aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2022-01-09 18:00:32 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2022-01-09 18:00:32 +0000
commitc7fb4569016e1c09915e6bd986a1e6ab95d7d6bc (patch)
tree078bf5713abca2f810722e11cce174c44af43667 /src/plugins
parent0b31bfd2c7d2c706e0b141a657924a1a5730ecb6 (diff)
downloadrspamd-c7fb4569016e1c09915e6bd986a1e6ab95d7d6bc.tar.gz
rspamd-c7fb4569016e1c09915e6bd986a1e6ab95d7d6bc.zip
[Minor] Arc: Add logic to adjust rejected dmarc policy by ARC trusted forwarding
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/lua/arc.lua36
1 files changed, 34 insertions, 2 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index 2fb7f7dfc..30d9a6782 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -809,7 +809,39 @@ end
rspamd_config:register_symbol(sym_reg_tbl)
-- Do not sign unless checked
-rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CALLBACK')
+rspamd_config:register_dependency(settings['sign_symbol'], 'ARC_CHECK')
-- We need to check dmarc before signing as we have to produce valid AAR header
-- see #3613
-rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CALLBACK')
+rspamd_config:register_dependency(settings['sign_symbol'], 'DMARC_CHECK')
+
+if settings.adjust_dmarc and settings.whitelisted_signers_map then
+ local function arc_dmarc_adjust_cb(task)
+ local trusted_arc_ar = task:get_cached(AR_TRUSTED_CACHE_KEY)
+ local sym_to_adjust
+ if task:has_symbol(ar_settings.dmarc_symbols.reject) then
+ sym_to_adjust = ar_settings.dmarc_symbols.reject
+ elseif task:has_symbol(ar_settings.dmarc_symbols.quarantine) then
+ sym_to_adjust = ar_settings.dmarc_symbols.quarantine
+ end
+ if sym_to_adjust and trusted_arc_ar and trusted_arc_ar.ar then
+ for _,ar in ipairs(trusted_arc_ar.ar) do
+ if ar.dmarc then
+ local dmarc_fwd = ar.dmarc
+ if dmarc_fwd == 'pass' then
+ rspamd_logger.infox(task, "adjust dmarc reject score as trusted forwarder "
+ .. "proved DMARC validity for %s", ar['header.from'])
+ task:adjust_result(sym_to_adjust, 0.1,
+ 'ARC trusted')
+ end
+ end
+ end
+ end
+ end
+ rspamd_config:register_symbol({
+ name = 'ARC_DMARC_ADJUSTMENT',
+ callback = arc_dmarc_adjust_cb,
+ type = 'callback',
+ })
+ rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'DMARC_CHECK')
+ rspamd_config:register_dependency('ARC_DMARC_ADJUSTMENT', 'ARC_CHECK')
+end