summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-11-28 13:39:23 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-11-28 13:39:23 +0000
commita171bcffba32c751a5c40c5d795fb6c36c4f83d9 (patch)
tree3bbdd5ed4bebd1f03a03e92327d3b8cedb216f7c
parent3a995b7221266ab58f8b3fac8fb02e70c23c42a9 (diff)
downloadrspamd-a171bcffba32c751a5c40c5d795fb6c36c4f83d9.tar.gz
rspamd-a171bcffba32c751a5c40c5d795fb6c36c4f83d9.zip
[Fix] Perform policy downgrade on sample out, add tests
-rw-r--r--src/plugins/lua/dmarc.lua14
-rw-r--r--test/functional/cases/115_dmarc.robot7
-rw-r--r--test/functional/messages/dmarc/pct_none1.eml17
3 files changed, 34 insertions, 4 deletions
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua
index af43a5b8c..1bac6fb29 100644
--- a/src/plugins/lua/dmarc.lua
+++ b/src/plugins/lua/dmarc.lua
@@ -419,11 +419,19 @@ local function dmarc_validate_policy(task, policy, hdrfromdom, dmarc_esld)
if (coin > policy.pct) then
if (not no_sampling_domains or
not no_sampling_domains:get_key(policy.domain)) then
- task:insert_result(dmarc_symbols['softfail'], 1.0,
+
+ if what == 'reject' then
+ disposition = 'quarantine'
+ else
+ disposition = 'softfail'
+ end
+
+ task:insert_result(dmarc_symbols[disposition], 1.0,
policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "sampled_out")
sampled_out = true
- lua_util.debugm(N, task, 'changed dmarc policy from %s to %s, sampled out: %s < %s',
- what, 'softfail', coin, policy.pct)
+ lua_util.debugm(N, task,
+ 'changed dmarc policy from %s to %s, sampled out: %s < %s',
+ what, disposition, coin, policy.pct)
else
task:insert_result(dmarc_symbols[what], 1.0,
policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "local_policy")
diff --git a/test/functional/cases/115_dmarc.robot b/test/functional/cases/115_dmarc.robot
index 93bce71da..597a6a330 100644
--- a/test/functional/cases/115_dmarc.robot
+++ b/test/functional/cases/115_dmarc.robot
@@ -77,9 +77,14 @@ DMARC NA NXDOMAIN
... -i 37.48.67.26 --from foo@mom.za.org
Check Rspamc ${result} DMARC_NA
-DMARC PCT ZERO
+DMARC PCT ZERO REJECT
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/pct_none.eml
... -i 37.48.67.26 --from foo@mom.za.org
+ Check Rspamc ${result} DMARC_POLICY_QUARANTINE
+
+DMARC PCT ZERO SP QUARANTINE
+ ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/pct_none1.eml
+ ... -i 37.48.67.26 --from foo@mom.za.org
Check Rspamc ${result} DMARC_POLICY_SOFTFAIL
DKIM PERMFAIL NXDOMAIN
diff --git a/test/functional/messages/dmarc/pct_none1.eml b/test/functional/messages/dmarc/pct_none1.eml
new file mode 100644
index 000000000..a0cd9fd6a
--- /dev/null
+++ b/test/functional/messages/dmarc/pct_none1.eml
@@ -0,0 +1,17 @@
+Date: Tue, 09 Aug 2016 10:01:27 +0200
+Message-ID: <20160809100128@rspamd.tk>
+From: Rspamd <foo@subdomain.zero_pct.com>
+To: foo@rspamd.tk
+Subject: hello
+Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
+MIME-Version: 1.0
+Content-Disposition: inline
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rspamd.tk; s=testdkim;
+ t=1470729879; h=from:subject:date:message-id:to:mime-version:content-type;
+ bh=7HkRgYnNru3SR2EWfgWU8yhM0MOH6ZZrPoEIgNIh8wc=;
+ b=kTIV4jcgv9sWFh2JFrS/+PcNxiloituqjmHHqeJOTfa+/9C+Er8BjnMysTJyYVq36Gnv0OZDgLr3Yy4YP5Lzbt1M9ZdN5cJqO7yn1N7wyaGfkt++b09rIYBy5Dkk7OWyP3cDThqDzv8C9heSvqBSEsirFsbt3Wx2g/hWiJlnjew=
+
+
+hello
+
+