summaryrefslogtreecommitdiffstats
path: root/src/plugins/spf.c
diff options
context:
space:
mode:
authorAndrew Lewis <nerf@judo.za.org>2016-09-22 11:55:07 +0200
committerAndrew Lewis <nerf@judo.za.org>2016-09-23 15:03:41 +0200
commitbaf74ba8c1f6bff834d93aaee9e6afd6b5c97aef (patch)
treed676e4da1b741f699a826782841f6fb542cacaae /src/plugins/spf.c
parentf880b3e10995c19029a61ac61f63497b96913316 (diff)
downloadrspamd-baf74ba8c1f6bff834d93aaee9e6afd6b5c97aef.tar.gz
rspamd-baf74ba8c1f6bff834d93aaee9e6afd6b5c97aef.zip
[Feature] Add R_SPF_PERMFAIL symbol
- Also yield R_SPF_DNSFAIL on bogus redirect - Also grow SPF tests
Diffstat (limited to 'src/plugins/spf.c')
-rw-r--r--src/plugins/spf.c46
1 files changed, 41 insertions, 5 deletions
diff --git a/src/plugins/spf.c b/src/plugins/spf.c
index 6d5517db9..33df85262 100644
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -22,6 +22,7 @@
* - symbol_softfail (string): symbol to insert (default: 'R_SPF_SOFTFAIL')
* - symbol_na (string): symbol to insert (default: 'R_SPF_NA')
* - symbol_dnsfail (string): symbol to insert (default: 'R_SPF_DNSFAIL')
+ * - symbol_permfail (string): symbol to insert (default: 'R_SPF_PERMFAIL')
* - whitelist (map): map of whitelisted networks
*/
@@ -38,6 +39,7 @@
#define DEFAULT_SYMBOL_NEUTRAL "R_SPF_NEUTRAL"
#define DEFAULT_SYMBOL_ALLOW "R_SPF_ALLOW"
#define DEFAULT_SYMBOL_DNSFAIL "R_SPF_DNSFAIL"
+#define DEFAULT_SYMBOL_PERMFAIL "R_SPF_PERMFAIL"
#define DEFAULT_SYMBOL_NA "R_SPF_NA"
#define DEFAULT_CACHE_SIZE 2048
#define DEFAULT_CACHE_MAXAGE 86400
@@ -50,6 +52,7 @@ struct spf_ctx {
const gchar *symbol_allow;
const gchar *symbol_dnsfail;
const gchar *symbol_na;
+ const gchar *symbol_permfail;
rspamd_mempool_t *spf_pool;
radix_compressed_t *whitelist_ip;
@@ -158,6 +161,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
0);
rspamd_rcl_add_doc_by_path (cfg,
"spf",
+ "Symbol that is added if SPF policy is invalid",
+ "symbol_permfail",
+ UCL_STRING,
+ NULL,
+ 0,
+ NULL,
+ 0);
+ rspamd_rcl_add_doc_by_path (cfg,
+ "spf",
"Size of SPF parsed records cache",
"spf_cache_size",
UCL_INT,
@@ -226,6 +238,13 @@ spf_module_config (struct rspamd_config *cfg)
spf_module_ctx->symbol_na = DEFAULT_SYMBOL_NA;
}
if ((value =
+ rspamd_config_get_module_opt (cfg, "spf", "symbol_permfail")) != NULL) {
+ spf_module_ctx->symbol_permfail = ucl_obj_tostring (value);
+ }
+ else {
+ spf_module_ctx->symbol_permfail = DEFAULT_SYMBOL_PERMFAIL;
+ }
+ if ((value =
rspamd_config_get_module_opt (cfg, "spf", "spf_cache_size")) != NULL) {
cache_size = ucl_obj_toint (value);
}
@@ -252,6 +271,11 @@ spf_module_config (struct rspamd_config *cfg)
SYMBOL_TYPE_VIRTUAL,
cb_id);
rspamd_symbols_cache_add_symbol (cfg->cache,
+ spf_module_ctx->symbol_permfail, 0,
+ NULL, NULL,
+ SYMBOL_TYPE_VIRTUAL,
+ cb_id);
+ rspamd_symbols_cache_add_symbol (cfg->cache,
spf_module_ctx->symbol_na, 0,
NULL, NULL,
SYMBOL_TYPE_VIRTUAL,
@@ -373,7 +397,7 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr,
spf_result[0] = '-';
spf_message = "(SPF): spf fail";
if (addr->flags & RSPAMD_SPF_FLAG_ANY) {
- if (rec->failed) {
+ if (rec->temp_failed) {
msg_info_task ("do not apply SPF failed policy, as we have "
"some addresses unresolved");
spf_symbol = spf_module_ctx->symbol_dnsfail;
@@ -387,7 +411,7 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr,
spf_result[0] = '~';
if (addr->flags & RSPAMD_SPF_FLAG_ANY) {
- if (rec->failed) {
+ if (rec->temp_failed) {
msg_info_task ("do not apply SPF failed policy, as we have "
"some addresses unresolved");
spf_symbol = spf_module_ctx->symbol_dnsfail;
@@ -442,20 +466,32 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task,
struct spf_resolved *l;
struct rspamd_async_watcher *w = ud;
- if (record && record->elts->len == 0 && !record->failed) {
+ if (record && record->na) {
rspamd_task_insert_result (task,
spf_module_ctx->symbol_na,
1,
NULL);
}
- else if (record && record->elts->len > 0 && record->domain) {
+ else if (record && record->elts->len == 0 && record->temp_failed) {
+ rspamd_task_insert_result (task,
+ spf_module_ctx->symbol_dnsfail,
+ 1,
+ NULL);
+ }
+ else if (record && record->elts->len == 0) {
+ rspamd_task_insert_result (task,
+ spf_module_ctx->symbol_permfail,
+ 1,
+ NULL);
+ }
+ else if (record && record->domain) {
if ((l = rspamd_lru_hash_lookup (spf_module_ctx->spf_hash,
record->domain, task->tv.tv_sec)) == NULL) {
l = spf_record_ref (record);
- if (!record->failed) {
+ if (!record->temp_failed) {
rspamd_lru_hash_insert (spf_module_ctx->spf_hash,
record->domain, l,
task->tv.tv_sec, record->ttl);