diff options
| author | Andrew Lewis <nerf@judo.za.org> | 2016-09-22 11:55:07 +0200 |
|---|---|---|
| committer | Andrew Lewis <nerf@judo.za.org> | 2016-09-23 15:03:41 +0200 |
| commit | baf74ba8c1f6bff834d93aaee9e6afd6b5c97aef (patch) | |
| tree | d676e4da1b741f699a826782841f6fb542cacaae /src/plugins | |
| parent | f880b3e10995c19029a61ac61f63497b96913316 (diff) | |
| download | rspamd-baf74ba8c1f6bff834d93aaee9e6afd6b5c97aef.tar.gz rspamd-baf74ba8c1f6bff834d93aaee9e6afd6b5c97aef.zip | |
[Feature] Add R_SPF_PERMFAIL symbol
- Also yield R_SPF_DNSFAIL on bogus redirect
- Also grow SPF tests
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/spf.c | 46 |
1 files changed, 41 insertions, 5 deletions
diff --git a/src/plugins/spf.c b/src/plugins/spf.c index 6d5517db9..33df85262 100644 --- a/src/plugins/spf.c +++ b/src/plugins/spf.c @@ -22,6 +22,7 @@ * - symbol_softfail (string): symbol to insert (default: 'R_SPF_SOFTFAIL') * - symbol_na (string): symbol to insert (default: 'R_SPF_NA') * - symbol_dnsfail (string): symbol to insert (default: 'R_SPF_DNSFAIL') + * - symbol_permfail (string): symbol to insert (default: 'R_SPF_PERMFAIL') * - whitelist (map): map of whitelisted networks */ @@ -38,6 +39,7 @@ #define DEFAULT_SYMBOL_NEUTRAL "R_SPF_NEUTRAL" #define DEFAULT_SYMBOL_ALLOW "R_SPF_ALLOW" #define DEFAULT_SYMBOL_DNSFAIL "R_SPF_DNSFAIL" +#define DEFAULT_SYMBOL_PERMFAIL "R_SPF_PERMFAIL" #define DEFAULT_SYMBOL_NA "R_SPF_NA" #define DEFAULT_CACHE_SIZE 2048 #define DEFAULT_CACHE_MAXAGE 86400 @@ -50,6 +52,7 @@ struct spf_ctx { const gchar *symbol_allow; const gchar *symbol_dnsfail; const gchar *symbol_na; + const gchar *symbol_permfail; rspamd_mempool_t *spf_pool; radix_compressed_t *whitelist_ip; @@ -158,6 +161,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) 0); rspamd_rcl_add_doc_by_path (cfg, "spf", + "Symbol that is added if SPF policy is invalid", + "symbol_permfail", + UCL_STRING, + NULL, + 0, + NULL, + 0); + rspamd_rcl_add_doc_by_path (cfg, + "spf", "Size of SPF parsed records cache", "spf_cache_size", UCL_INT, @@ -226,6 +238,13 @@ spf_module_config (struct rspamd_config *cfg) spf_module_ctx->symbol_na = DEFAULT_SYMBOL_NA; } if ((value = + rspamd_config_get_module_opt (cfg, "spf", "symbol_permfail")) != NULL) { + spf_module_ctx->symbol_permfail = ucl_obj_tostring (value); + } + else { + spf_module_ctx->symbol_permfail = DEFAULT_SYMBOL_PERMFAIL; + } + if ((value = rspamd_config_get_module_opt (cfg, "spf", "spf_cache_size")) != NULL) { cache_size = ucl_obj_toint (value); } @@ -252,6 +271,11 @@ spf_module_config (struct rspamd_config *cfg) SYMBOL_TYPE_VIRTUAL, cb_id); rspamd_symbols_cache_add_symbol (cfg->cache, + spf_module_ctx->symbol_permfail, 0, + NULL, NULL, + SYMBOL_TYPE_VIRTUAL, + cb_id); + rspamd_symbols_cache_add_symbol (cfg->cache, spf_module_ctx->symbol_na, 0, NULL, NULL, SYMBOL_TYPE_VIRTUAL, @@ -373,7 +397,7 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr, spf_result[0] = '-'; spf_message = "(SPF): spf fail"; if (addr->flags & RSPAMD_SPF_FLAG_ANY) { - if (rec->failed) { + if (rec->temp_failed) { msg_info_task ("do not apply SPF failed policy, as we have " "some addresses unresolved"); spf_symbol = spf_module_ctx->symbol_dnsfail; @@ -387,7 +411,7 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr, spf_result[0] = '~'; if (addr->flags & RSPAMD_SPF_FLAG_ANY) { - if (rec->failed) { + if (rec->temp_failed) { msg_info_task ("do not apply SPF failed policy, as we have " "some addresses unresolved"); spf_symbol = spf_module_ctx->symbol_dnsfail; @@ -442,20 +466,32 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task, struct spf_resolved *l; struct rspamd_async_watcher *w = ud; - if (record && record->elts->len == 0 && !record->failed) { + if (record && record->na) { rspamd_task_insert_result (task, spf_module_ctx->symbol_na, 1, NULL); } - else if (record && record->elts->len > 0 && record->domain) { + else if (record && record->elts->len == 0 && record->temp_failed) { + rspamd_task_insert_result (task, + spf_module_ctx->symbol_dnsfail, + 1, + NULL); + } + else if (record && record->elts->len == 0) { + rspamd_task_insert_result (task, + spf_module_ctx->symbol_permfail, + 1, + NULL); + } + else if (record && record->domain) { if ((l = rspamd_lru_hash_lookup (spf_module_ctx->spf_hash, record->domain, task->tv.tv_sec)) == NULL) { l = spf_record_ref (record); - if (!record->failed) { + if (!record->temp_failed) { rspamd_lru_hash_insert (spf_module_ctx->spf_hash, record->domain, l, task->tv.tv_sec, record->ttl); |