diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-06-04 21:36:58 +0400 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-06-04 21:36:58 +0400 |
| commit | 1048ad10cdfaa0d7a47e65557227579da8e4ce75 (patch) | |
| tree | 5293321584c393991cf2ed52bcfe6e9a8ebabad5 | |
| parent | f4d88ed701fb6e4fed7077ec63ea9688184f7c84 (diff) | |
| download | rspamd-1048ad10cdfaa0d7a47e65557227579da8e4ce75.tar.gz rspamd-1048ad10cdfaa0d7a47e65557227579da8e4ce75.zip | |
* Implement 'time_jitter' setting allowing to check signatures in future in case of incorrect system time (1 minute jittering by default).
| -rw-r--r-- | src/dkim.c | 4 | ||||
| -rw-r--r-- | src/dkim.h | 3 | ||||
| -rw-r--r-- | src/plugins/dkim_check.c | 12 | ||||
| -rw-r--r-- | test/rspamd_dkim_test.c | 2 |
4 files changed, 16 insertions, 5 deletions
diff --git a/src/dkim.c b/src/dkim.c index 6fa1b0957..dec600e67 100644 --- a/src/dkim.c +++ b/src/dkim.c @@ -349,7 +349,7 @@ rspamd_dkim_parse_bodylength (rspamd_dkim_context_t* ctx, const gchar *param, gs * @return new context or NULL */ rspamd_dkim_context_t* -rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err) +rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, guint time_jitter, GError **err) { const gchar *p, *c, *tag, *end; gsize taglen; @@ -577,7 +577,7 @@ rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err) } /* Check expiration */ now = time (NULL); - if (new->timestamp && new->timestamp > now) { + if (new->timestamp && now < new->timestamp && new->timestamp - now > (gint)time_jitter) { g_set_error (err, DKIM_ERROR, DKIM_SIGERROR_FUTURE, "signature was made in future, ignoring"); return NULL; } diff --git a/src/dkim.h b/src/dkim.h index 0dda5761f..f4fc21863 100644 --- a/src/dkim.h +++ b/src/dkim.h @@ -172,10 +172,11 @@ typedef void (*dkim_key_handler_f)(rspamd_dkim_key_t *key, gsize keylen, rspamd_ * Create new dkim context from signature * @param sig message's signature * @param pool pool to allocate memory from + * @param time_jitter jitter in seconds to allow time diff while checking * @param err pointer to error object * @return new context or NULL */ -rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err); +rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, guint time_jitter, GError **err); /** * Make DNS request for specified context and obtain and parse key diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c index ce4fdb1d1..c5e9d4416 100644 --- a/src/plugins/dkim_check.c +++ b/src/plugins/dkim_check.c @@ -33,6 +33,7 @@ * - domains (map): map of domains to check (if absent all domains are checked) * - strict_domains (map): map of domains that requires strict score for dkim * - strict_multiplier (number): multiplier for strict domains + * - time_jitter (number): jitter in seconds to allow time diff while checking */ #include "config.h" @@ -52,6 +53,7 @@ #define DEFAULT_SYMBOL_ALLOW "R_DKIM_ALLOW" #define DEFAULT_CACHE_SIZE 2048 #define DEFAULT_CACHE_MAXAGE 86400 +#define DEFAULT_TIME_JITTER 60 struct dkim_ctx { gint (*filter) (struct worker_task * task); @@ -64,6 +66,7 @@ struct dkim_ctx { GHashTable *dkim_domains; GHashTable *strict_domains; guint strict_multiplier; + guint time_jitter; rspamd_lru_hash_t *dkim_hash; }; @@ -100,6 +103,7 @@ dkim_module_init (struct config_file *cfg, struct module_ctx **ctx) register_module_opt ("dkim", "domains", MODULE_OPT_TYPE_MAP); register_module_opt ("dkim", "strict_domains", MODULE_OPT_TYPE_MAP); register_module_opt ("dkim", "strict_multiplier", MODULE_OPT_TYPE_UINT); + register_module_opt ("dkim", "time_jitter", MODULE_OPT_TYPE_TIME); return 0; } @@ -143,6 +147,12 @@ dkim_module_config (struct config_file *cfg) else { cache_expire = DEFAULT_CACHE_MAXAGE; } + if ((value = get_module_opt (cfg, "dkim", "time_jitter")) != NULL) { + dkim_module_ctx->time_jitter = cfg_parse_time (value, TIME_SECONDS) / 1000; + } + else { + dkim_module_ctx->time_jitter = DEFAULT_TIME_JITTER; + } if ((value = get_module_opt (cfg, "dkim", "whitelist")) != NULL) { if (! add_map (value, read_radix_list, fin_radix_list, (void **)&dkim_module_ctx->whitelist_ip)) { msg_warn ("cannot load whitelist from %s", value); @@ -285,7 +295,7 @@ dkim_symbol_callback (struct worker_task *task, void *unused) #endif /* Parse signature */ msg_debug ("create dkim signature"); - ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, &err); + ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, dkim_module_ctx->time_jitter, &err); if (ctx == NULL) { msg_info ("cannot parse DKIM context: %s", err->message); g_error_free (err); diff --git a/test/rspamd_dkim_test.c b/test/rspamd_dkim_test.c index ac9a88d84..b6a613e48 100644 --- a/test/rspamd_dkim_test.c +++ b/test/rspamd_dkim_test.c @@ -81,7 +81,7 @@ rspamd_dkim_test_func () g_assert (resolver != NULL); - ctx = rspamd_create_dkim_context (test_dkim_sig, pool, &err); + ctx = rspamd_create_dkim_context (test_dkim_sig, pool, 0, &err); g_assert (ctx != NULL); |