[Feature] Add `check_violation` feature to DKIM/ARC signing

lualib/lua_dkim_tools.lua

@@ -20,9 +20,24 @@ local exports = {}
 local E = {}
 local lua_util = require "lua_util"
 local rspamd_util = require "rspamd_util"
+local logger = require "rspamd_logger"
+
+local function check_violation(N, task, domain, selector)
+  -- Check for DKIM_REJECT
+  local sym_check = 'R_DKIM_REJECT'
+
+  if N == 'arc' then sym_check = 'ARC_REJECT' end
+  if task:has_symbol(sym_check) then
+    local sym = task:get_symbol(sym_check)
+    logger.infox(task, 'skip signing for %s:%s: violation %s found: %s',
+        domain, selector, sym_check, sym.options)
+    return false
+  end
+
+  return true
+end
 
 local function parse_dkim_http_headers(N, task, settings)
-  local logger = require "rspamd_logger"
   -- Configure headers
   local headers = {
     sign_header = settings.http_sign_header or "PerformDkimSign",
@@ -46,15 +61,8 @@ local function parse_dkim_http_headers(N, task, settings)
     -- Now check if we need to check the existing auth
     local hdr = task:get_request_header(headers.sign_on_reject_header)
     if not hdr or tostring(hdr) == '0' or tostring(hdr) == 'false' then
-      -- Check for DKIM_REJECT
-      local sym_check = 'R_DKIM_REJECT'
-
-      if N == 'arc' then sym_check = 'ARC_REJECT' end
-      if task:has_symbol(sym_check) then
-        local sym = task:get_symbol(sym_check)
-        logger.infox(task, 'skip signing for %s:%s: %s found: %s',
-            domain, selector, sym_check, sym.options)
-        return false,{}
+      if not check_violation(N, task, domain, selector) then
+        return false, {}
       end
     end
 
@@ -269,6 +277,12 @@ local function prepare_dkim_signing(N, task, settings)
     lua_util.debugm(N, task, 'use default selector "%s"', p.selector)
   end
 
+  if settings.check_violation then
+    if not check_violation(N, task, p.domain, p.selector) then
+      return false,{}
+    end
+  end
+
   p.domain = dkim_domain
 
   return true,p