mirrors
/
rspamd
mirror da https://github.com/vstakhov/rspamd.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 159 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17728 Commit
29 Rami (Branch)
Albero (Tree): 65f8e34178
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '65f8e34178'
${ noResults }
rspamd/src/plugins/lua/http_headers.lua

http_headers.lua 6.4KB
Originale Blame Cronologia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198 
  1. --[[

  2. Copyright (c) 2015, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. local logger = require "rspamd_logger"

  18. local ucl = require "ucl"

  19. 

  20. local spf_symbols = {

  21.   symbol_allow = 'R_SPF_ALLOW',

  22.   symbol_deny = 'R_SPF_FAIL',

  23.   symbol_softfail = 'R_SPF_SOFTFAIL',

  24.   symbol_neutral = 'R_SPF_NEUTRAL',

  25.   symbol_tempfail = 'R_SPF_DNSFAIL',

  26.   symbol_na = 'R_SPF_NA',

  27.   symbol_permfail = 'R_SPF_PERMFAIL',

  28. }

  29. 

  30. local dkim_symbols = {

  31.   symbol_allow = 'R_DKIM_ALLOW',

  32.   symbol_deny = 'R_DKIM_REJECT',

  33.   symbol_tempfail = 'R_DKIM_TEMPFAIL',

  34.   symbol_na = 'R_DKIM_NA',

  35.   symbol_permfail = 'R_DKIM_PERMFAIL',

  36.   symbol_trace = 'DKIM_TRACE',

  37. }

  38. 

  39. local dkim_trace = {

  40.   pass = '+',

  41.   fail = '-',

  42.   temperror = '?',

  43.   permerror = '~',

  44. }

  45. 

  46. local dmarc_symbols = {

  47.   allow = 'DMARC_POLICY_ALLOW',

  48.   badpolicy = 'DMARC_BAD_POLICY',

  49.   dnsfail = 'DMARC_DNSFAIL',

  50.   na = 'DMARC_NA',

  51.   reject = 'DMARC_POLICY_REJECT',

  52.   softfail = 'DMARC_POLICY_SOFTFAIL',

  53.   quarantine = 'DMARC_POLICY_QUARANTINE',

  54. }

  55. 

  56. local opts = rspamd_config:get_all_opt('dmarc')

  57. if opts and opts['symbols'] then

  58.   for k,_ in pairs(dmarc_symbols) do

  59.     if opts['symbols'][k] then

  60.       dmarc_symbols[k] = opts['symbols'][k]

  61.     end

  62.   end

  63. end

  64. 

  65. opts = rspamd_config:get_all_opt('dkim')

  66. if opts then

  67.   for k,_ in pairs(dkim_symbols) do

  68.     if opts[k] then

  69.       dkim_symbols[k] = opts[k]

  70.     end

  71.   end

  72. end

  73. 

  74. opts = rspamd_config:get_all_opt('spf')

  75. if opts then

  76.   for k,_ in pairs(spf_symbols) do

  77.     if opts[k] then

  78.       spf_symbols[k] = opts[k]

  79.     end

  80.   end

  81. end

  82. 

  83. -- Disable DKIM checks if passed via HTTP headers

  84. rspamd_config:add_condition("DKIM_CHECK", function(task)

  85.   local hdr = task:get_request_header('DKIM')

  86. 

  87.   if hdr then

  88.     local parser = ucl.parser()

  89.     local res, err = parser:parse_string(tostring(hdr))

  90.     if not res then

  91.       logger.infox(task, "cannot parse DKIM header: %1", err)

  92.       return true

  93.     end

  94. 

  95.     local p_obj = parser:get_object()

  96.     local results = p_obj['results']

  97.     if not results and p_obj['result'] then

  98.       results = {{result = p_obj['result'], domain = 'unknown'}}

  99.     end

  100. 

