diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2015-04-08 12:05:32 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2015-04-08 12:05:32 +0200 |
| commit | 1792090c783d765b155a5806ab0090d38a5bb786 (patch) | |
| tree | 44641864cd56525d607ef214d6c68cd0c881049f /src/plugins/lua | |
| parent | 0fce52b8d5ead7d0964b38ffdf44ba85f257f866 (diff) | |
| download | rspamd-1792090c783d765b155a5806ab0090d38a5bb786.tar.gz rspamd-1792090c783d765b155a5806ab0090d38a5bb786.zip | |
DMARC: Allow bogus backslashes in policy records; ignore non policy records; fail on multiple policy records
Diffstat (limited to 'src/plugins/lua')
| -rw-r--r-- | src/plugins/lua/dmarc.lua | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua index 70fd34e29..94ef119a5 100644 --- a/src/plugins/lua/dmarc.lua +++ b/src/plugins/lua/dmarc.lua @@ -1,5 +1,6 @@ --[[ Copyright (c) 2011-2015, Vsevolod Stakhov <vsevolod@highsecure.ru> +Copyright (c) 2015, Andrew Lewis <nerf@judo.za.org> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,7 +47,7 @@ local default_port = 6379 local upstreams = nil local dmarc_redis_key_prefix = "dmarc_" -local elts_re = rspamd_regexp.create_cached(";\\s+") +local elts_re = rspamd_regexp.create_cached("\\\\*;\\s+") local function dmarc_report(task, spf_ok, dkim_ok) local ip = task:get_from_ip() @@ -77,10 +78,26 @@ local function dmarc_callback(task) local strict_dkim = false local strict_policy = false local quarantine_policy = false + local found_policy = false + local failed_policy = false local rua - if results then - for _,r in ipairs(results) do + if not results then + return + end + for _,r in ipairs(results) do + if failed_policy then break end + (function() + if(string.sub(r,1,8) ~= 'v=DMARC1') then + return + else + if found_policy then + failed_policy = true + return + else + found_policy = true + end + end local elts = elts_re:split(r) if elts then @@ -93,7 +110,7 @@ local function dmarc_callback(task) if spf_pol and spf_pol == 's' then strict_spf = true end - policy = string.match(e, '^p=(.*)$') + policy = string.match(e, '^p=(%a+)$') if policy then if (policy == 'reject') then strict_policy = true @@ -102,7 +119,7 @@ local function dmarc_callback(task) quarantine_policy = true end end - pct = string.match(e, '^pct=(.*)$') + pct = string.match(e, '^pct=(%d+)$') if pct then pct = tonumber(pct) end @@ -112,11 +129,11 @@ local function dmarc_callback(task) end end end - end - else - return + end)() end + if not found_policy or failed_policy then return end + -- Check dkim and spf symbols local spf_ok = false local dkim_ok = false |