diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-28 13:39:23 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-28 13:39:23 +0000 |
commit | a171bcffba32c751a5c40c5d795fb6c36c4f83d9 (patch) | |
tree | 3bbdd5ed4bebd1f03a03e92327d3b8cedb216f7c | |
parent | 3a995b7221266ab58f8b3fac8fb02e70c23c42a9 (diff) | |
download | rspamd-a171bcffba32c751a5c40c5d795fb6c36c4f83d9.tar.gz rspamd-a171bcffba32c751a5c40c5d795fb6c36c4f83d9.zip |
[Fix] Perform policy downgrade on sample out, add tests
-rw-r--r-- | src/plugins/lua/dmarc.lua | 14 | ||||
-rw-r--r-- | test/functional/cases/115_dmarc.robot | 7 | ||||
-rw-r--r-- | test/functional/messages/dmarc/pct_none1.eml | 17 |
3 files changed, 34 insertions, 4 deletions
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua index af43a5b8c..1bac6fb29 100644 --- a/src/plugins/lua/dmarc.lua +++ b/src/plugins/lua/dmarc.lua @@ -419,11 +419,19 @@ local function dmarc_validate_policy(task, policy, hdrfromdom, dmarc_esld) if (coin > policy.pct) then if (not no_sampling_domains or not no_sampling_domains:get_key(policy.domain)) then - task:insert_result(dmarc_symbols['softfail'], 1.0, + + if what == 'reject' then + disposition = 'quarantine' + else + disposition = 'softfail' + end + + task:insert_result(dmarc_symbols[disposition], 1.0, policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "sampled_out") sampled_out = true - lua_util.debugm(N, task, 'changed dmarc policy from %s to %s, sampled out: %s < %s', - what, 'softfail', coin, policy.pct) + lua_util.debugm(N, task, + 'changed dmarc policy from %s to %s, sampled out: %s < %s', + what, disposition, coin, policy.pct) else task:insert_result(dmarc_symbols[what], 1.0, policy.domain .. ' : ' .. reason_str, policy.dmarc_policy, "local_policy") diff --git a/test/functional/cases/115_dmarc.robot b/test/functional/cases/115_dmarc.robot index 93bce71da..597a6a330 100644 --- a/test/functional/cases/115_dmarc.robot +++ b/test/functional/cases/115_dmarc.robot @@ -77,9 +77,14 @@ DMARC NA NXDOMAIN ... -i 37.48.67.26 --from foo@mom.za.org Check Rspamc ${result} DMARC_NA -DMARC PCT ZERO +DMARC PCT ZERO REJECT ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/pct_none.eml ... -i 37.48.67.26 --from foo@mom.za.org + Check Rspamc ${result} DMARC_POLICY_QUARANTINE + +DMARC PCT ZERO SP QUARANTINE + ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/pct_none1.eml + ... -i 37.48.67.26 --from foo@mom.za.org Check Rspamc ${result} DMARC_POLICY_SOFTFAIL DKIM PERMFAIL NXDOMAIN diff --git a/test/functional/messages/dmarc/pct_none1.eml b/test/functional/messages/dmarc/pct_none1.eml new file mode 100644 index 000000000..a0cd9fd6a --- /dev/null +++ b/test/functional/messages/dmarc/pct_none1.eml @@ -0,0 +1,17 @@ +Date: Tue, 09 Aug 2016 10:01:27 +0200 +Message-ID: <20160809100128@rspamd.tk> +From: Rspamd <foo@subdomain.zero_pct.com> +To: foo@rspamd.tk +Subject: hello +Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes +MIME-Version: 1.0 +Content-Disposition: inline +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rspamd.tk; s=testdkim; + t=1470729879; h=from:subject:date:message-id:to:mime-version:content-type; + bh=7HkRgYnNru3SR2EWfgWU8yhM0MOH6ZZrPoEIgNIh8wc=; + b=kTIV4jcgv9sWFh2JFrS/+PcNxiloituqjmHHqeJOTfa+/9C+Er8BjnMysTJyYVq36Gnv0OZDgLr3Yy4YP5Lzbt1M9ZdN5cJqO7yn1N7wyaGfkt++b09rIYBy5Dkk7OWyP3cDThqDzv8C9heSvqBSEsirFsbt3Wx2g/hWiJlnjew= + + +hello + + |