diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-05-29 18:36:30 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-05-29 18:36:30 +0100 |
| commit | d328495763febb968bdb3d14639161525c1b95a3 (patch) | |
| tree | b3cba2f4287dcd2a1c7bfc8e6cbd279fab376d78 /src/plugins | |
| parent | 1cc032db7bbef529733ca66f4237d973936e402f (diff) | |
| download | rspamd-d328495763febb968bdb3d14639161525c1b95a3.tar.gz rspamd-d328495763febb968bdb3d14639161525c1b95a3.zip | |
[Feature] Add 'blacklist' and 'strict' modes for whitelists
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/lua/whitelist.lua | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/src/plugins/lua/whitelist.lua b/src/plugins/lua/whitelist.lua index 8c4f4cbcc..946e47adf 100644 --- a/src/plugins/lua/whitelist.lua +++ b/src/plugins/lua/whitelist.lua @@ -58,11 +58,18 @@ local function whitelist_cb(symbol, rule, task) local from = task:get_from(1) local found = false local mult = 1.0 + local spf_violated = false + local dkim_violated = false + local dmarc_violated = false if rule['valid_spf'] then if not task:has_symbol(options['spf_allow_symbol']) then -- Not whitelisted - return + if not rule['blacklist'] or rule['strict'] then + return + end + + spf_violated = true end -- Now we can check from domain or helo @@ -90,7 +97,11 @@ local function whitelist_cb(symbol, rule, task) if rule['valid_dkim'] then local sym = task:get_symbol(options['dkim_allow_symbol']) if not sym then - return + if not rule['blacklist'] or rule['strict'] then + return + end + + dkim_violated = true end local dkim_opts = sym[1]['options'] @@ -109,7 +120,11 @@ local function whitelist_cb(symbol, rule, task) if rule['valid_dmarc'] then if not task:has_symbol(options['dmarc_allow_symbol']) then - return + if not rule['blacklist'] or rule['strict'] then + return + end + + dmarc_violated = true end local from = task:get_from(2) @@ -123,7 +138,28 @@ local function whitelist_cb(symbol, rule, task) end if found then - task:insert_result(symbol, mult, domains) + if not rule['blacklist'] or rule['strict'] then + task:insert_result(symbol, mult, domains) + else + -- Additional constraints for blacklist + if rule['valid_spf'] or rule['valid_dkim'] or rule['valid_dmarc'] then + if dmarc_violated or dkim_violated or spf_violated then + + if rule['strict'] then + -- Inverse multiplier to convert whitelist to blacklist + mult = -mult + end + + task:insert_result(symbol, mult, domains) + elseif rule['strict'] then + -- Add whitelist score (negative) + task:insert_result(symbol, mult, domains) + end + else + -- Unconstrained input + task:insert_result(symbol, mult, domains) + end + end end end @@ -180,9 +216,14 @@ local configure_whitelist_module = function() return end + local flags = 'nice,empty' + if rule['blacklist'] then + flags = 'empty' + end + local id = rspamd_config:register_symbol({ name = symbol, - flags = 'nice,empty', + flags = flags, callback = gen_whitelist_cb(symbol, rule) }) |