  101.     if results then

  102.       for _, obj in ipairs(results) do

  103. 	local dkim_domain = obj['domain'] or 'unknown'

  104.         if obj['result'] == 'pass' or obj['result'] == 'allow' then

  105.           task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')

  106.           task:insert_result(dkim_symbols['symbol_trace'], 1.0,

  107. 	      string.format('%s:%s', dkim_domain, dkim_trace.pass))

  108.         elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  109.           task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')

  110.           task:insert_result(dkim_symbols['symbol_trace'], 1.0,

  111. 	      string.format('%s:%s', dkim_domain, dkim_trace.fail))

  112.         elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then

  113.           task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')

  114.           task:insert_result(dkim_symbols['symbol_trace'], 1.0,

  115. 	      string.format('%s:%s', dkim_domain, dkim_trace.temperror))

  116.         elseif obj['result'] == 'permfail' then

  117.           task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')

  118.           task:insert_result(dkim_symbols['symbol_trace'], 1.0,

  119. 	      string.format('%s:%s', dkim_domain, dkim_trace.permerror))

  120.         elseif obj['result'] == 'na' then

  121.           task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')

  122.         end

  123.       end

  124.     end

  125.   end

  126. 

  127.   return false

  128. end)

  129. 

  130. -- Disable SPF checks if passed via HTTP headers

  131. rspamd_config:add_condition("SPF_CHECK", function(task)

  132.   local hdr = task:get_request_header('SPF')

  133. 

  134.   if hdr then

  135.     local parser = ucl.parser()

  136.     local res, err = parser:parse_string(tostring(hdr))

  137.     if not res then

  138.       logger.infox(task, "cannot parse SPF header: %1", err)

  139.       return true

  140.     end

  141. 

  142.     local obj = parser:get_object()

  143. 

  144.     if obj['result'] then

  145.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  146.         task:insert_result(spf_symbols['symbol_allow'], 1.0, 'http header')

  147.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  148.         task:insert_result(spf_symbols['symbol_deny'], 1.0, 'http header')

  149.       elseif obj['result'] == 'neutral' then

  150.         task:insert_result(spf_symbols['symbol_neutral'], 1.0, 'http header')

  151.       elseif obj['result'] == 'softfail' then

  152.         task:insert_result(spf_symbols['symbol_softfail'], 1.0, 'http header')

  153.       elseif obj['result'] == 'permfail' then

  154.         task:insert_result(spf_symbols['symbol_permfail'], 1.0, 'http header')

  155.       elseif obj['result'] == 'na' then

  156.         task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header')

  157.       end

  158.     end

  159.   end

  160. 

  161.   return false

  162. end)

  163. 

  164. rspamd_config:add_condition("DMARC_CALLBACK", function(task)

  165.   local hdr = task:get_request_header('DMARC')

  166. 

  167.   if hdr then

  168.     local parser = ucl.parser()

  169.     local res, err = parser:parse_string(tostring(hdr))

  170.     if not res then

  171.       logger.infox(task, "cannot parse DMARC header: %1", err)

  172.       return true

  173.     end

  174. 

  175.     local obj = parser:get_object()

  176. 

  177.     if obj['result'] then

  178.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  179.         task:insert_result(dmarc_symbols['allow'], 1.0, 'http header')

  180.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  181.         task:insert_result(dmarc_symbols['reject'], 1.0, 'http header')

  182.       elseif obj['result'] == 'quarantine' then

  183.         task:insert_result(dmarc_symbols['quarantine'], 1.0, 'http header')

  184.       elseif obj['result'] == 'tempfail' then

  185.         task:insert_result(dmarc_symbols['dnsfail'], 1.0, 'http header')

  186.       elseif obj['result'] == 'softfail' or obj['result'] == 'none' then

  187.         task:insert_result(dmarc_symbols['softfail'], 1.0, 'http header')

  188.       elseif obj['result'] == 'permfail' or obj['result'] == 'badpolicy' then

  189.         task:insert_result(dmarc_symbols['badpolicy'], 1.0, 'http header')

  190.       elseif obj['result'] == 'na' then

  191.         task:insert_result(dmarc_symbols['na'], 1.0, 'http header')

  192.       end

  193.     end

  194.   end

  195. 

  196.   return false

  197. end)