diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2016-10-12 18:05:12 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2016-10-12 18:21:50 +0200 |
| commit | 5bb8f5ba183908be22909106fbb8936683ac993d (patch) | |
| tree | b4f513a3742ac27c647fe639bfe76d24c3631072 /rules/http_headers.lua | |
| parent | bb14c999b5e301f3f67edda9bc4b456ef9ef0bf1 (diff) | |
| download | rspamd-5bb8f5ba183908be22909106fbb8936683ac993d.tar.gz rspamd-5bb8f5ba183908be22909106fbb8936683ac993d.zip | |
[Minor] Update http headers rules
- Fix some inaccuracies
- Add new symbols
- Use symbols from configuration
Diffstat (limited to 'rules/http_headers.lua')
| -rw-r--r-- | rules/http_headers.lua | 95 |
1 files changed, 82 insertions, 13 deletions
diff --git a/rules/http_headers.lua b/rules/http_headers.lua index 0252ccce9..ceb1893df 100644 --- a/rules/http_headers.lua +++ b/rules/http_headers.lua @@ -17,6 +17,61 @@ limitations under the License. local logger = require "rspamd_logger" local ucl = require "ucl" +local spf_symbols = { + symbol_allow = 'R_SPF_ALLOW', + symbol_deny = 'R_SPF_FAIL', + symbol_softfail = 'R_SPF_SOFTFAIL', + symbol_neutral = 'R_SPF_NEUTRAL', + symbol_tempfail = 'R_SPF_DNSFAIL', + symbol_na = 'R_SPF_NA', + symbol_permfail = 'R_SPF_PERMFAIL', +} + +local dkim_symbols = { + symbol_allow = 'R_DKIM_ALLOW', + symbol_deny = 'R_DKIM_REJECT', + symbol_tempfail = 'R_DKIM_TEMPFAIL', + symbol_na = 'R_DKIM_NA', + symbol_permfail = 'R_DKIM_PERMFAIL', +} + +local dmarc_symbols = { + allow = 'DMARC_POLICY_ALLOW', + badpolicy = 'DMARC_BAD_POLICY', + dnsfail = 'DMARC_DNSFAIL', + na = 'DMARC_NA', + reject = 'DMARC_POLICY_REJECT', + softfail = 'DMARC_POLICY_SOFTFAIL', + quarantine = 'DMARC_POLICY_QUARANTINE', +} + +local opts = rspamd_config:get_all_opt('dmarc') +if opts and opts['symbols'] then + for k,_ in pairs(dmarc_symbols) do + if opts['symbols'][k] then + dmarc_symbols[k] = opts['symbols'][k] + end + end +end + +local opts = rspamd_config:get_all_opt('dkim') +if opts then + for k,_ in pairs(dkim_symbols) do + if opts[k] then + dkim_symbols[k] = opts[k] + end + end +end + +local opts = rspamd_config:get_all_opt('spf') +if opts then + for k,_ in pairs(spf_symbols) do + if opts[k] then + spf_symbols[k] = opts[k] + end + end +end + -- Disable DKIM checks if passed via HTTP headers rspamd_config:add_condition("R_DKIM_ALLOW", function(task) local hdr = task:get_request_header('DKIM') @@ -33,11 +88,15 @@ rspamd_config:add_condition("R_DKIM_ALLOW", function(task) if obj['result'] then if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result('R_DKIM_ALLOW', 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header') elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result('R_DKIM_REJECT', 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header') elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then - task:insert_result('R_DKIM_TEMPFAIL', 1.0, 'http header') + task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header') + elseif obj['result'] == 'permfail' then + task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header') + elseif obj['result'] == 'na' then + task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header') end return false @@ -63,13 +122,17 @@ rspamd_config:add_condition("R_SPF_ALLOW", function(task) if obj['result'] then if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result('R_SPF_ALLOW', 1.0, 'http header') + task:insert_result(spf_symbols['symbol_allow'], 1.0, 'http header') elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result('R_SPF_FAIL', 1.0, 'http header') + task:insert_result(spf_symbols['symbol_deny'], 1.0, 'http header') elseif obj['result'] == 'neutral' then - task:insert_result('R_SPF_NEUTRAL', 1.0, 'http header') - elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then - task:insert_result('R_SPF_SOFTFAIL', 1.0, 'http header') + task:insert_result(spf_symbols['symbol_neutral'], 1.0, 'http header') + elseif obj['result'] == 'softfail' then + task:insert_result(spf_symbols['symbol_softfail'], 1.0, 'http header') + elseif obj['result'] == 'permfail' then + task:insert_result(spf_symbols['symbol_permfail'], 1.0, 'http header') + elseif obj['result'] == 'na' then + task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header') end return false @@ -94,13 +157,19 @@ rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task) if obj['result'] then if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result('DMARC_POLICY_ALLOW', 1.0, 'http header') + task:insert_result(dmarc_symbols['allow'], 1.0, 'http header') elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result('DMARC_POLICY_REJECT', 1.0, 'http header') + task:insert_result(dmarc_symbols['reject'], 1.0, 'http header') elseif obj['result'] == 'quarantine' then - task:insert_result('DMARC_POLICY_QUARANTINE', 1.0, 'http header') - elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then - task:insert_result('DMARC_POLICY_SOFTFAIL', 1.0, 'http header') + task:insert_result(dmarc_symbols['quarantine'], 1.0, 'http header') + elseif obj['result'] == 'tempfail' then + task:insert_result(dmarc_symbols['dnsfail'], 1.0, 'http header') + elseif obj['result'] == 'softfail' or obj['result'] == 'none' then + task:insert_result(dmarc_symbols['softfail'], 1.0, 'http header') + elseif obj['result'] == 'permfail' or obj['result'] == 'badpolicy' then + task:insert_result(dmarc_symbols['badpolicy'], 1.0, 'http header') + elseif obj['result'] == 'na' then + task:insert_result(dmarc_symbols['na'], 1.0, 'http header') end return false |