIM were not checked") | |||
| return | |||
| end | |||
| if ((not check_authed and task:get_user()) or | |||
| (not check_local and ip_addr and ip_addr:is_local())) then | |||
| rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users"); | |||
| rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users") | |||
| return | |||
| end | |||
+ 34
- 3
src/plugins/lua/whitelist.lua
Voir le fichier
| @@ -29,7 +29,8 @@ local options = { | |||
| dmarc_allow_symbol = 'DMARC_POLICY_ALLOW', | |||
| spf_allow_symbol = 'R_SPF_ALLOW', | |||
| dkim_allow_symbol = 'R_DKIM_ALLOW', | |||
| check_local = false, | |||
| check_authed = false, | |||
| rules = {} | |||
| } | |||
| @@ -127,6 +128,7 @@ local function whitelist_cb(symbol, rule, task) | |||
| local spf_violated = false | |||
| local dmarc_violated = false | |||
| local ip_addr = task:get_ip() | |||
| if rule['valid_spf'] then | |||
| if not task:has_symbol(options['spf_allow_symbol']) then | |||
| @@ -243,6 +245,7 @@ local function whitelist_cb(symbol, rule, task) | |||
| end | |||
| if rule.valid_dmarc then | |||
| found_wl = false | |||
| for dom,val in pairs(domains.dmarc or E) do | |||
| @@ -281,7 +284,16 @@ local function whitelist_cb(symbol, rule, task) | |||
| end | |||
| if found_bl then | |||
| add_symbol(true, final_mult) | |||
| if not ((not options.check_authed and task:get_user()) or | |||
| (not options.check_local and ip_addr and ip_addr:is_local())) then | |||
| add_symbol(true, final_mult) | |||
| else | |||
| if rule.valid_spf or rule.valid_dmarc then | |||
| rspamd_logger.infox(task, "skip DMARC/SPF blacklists for local networks and/or authorized users") | |||
| else | |||
| add_symbol(true, final_mult) | |||
| end | |||
| end | |||
| elseif found_wl then | |||
| add_symbol(false, final_mult) | |||
| end | |||
| @@ -295,11 +307,30 @@ local function gen_whitelist_cb(symbol, rule) | |||
| end | |||
| local configure_whitelist_module = function() | |||
| local opts = rspamd_config:get_all_opt('whitelist') | |||
| local opts = rspamd_config:get_all_opt('whitelist') | |||
| if opts then | |||
| for k,v in pairs(opts) do | |||
| options[k] = v | |||
| end | |||
| local function try_opts(where) | |||
| local ret = false | |||
| local opts = rspamd_config:get_all_opt(where) | |||
| if type(opts) == 'table' then | |||
| if type(opts['check_local']) == 'boolean' then | |||
| options.check_local = opts['check_local'] | |||
| ret = true | |||
| end | |||
| if type(opts['check_authed']) == 'boolean' then | |||
| options.check_authed = opts['check_authed'] | |||
| ret = true | |||
| end | |||
| end | |||
| return ret | |||
| end | |||
| if not try_opts(N) then try_opts('options') end | |||
| else | |||
| rspamd_logger.infox(rspamd_config, 'Module is unconfigured') | |||
| return | |||
Chargement…