mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 160 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5804 Commits
29 Branches
Tree: aee3e6a68d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aee3e6a68d'
${ noResults }
rspamd/rules/http_headers.lua

http_headers.lua 4.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. --[[

  2. Copyright (c) 2015, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. All rights reserved.

  4. 

  5. Redistribution and use in source and binary forms, with or without

  6. modification, are permitted provided that the following conditions are met:

  7. 

  8. 1. Redistributions of source code must retain the above copyright notice, this

  9. list of conditions and the following disclaimer.

  10. 

  11. 2. Redistributions in binary form must reproduce the above copyright notice,

  12. this list of conditions and the following disclaimer in the documentation

  13. and/or other materials provided with the distribution.

  14. 

  15. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

  16. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

  17. WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  18. DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

  19. FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  20. DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

  21. SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  22. CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

  23. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

  24. OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  25. ]]--

  26. 

  27. local logger = require "rspamd_logger"

  28. local ucl = require "ucl"

  29. 

  30. -- Disable DKIM checks if passed via HTTP headers

  31. rspamd_config:add_condition("R_DKIM_ALLOW", function(task)

  32.   local hdr = task:get_request_header('DKIM')

  33. 

  34.   if hdr then

  35.     local parser = ucl.parser()

  36.     local res, err = parser:parse_string(tostring(hdr))

  37.     if not res then

  38.       logger.infox(task, "cannot parse DKIM header: %1", err)

  39.       return true

  40.     end

  41. 

  42.     local obj = parser:get_object()

  43. 

  44.     if obj['result'] then

  45.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  46.         task:insert_result('R_DKIM_ALLOW', 1.0, 'http header')

  47.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  48.         task:insert_result('R_DKIM_REJECT', 1.0, 'http header')

  49.       elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then

  50.         task:insert_result('R_DKIM_TEMPFAIL', 1.0, 'http header')

  51.       end

  52. 

  53.       return false

  54.     end

  55.   end

  56. 

  57.   return true

  58. end)

  59. 

  60. -- Disable DKIM checks if passed via HTTP headers

  61. rspamd_config:add_condition("R_SPF_ALLOW", function(task)

  62.   local hdr = task:get_request_header('SPF')

  63. 

  64.   if hdr then

  65.     local parser = ucl.parser()

  66.     local res, err = parser:parse_string(tostring(hdr))

  67.     if not res then

  68.       logger.infox(task, "cannot parse SPF header: %1", err)

  69.       return true

  70.     end

  71. 

  72.     local obj = parser:get_object()

  73. 

  74.     if obj['result'] then

  75.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  76.         task:insert_result('R_SPF_ALLOW', 1.0, 'http header')

  77.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  78.         task:insert_result('R_SPF_FAIL', 1.0, 'http header')

  79.       elseif obj['result'] == 'neutral' then

  80.         task:insert_result('R_SPF_NEUTRAL', 1.0, 'http header')

  81.       elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then

  82.         task:insert_result('R_SPF_TEMPFAIL', 1.0, 'http header')

  83.       end

  84. 

  85.       return false

  86.     end

  87.   end

  88. 

  89.   return true

  90. end)

  91. 

  92. rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)

  93.   local hdr = task:get_request_header('DMARC')

  94. 

  95.   if hdr then

  96.     local parser = ucl.parser()

  97.     local res, err = parser:parse_string(tostring(hdr))

  98.     if not res then

  99.       logger.infox(task, "cannot parse DMARC header: %1", err)

  100.       return true

  101.     end

  102. 

  103.     local obj = parser:get_object()

  104. 

  105.     if obj['result'] then

  106.       if obj['result'] == 'pass' or obj['result'] == 'allow' then

  107.         task:insert_result('DMARC_POLICY_ALLOW', 1.0, 'http header')

  108.       elseif obj['result'] == 'fail' or obj['result'] == 'reject' then

  109.         task:insert_result('DMARC_POLICY_REJECT', 1.0, 'http header')

  110.       elseif obj['result'] == 'quarantine' then

  111.         task:insert_result('DMARC_POLICY_QUARANTINE', 1.0, 'http header')

  112.       elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then

  113.         task:insert_result('DMARC_POLICY_SOFTFAIL', 1.0, 'http header')

  114.       end

  115. 

  116.       return false

  117.     end

  118.   end

  119. 

  120.   return true

  121. end)