diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-08-18 11:28:42 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-08-18 11:28:42 +0100 |
| commit | e63b226f0e7c44d9d9b1946a0af05b4c9ddee291 (patch) | |
| tree | ad901e3eebdad292a53be14c1167b533ca212268 | |
| parent | 925e2c9fef46a7556c4ec58ceb91984b5a10b7c8 (diff) | |
| download | rspamd-e63b226f0e7c44d9d9b1946a0af05b4c9ddee291.tar.gz rspamd-e63b226f0e7c44d9d9b1946a0af05b4c9ddee291.zip | |
[Minor] Dkim/ARC: allow to sign merely for specific settings id
| -rw-r--r-- | src/plugins/lua/arc.lua | 16 | ||||
| -rw-r--r-- | src/plugins/lua/dkim_signing.lua | 15 |
2 files changed, 25 insertions, 6 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index caad92737..31327f595 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -89,6 +89,8 @@ local settings = { key_prefix = 'arc_keys', -- default hash name reuse_auth_results = false, -- Reuse the existing authentication results whitelisted_signers_map = nil, -- Trusted signers domains + allowed_ids = nil, -- Allowed settings id + forbidden_ids = nil, -- Banned settings id } -- To match normal AR @@ -684,12 +686,20 @@ if settings.use_redis then settings.redis_params = redis_params end -rspamd_config:register_symbol({ +local sym_reg_tbl = { name = settings['sign_symbol'], callback = arc_signing_cb, groups = {"policies", "arc"}, score = 0.0, -}) +} +if type(settings.allowed_ids) == 'table' then + sym_reg_tbl.allowed_ids = settings.allowed_ids +end +if type(settings.forbidden_ids) == 'table' then + sym_reg_tbl.forbidden_ids = settings.forbidden_ids +end + +rspamd_config:register_symbol(sym_reg_tbl) --- Do not sign unless valid +-- Do not sign unless checked rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CALLBACK') diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 4dfcd3b81..cfb8d8fe2 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -33,6 +33,8 @@ local settings = { allow_username_mismatch = false, allow_pubkey_mismatch = true, sign_authenticated = true, + allowed_ids = nil, + forbidden_ids = nil, check_pubkey = false, domain = {}, path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'dkim', '$domain.$selector.key'), @@ -160,13 +162,20 @@ if settings.use_redis then settings.redis_params = redis_params end - -rspamd_config:register_symbol({ +local sym_reg_tbl = { name = settings['symbol'], callback = dkim_signing_cb, groups = {"policies", "dkim"}, score = 0.0, -}) +} + +if type(settings.allowed_ids) == 'table' then + sym_reg_tbl.allowed_ids = settings.allowed_ids +end +if type(settings.forbidden_ids) == 'table' then + sym_reg_tbl.forbidden_ids = settings.forbidden_ids +end +rspamd_config:register_symbol(sym_reg_tbl) -- Add dependency on DKIM checks rspamd_config:register_dependency(settings['symbol'], 'DKIM_CHECK') |