mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10374 Commits
29 Branches
Tree: acd5eaa40c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'acd5eaa40c'
${ noResults }
rspamd/lualib/auth_results.lua

auth_results.lua 5.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192 
  1. --[[

  2. Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org>

  3. Copyright (c) 2017, Vsevolod Stakhov <vsevolod@highsecure.ru>

  4. 

  5. Licensed under the Apache License, Version 2.0 (the "License");

  6. you may not use this file except in compliance with the License.

  7. You may obtain a copy of the License at

  8. 

  9.     http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11. Unless required by applicable law or agreed to in writing, software

  12. distributed under the License is distributed on an "AS IS" BASIS,

  13. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. See the License for the specific language governing permissions and

  15. limitations under the License.

  16. ]]--

  17. 

  18. local global = require "global_functions"

  19. 

  20. local default_settings = {

  21.   spf_symbols = {

  22.     pass = 'R_SPF_ALLOW',

  23.     fail = 'R_SPF_FAIL',

  24.     softfail = 'R_SPF_SOFTFAIL',

  25.     neutral = 'R_SPF_NEUTRAL',

  26.     temperror = 'R_SPF_DNSFAIL',

  27.     none = 'R_SPF_NA',

  28.     permerror = 'R_SPF_PERMFAIL',

  29.   },

  30.   dkim_symbols = {

  31.     pass = 'R_DKIM_ALLOW',

  32.     fail = 'R_DKIM_REJECT',

  33.     temperror = 'R_DKIM_TEMPFAIL',

  34.     none = 'R_DKIM_NA',

  35.     permerror = 'R_DKIM_PERMFAIL',

  36.   },

  37.   dmarc_symbols = {

  38.     pass = 'DMARC_POLICY_ALLOW',

  39.     permerror = 'DMARC_BAD_POLICY',

  40.     temperror = 'DMARC_DNSFAIL',

  41.     none = 'DMARC_NA',

  42.     reject = 'DMARC_POLICY_REJECT',

  43.     softfail = 'DMARC_POLICY_SOFTFAIL',

  44.     quarantine = 'DMARC_POLICY_QUARANTINE',

  45.   },

  46.   arc_symbols = {

  47.     pass = 'ARC_ALLOW',

  48.     permerror = 'ARC_INVALID',

  49.     temperror = 'ARC_DNSFAIL',

  50.     none = 'ARC_NA',

  51.     reject = 'ARC_REJECT',

  52.   },

  53. }

  54. 

  55. local exports = {}

  56. 

  57. local function gen_auth_results(task, settings)

  58.   local table = table

  59.   local pairs = pairs

  60.   local ipairs = ipairs

  61.   local auth_results, hdr_parts = {}, {}

  62. 

  63.   if not settings then

  64.     settings = default_settings

  65.   end

  66. 

  67.   local auth_types = {

  68.     dkim = settings.dkim_symbols,

  69.     dmarc = settings.dmarc_symbols,

  70.     spf = settings.spf_symbols,

  71.     arc = settings.arc_symbols,

  72.   }

  73. 

  74.   local common = {

  75.     symbols = {}

  76.   }

  77. 

  78.   local received = task:get_received_headers() or {}

  79.   local mxname = (received[1] or {}).by_hostname

  80.   if mxname then

  81.     table.insert(hdr_parts, mxname)

  82.   end

  83. 

  84.   for auth_type, symbols in pairs(auth_types) do

  85.     for key, sym in pairs(symbols) do

  86.       if not common.symbols.sym then

  87.         local s = task:get_symbol(sym)

  88.         if not s then

  89.           common.symbols[sym] = false

  90.         else

  91.           common.symbols[sym] = s

  92.           if not auth_results[auth_type] then

  93.             auth_results[auth_type] = {key}

  94.           else

  95.             table.insert(auth_results[auth_type], key)

  96.           end

  97. 

