mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17081 Commits
28 Branches
Tree: 742c4d84e4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '742c4d84e4'
${ noResults }
rspamd/rules/http_headers.lua

http_headers.lua 5.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. --[[

  2. Copyright (c) 2015, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. local logger = require "rspamd_logger"

  18. local ucl = require "ucl"

  19. 

  20. local spf_symbols = {

  21.   symbol_allow = 'R_SPF_ALLOW',

  22.   symbol_deny = 'R_SPF_FAIL',

  23.   symbol_softfail = 'R_SPF_SOFTFAIL',

  24.   symbol_neutral = 'R_SPF_NEUTRAL',

  25.   symbol_tempfail = 'R_SPF_DNSFAIL',

  26.   symbol_na = 'R_SPF_NA',

  27.   symbol_permfail = 'R_SPF_PERMFAIL',

  28. }

  29. 

  30. local dkim_symbols = {

  31.   symbol_allow = 'R_DKIM_ALLOW',

  32.   symbol_deny = 'R_DKIM_REJECT',

  33.   symbol_tempfail = 'R_DKIM_TEMPFAIL',

  34.   symbol_na = 'R_DKIM_NA',

  35.   symbol_permfail = 'R_DKIM_PERMFAIL',

  36. }

  37. 

  38. local dmarc_symbols = {

  39.   allow = 'DMARC_POLICY_ALLOW',

  40.   badpolicy = 'DMARC_BAD_POLICY',

  41.   dnsfail = 'DMARC_DNSFAIL',

  42.   na = 'DMARC_NA',

  43.   reject = 'DMARC_POLICY_REJECT',

  44.   softfail = 'DMARC_POLICY_SOFTFAIL',

  45.   quarantine = 'DMARC_POLICY_QUARANTINE',

  46. }

  47. 

  48. local opts = rspamd_config:get_all_opt('dmarc')

  49. if opts and opts['symbols'] then

  50.   for k,_ in pairs(dmarc_symbols) do

  51.     if opts['symbols'][k] then

  52.       dmarc_symbols[k] = opts['symbols'][k]

  53.     end

  54.   end

  55. end

  56. 

  57. opts = rspamd_config:get_all_opt('dkim')

  58. if opts then

  59.   for k,_ in pairs(dkim_symbols) do

  60.     if opts[k] then

  61.       dkim_symbols[k] = opts[k]

  62.     end

  63.   end

  64. end

  65. 

  66. opts = rspamd_config:get_all_opt('spf')

  67. if opts then

  68.   for k,_ in pairs(spf_symbols) do

  69.     if opts[k] then

  70.       spf_symbols[k] = opts[k]

  71.     end

  72.   end

  73. end

  74. 

  75. -- Disable DKIM checks if passed via HTTP headers

  76. rspamd_config:add_condition("R_DKIM_ALLOW", function(task)

  77.   local hdr = task:get_request_header('DKIM')

  78. 

  79.   if hdr then

  80.     local parser = ucl.parser()

  81.     local res, err = parser:parse_string(tostring(hdr))

  82.     if not res then

  83.       logger.infox(task, "cannot parse DKIM header: %1", err)

  84.       return true

  85.     end

  86. 

  87.     local obj = parser:get_object()

  88. 

  89.     if obj['result'] then

  90.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  91.         task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')

  92.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  93.         task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')

  94.       elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then

  95.         task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')

  96.       elseif obj['result'] == 'permfail' then

  97.         task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')

  98.       elseif obj['result'] == 'na' then

  99.         task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')

  100.       end

  101. 

  102.       return false

  103.     end

  104.   end

  105. 

  106.   return true

  107. end)

  108. 

  109. -- Disable SPF checks if passed via HTTP headers

  110. rspamd_config:add_condition("R_SPF_ALLOW", function(task)

  111.   local hdr = task:get_request_header('SPF')

  112. 

  113.   if hdr then

  114.     local parser = ucl.parser()

  115.     local res, err = parser:parse_string(tostring(hdr))

  116.     if not res then

  117.       logger.infox(task, "cannot parse SPF header: %1", err)

  118.       return true

  119.     end

  120. 

  121.     local obj = parser:get_object()

  122. 

  123.     if obj['result'] then

  124.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  125.         task:insert_result(spf_symbols['symbol_allow'], 1.0, 'http header')

  126.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  127.         task:insert_result(spf_symbols['symbol_deny'], 1.0, 'http header')

  128.       elseif obj['result'] == 'neutral' then

  129.         task:insert_result(spf_symbols['symbol_neutral'], 1.0, 'http header')

  130.       elseif obj['result'] == 'softfail' then

  131.         task:insert_result(spf_symbols['symbol_softfail'], 1.0, 'http header')

  132.       elseif obj['result'] == 'permfail' then

  133.         task:insert_result(spf_symbols['symbol_permfail'], 1.0, 'http header')

  134.       elseif obj['result'] == 'na' then

  135.         task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header')

  136.       end

  137. 

  138.       return false

  139.     end

  140.   end

  141. 

  142.   return true

  143. end)

  144. 

  145. rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)

  146.   local hdr = task:get_request_header('DMARC')

  147. 

  148.   if hdr then

  149.     local parser = ucl.parser()

  150.     local res, err = parser:parse_string(tostring(hdr))

  151.     if not res then

  152.       logger.infox(task, "cannot parse DMARC header: %1", err)

  153.       return true

  154.     end

  155. 

  156.     local obj = parser:get_object()

  157. 

  158.     if obj['result'] then

  159.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  160.         task:insert_result(dmarc_symbols['allow'], 1.0, 'http header')

  161.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  162.         task:insert_result(dmarc_symbols['reject'], 1.0, 'http header')

  163.       elseif obj['result'] == 'quarantine' then

  164.         task:insert_result(dmarc_symbols['quarantine'], 1.0, 'http header')

  165.       elseif obj['result'] == 'tempfail' then

  166.         task:insert_result(dmarc_symbols['dnsfail'], 1.0, 'http header')

  167.       elseif obj['result'] == 'softfail' or obj['result'] == 'none' then

  168.         task:insert_result(dmarc_symbols['softfail'], 1.0, 'http header')

  169.       elseif obj['result'] == 'permfail' or obj['result'] == 'badpolicy' then

  170.         task:insert_result(dmarc_symbols['badpolicy'], 1.0, 'http header')

  171.       elseif obj['result'] == 'na' then

  172.         task:insert_result(dmarc_symbols['na'], 1.0, 'http header')

  173.       end

  174. 

  175.       return false

  176.     end

  177.   end

  178. 

  179.   return true

  180. end)