diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2022-01-09 18:00:32 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2022-01-09 18:00:32 +0000 |
commit | c7fb4569016e1c09915e6bd986a1e6ab95d7d6bc (patch) | |
tree | 078bf5713abca2f810722e11cce174c44af43667 /src/plugins | |
parent | 0b31bfd2c7d2c706e0b141a657924a1a5730ecb6 (diff) | |
download | rspamd-c7fb4569016e1c09915e6bd986a1e6ab95d7d6bc.tar.gz rspamd-c7fb4569016e1c09915e6bd986a1e6ab95d7d6bc.zip |
[Minor] Arc: Add logic to adjust rejected dmarc policy by ARC trusted forwarding
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/lua/arc.lua | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index 2fb7f7dfc..30d9a6782 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -809,7 +809,39 @@ end rspamd_config:register_symbol(sym_reg_tbl) -- Do not sign unless checked -rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CALLBACK') +rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CHECK') -- We need to check dmarc before signing as we have to produce valid AAR header -- see #3613 -rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CALLBACK') +rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CHECK') + +if settings.adjust_dmarc and settings.whitelisted_signers_map then + local function arc_dmarc_adjust_cb(task) + local trusted_arc_ar = task:get_cached(AR_TRUSTED_CACHE_KEY) + local sym_to_adjust + if task:has_symbol(ar_settings.dmarc_symbols.reject) then + sym_to_adjust = ar_settings.dmarc_symbols.reject + elseif task:has_symbol(ar_settings.dmarc_symbols.quarantine) then + sym_to_adjust = ar_settings.dmarc_symbols.quarantine + end + if sym_to_adjust and trusted_arc_ar and trusted_arc_ar.ar then + for _,ar in ipairs(trusted_arc_ar.ar) do + if ar.dmarc then + local dmarc_fwd = ar.dmarc + if dmarc_fwd == 'pass' then + rspamd_logger.infox(task, "adjust dmarc reject score as trusted forwarder " + .. "proved DMARC validity for %s", ar['header.from']) + task:adjust_result(sym_to_adjust, 0.1, + 'ARC trusted') + end + end + end + end + end + rspamd_config:register_symbol({ + name = 'ARC_DMARC_ADJUSTMENT', + callback = arc_dmarc_adjust_cb, + type = 'callback', + }) + rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'DMARC_CHECK') + rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'ARC_CHECK') +end |