diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2016-08-25 14:47:18 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2016-08-25 14:47:18 +0200 |
| commit | ff7ef60564ae89b1598f7aee724fb461d090e09f (patch) | |
| tree | c91790dd9aceb08d61f44048f22cf61886981fce /src/plugins/lua/dmarc.lua | |
| parent | 74532cb312603671c51008d20e1f66eeee8ecc0d (diff) | |
| download | rspamd-ff7ef60564ae89b1598f7aee724fb461d090e09f.tar.gz rspamd-ff7ef60564ae89b1598f7aee724fb461d090e09f.zip | |
[Feature] Yield DMARC_DNSFAIL on lookup failure
Diffstat (limited to 'src/plugins/lua/dmarc.lua')
| -rw-r--r-- | src/plugins/lua/dmarc.lua | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua index d9961956f..d9c96459a 100644 --- a/src/plugins/lua/dmarc.lua +++ b/src/plugins/lua/dmarc.lua @@ -28,9 +28,11 @@ local symbols = { spf_deny_symbol = 'R_SPF_FAIL', spf_softfail_symbol = 'R_SPF_SOFTFAIL', spf_neutral_symbol = 'R_SPF_NEUTRAL', + spf_tempfail_symbol = 'R_SPF_DNSFAIL', dkim_allow_symbol = 'R_DKIM_ALLOW', dkim_deny_symbol = 'R_DKIM_REJECT', + dkim_tempfail_symbol = 'R_DKIM_TEMPFAIL', } -- Default port for redis upstreams local redis_params = nil @@ -80,6 +82,10 @@ local function dmarc_callback(task) local function dmarc_dns_cb(resolver, to_resolve, results, err, key) local lookup_domain = string.sub(to_resolve, 8) + if err and err ~= 'requested record is not found' then + task:insert_result('DMARC_DNSFAIL', 1.0, lookup_domain .. ' : ' .. err) + return + end if not results then if lookup_domain ~= dmarc_domain then local resolve_name = '_dmarc.' .. dmarc_domain @@ -237,24 +243,31 @@ local function dmarc_callback(task) disposition = "none" if not (spf_ok or dkim_ok) then res = 1.0 - if quarantine_policy then - if not pct or pct == 100 or (math.random(100) <= pct) then - task:insert_result('DMARC_POLICY_QUARANTINE', res, lookup_domain) - disposition = "quarantine" - end - elseif strict_policy then - if not pct or pct == 100 or (math.random(100) <= pct) then - task:insert_result('DMARC_POLICY_REJECT', res, lookup_domain) - disposition = "reject" - end + local spf_tmpfail = task:get_symbol(symbols['spf_tempfail_symbol']) + local dkim_tmpfail = task:get_symbol(symbols['dkim_tempfail_symbol']) + if (spf_tmpfail or dkim_tmpfail) then + task:insert_result('DMARC_DNSFAIL', 1.0, lookup_domain .. ' : ' .. 'SPF/DKIM temp error') + disposition = 'failed' else - task:insert_result('DMARC_POLICY_SOFTFAIL', res, lookup_domain) + if quarantine_policy then + if not pct or pct == 100 or (math.random(100) <= pct) then + task:insert_result('DMARC_POLICY_QUARANTINE', res, lookup_domain) + disposition = "quarantine" + end + elseif strict_policy then + if not pct or pct == 100 or (math.random(100) <= pct) then + task:insert_result('DMARC_POLICY_REJECT', res, lookup_domain) + disposition = "reject" + end + else + task:insert_result('DMARC_POLICY_SOFTFAIL', res, lookup_domain) + end end else task:insert_result('DMARC_POLICY_ALLOW', res, lookup_domain) end - if rua and redis_params and dmarc_reporting then + if rua and redis_params and dmarc_reporting and not (disposition == 'failed') then -- Prepare and send redis report element local redis_key = dmarc_redis_key_prefix .. from[1]['domain'] local report_data = dmarc_report(task, spf_ok, dkim_ok, disposition) |