Browse Source
Merge pull request #4587 from fatalbanana/dmarc_subdomains
[Fix] DMARC reporting: fix reporting for subdomainstags/3.7.2
Vsevolod Stakhov
7 months ago
2 changed files with 8 additions and 10 deletions
+ 7
- 9
lualib/rspamadm/dmarc_report.lua
View File
| @@ -291,10 +291,11 @@ local function process_rua(dmarc_domain, rua) | |||
| local addrs = {} | |||
| for _, rua_part in ipairs(parts) do | |||
| local u = rspamd_url.create(pool, rua_part:gsub('!%d+[kmg]?$', '')) | |||
| local u2 = rspamd_url.create(pool, dmarc_domain) | |||
| if u and (u:get_protocol() or '') == 'mailto' and u:get_user() then | |||
| -- Check each address for sanity | |||
| if dmarc_domain == u:get_tld() or dmarc_domain == u:get_host() then | |||
| -- Same domain - always include | |||
| if u:get_tld() == u2:get_tld() then | |||
| -- Same eSLD - always include | |||
| table.insert(addrs, u) | |||
| else | |||
| -- We need to check authority | |||
| @@ -341,18 +342,15 @@ end | |||
| -- Validate reporting domain, extracting rua and checking 3rd party report domains | |||
| -- This function returns a full dmarc record processed + rua as a list of url objects | |||
| local function validate_reporting_domain(reporting_domain) | |||
| -- Now check the domain policy | |||
| -- DMARC domain is a esld for the reporting domain | |||
| local dmarc_domain = rspamd_util.get_tld(reporting_domain) | |||
| local is_ok, results = rspamd_dns.request({ | |||
| config = rspamd_config, | |||
| session = rspamadm_session, | |||
| type = 'txt', | |||
| name = '_dmarc.' .. dmarc_domain, | |||
| name = '_dmarc.' .. reporting_domain, | |||
| }) | |||
| if not is_ok or not results then | |||
| logger.errx('cannot resolve _dmarc.%s: %s', dmarc_domain, results) | |||
| logger.errx('cannot resolve _dmarc.%s: %s', reporting_domain, results) | |||
| return nil | |||
| end | |||
| @@ -360,7 +358,7 @@ local function validate_reporting_domain(reporting_domain) | |||
| local processed, rec = dmarc_common.dmarc_check_record(rspamd_config, r, false) | |||
| if processed and rec.rua then | |||
| -- We need to check or alter rua if needed | |||
| local processed_rua = process_rua(dmarc_domain, rec.rua) | |||
| local processed_rua = process_rua(reporting_domain, rec.rua) | |||
| if processed_rua then | |||
| rec = rec.raw_elts | |||
| rec.rua = processed_rua | |||
| @@ -736,4 +734,4 @@ return { | |||
| aliases = { 'dmarc_reporting' }, | |||
| handler = handler, | |||
| description = parser._description | |||
| } | |||
| } | |||
+ 1
- 1
src/plugins/lua/dmarc.lua
View File
| @@ -307,7 +307,7 @@ local function dmarc_validate_policy(task, policy, hdrfromdom, dmarc_esld) | |||
| -- Dmarc domain key must include dmarc domain, rua and period | |||
| local dmarc_domain_key = table.concat( | |||
| { settings.reporting.redis_keys.report_prefix, dmarc_esld, policy.rua, period }, | |||
| { settings.reporting.redis_keys.report_prefix, policy.domain, policy.rua, period }, | |||
| settings.reporting.redis_keys.join_char) | |||
| local report_data = dmarc_common.dmarc_report(task, settings, { | |||
| spf_ok = spf_ok and 'pass' or 'fail', | |||
Loading…