  98.           if auth_type ~= 'dkim' then

  99.             break

  100.           end

  101.         end

  102.       end

  103.     end

  104.   end

  105. 

  106.   for auth_type, keys in pairs(auth_results) do

  107.     for _, key in ipairs(keys) do

  108.       local hdr = ''

  109.       if auth_type == 'dmarc' and key ~= 'none' then

  110.         local opts = common.symbols[auth_types['dmarc'][key]][1]['options'] or {}

  111.         hdr = hdr .. 'dmarc='

  112.         if key == 'reject' or key == 'quarantine' or key == 'softfail' then

  113.           hdr = hdr .. 'fail'

  114.         else

  115.           hdr = hdr .. key

  116.         end

  117.         if key == 'pass' then

  118.           hdr = hdr .. ' policy=' .. opts[2]

  119.           hdr = hdr .. ' header.from=' .. opts[1]

  120.         elseif key ~= 'none' then

  121.           local t = global.rspamd_str_split(opts[1], ' : ')

  122.           local dom = t[1]

  123.           local rsn = t[2]

  124.           if rsn then

  125.             hdr = hdr .. ' reason="' .. rsn .. '"'

  126.           end

  127.           hdr = hdr .. ' header.from=' .. dom

  128.           if key == 'softfail' then

  129.             hdr = hdr .. ' policy=none'

  130.           else

  131.             hdr = hdr .. ' policy=' .. key

  132.           end

  133.         end

  134.         table.insert(hdr_parts, hdr)

  135.       elseif auth_type == 'dkim' and key ~= 'none' then

  136.         if common.symbols[auth_types['dkim'][key]][1] then

  137.           local opts = common.symbols[auth_types['dkim'][key]][1]['options']

  138.           for _, v in ipairs(opts) do

  139.             hdr = hdr .. auth_type .. '=' .. key .. ' header.d=' .. v

  140.             table.insert(hdr_parts, hdr)

  141.           end

  142.         end

  143.       elseif auth_type == 'arc' and key ~= 'none' then

  144.         if common.symbols[auth_types['arc'][key]][1] then

  145.           local opts = common.symbols[auth_types['arc'][key]][1]['options'] or {}

  146.           for _, v in ipairs(opts) do

  147.             hdr = hdr .. auth_type .. '=' .. key .. ' (' .. v .. ')'

  148.             table.insert(hdr_parts, hdr)

  149.           end

  150.         end

  151.       elseif auth_type == 'spf' and key ~= 'none' then

  152.         hdr = hdr .. auth_type .. '=' .. key

  153.         local smtp_from = task:get_from('smtp')

  154.         if smtp_from['addr'] ~= '' and smtp_from['addr'] ~= nil then

  155.           hdr = hdr .. ' smtp.mailfrom=' .. smtp_from['addr']

  156.         else

  157.           local helo = task:get_helo()

  158.           if helo then

  159.             hdr = hdr .. ' smtp.helo=' .. task:get_helo()

  160.           end

  161.         end

  162.         table.insert(hdr_parts, hdr)

  163.       end

  164.     end

  165.   end

  166. 

  167.   local u = task:get_user()

  168.   local smtp_from = task:get_from('smtp')

  169. 

  170.   if u and smtp_from then

  171.     local hdr

  172. 

  173.     if #smtp_from[1]['addr'] > 0 then

  174.       hdr = string.format('auth=pass smtp.auth=%s smtp.mailfrom=%s',

  175.         u, smtp_from[1]['addr'])

  176.     else

  177.       hdr = string.format('auth=pass smtp.auth=%s', u)

  178.     end

  179. 

  180.     table.insert(hdr_parts, hdr)

  181.   end

  182. 

  183.   if #hdr_parts > 0 then

  184.     return table.concat(hdr_parts, '; ')

  185.   end

  186. 

  187.   return nil

  188. end

  189. 

  190. exports.gen_auth_results = gen_auth_results

  191. 

  192. return exports