diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-03 12:34:41 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-03 12:34:41 +0100 |
| commit | 2c7875249b3f5f83d21ebe747073fd7c77261a2b (patch) | |
| tree | efd634e2efdcf751aa0a4ca4b40b345218c4fd1e /src/plugins/lua | |
| parent | ab807c1b64267014a9025f25d86f019061eab058 (diff) | |
| download | rspamd-2c7875249b3f5f83d21ebe747073fd7c77261a2b.tar.gz rspamd-2c7875249b3f5f83d21ebe747073fd7c77261a2b.zip | |
[CritFix] Fix whitelisting when both spf and dkim are required to be valid
Diffstat (limited to 'src/plugins/lua')
| -rw-r--r-- | src/plugins/lua/whitelist.lua | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/plugins/lua/whitelist.lua b/src/plugins/lua/whitelist.lua index 1cc8d645c..11c01134b 100644 --- a/src/plugins/lua/whitelist.lua +++ b/src/plugins/lua/whitelist.lua @@ -128,9 +128,10 @@ local function whitelist_cb(symbol, rule, task) local spf_violated = false local dmarc_violated = false + local dkim_violated = false local ip_addr = task:get_ip() - if rule['valid_spf'] then + if rule.valid_spf then if not task:has_symbol(options['spf_allow_symbol']) then -- Not whitelisted spf_violated = true @@ -157,7 +158,7 @@ local function whitelist_cb(symbol, rule, task) end end - if rule['valid_dkim'] then + if rule.valid_dkim then if task:has_symbol('DKIM_TRACE') then local sym = task:get_symbol('DKIM_TRACE') local dkim_opts = sym[1]['options'] @@ -178,8 +179,8 @@ local function whitelist_cb(symbol, rule, task) end end - if rule['valid_dmarc'] then - if not task:has_symbol(options['dmarc_allow_symbol']) then + if rule.valid_dmarc then + if not task:has_symbol(options.dmarc_allow_symbol) then dmarc_violated = true end @@ -203,11 +204,14 @@ local function whitelist_cb(symbol, rule, task) local opts = {} if rule.valid_dkim then + dkim_violated = true + for dom,val in pairs(domains.dkim_success or E) do if val[1] == 'wl' or val[1] == 'both' then -- We have valid and whitelisted signature table.insert(opts, dom .. ':d:+') found_wl = true + dkim_violated = false if not found_bl then final_mult = val[2] @@ -222,6 +226,9 @@ local function whitelist_cb(symbol, rule, task) table.insert(opts, dom .. ':d:-') found_bl = true final_mult = val[2] + else + -- Even in the case of whitelisting we need to indicate dkim failure + dkim_violated = true end end end @@ -249,7 +256,8 @@ local function whitelist_cb(symbol, rule, task) found_wl = false for dom,val in pairs(domains.dmarc or E) do - check_domain_violation('D', dom, val, dmarc_violated) + check_domain_violation('D', dom, val, + (dmarc_violated or dkim_violated)) end end @@ -257,7 +265,8 @@ local function whitelist_cb(symbol, rule, task) found_wl = false for dom,val in pairs(domains.spf or E) do - check_domain_violation('s', dom, val, spf_violated) + check_domain_violation('s', dom, val, + (spf_violated or dkim_violated)) end end |