aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lualib/auth_results.lua151
-rw-r--r--src/plugins/lua/rmilter_headers.lua114
2 files changed, 172 insertions, 93 deletions
diff --git a/lualib/auth_results.lua b/lualib/auth_results.lua
new file mode 100644
index 000000000..621141b5d
--- /dev/null
+++ b/lualib/auth_results.lua
@@ -0,0 +1,151 @@
+--[[
+Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org>
+Copyright (c) 2017, Vsevolod Stakhov <vsevolod@highsecure.ru>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+]]--
+
+local global = require "global_functions"
+
+local default_settings = {
+ spf_symbols = {
+ pass = 'R_SPF_ALLOW',
+ fail = 'R_SPF_FAIL',
+ softfail = 'R_SPF_SOFTFAIL',
+ neutral = 'R_SPF_NEUTRAL',
+ temperror = 'R_SPF_DNSFAIL',
+ none = 'R_SPF_NA',
+ permerror = 'R_SPF_PERMFAIL',
+ },
+ dkim_symbols = {
+ pass = 'R_DKIM_ALLOW',
+ fail = 'R_DKIM_REJECT',
+ temperror = 'R_DKIM_TEMPFAIL',
+ none = 'R_DKIM_NA',
+ permerror = 'R_DKIM_PERMFAIL',
+ },
+ dmarc_symbols = {
+ pass = 'DMARC_POLICY_ALLOW',
+ permerror = 'DMARC_BAD_POLICY',
+ temperror = 'DMARC_DNSFAIL',
+ none = 'DMARC_NA',
+ reject = 'DMARC_POLICY_REJECT',
+ softfail = 'DMARC_POLICY_SOFTFAIL',
+ quarantine = 'DMARC_POLICY_QUARANTINE',
+ },
+}
+
+local exports = {}
+
+local function gen_auth_results(task, settings)
+ local table = table
+ local pairs = pairs
+ local ipairs = ipairs
+ local auth_results, hdr_parts = {}, {}
+
+ if not settings then
+ settings = default_settings
+ end
+
+ local auth_types = {
+ dkim = settings.routines['authentication-results'].dkim_symbols,
+ dmarc = settings.routines['authentication-results'].dmarc_symbols,
+ spf = settings.routines['authentication-results'].spf_symbols,
+ }
+
+ local common = {
+ symbols = {}
+ }
+
+ for auth_type, symbols in pairs(auth_types) do
+ for key, sym in pairs(symbols) do
+ if not common.symbols.sym then
+ local s = task:get_symbol(sym)
+ if not s then
+ common.symbols[sym] = false
+ else
+ common.symbols[sym] = s
+ if not auth_results[auth_type] then
+ auth_results[auth_type] = {key}
+ else
+ table.insert(auth_results[auth_type], key)
+ end
+
+ if auth_type ~= 'dkim' then
+ break
+ end
+ end
+ end
+ end
+ end
+
+ for auth_type, keys in pairs(auth_results) do
+ for _, key in ipairs(keys) do
+ local hdr = ''
+ if auth_type == 'dmarc' and key ~= 'none' then
+ hdr = hdr .. 'dmarc='
+ if key == 'reject' or key == 'quarantine' or key == 'softfail' then
+ hdr = hdr .. 'fail'
+ else
+ hdr = hdr .. key
+ end
+ if key == 'pass' then
+ hdr = hdr .. ' policy=' .. common.symbols[auth_types['dmarc'][key]][1]['options'][2]
+ hdr = hdr .. ' header.from=' .. common.symbols[auth_types['dmarc'][key]][1]['options'][1]
+ elseif key ~= 'none' then
+ local t = global.rspamd_str_split(common.symbols[auth_types['dmarc'][key]][1]['options'][1], ' : ')
+ local dom = t[1]
+ local rsn = t[2]
+ if rsn then
+ hdr = hdr .. ' reason="' .. rsn .. '"'
+ end
+ hdr = hdr .. ' header.from=' .. dom
+ if key == 'softfail' then
+ hdr = hdr .. ' policy=none'
+ else
+ hdr = hdr .. ' policy=' .. key
+ end
+ end
+ table.insert(hdr_parts, hdr)
+ elseif auth_type == 'dkim' and key ~= 'none' then
+ if common.symbols[auth_types['dkim'][key]][1] then
+ for _, v in ipairs(common.symbols[auth_types['dkim'][key]][1]['options']) do
+ hdr = hdr .. auth_type .. '=' .. key .. ' header.d=' .. v
+ table.insert(hdr_parts, hdr)
+ end
+ end
+ elseif auth_type == 'spf' and key ~= 'none' then
+ hdr = hdr .. auth_type .. '=' .. key
+ local smtp_from = task:get_from('smtp')
+ if smtp_from['addr'] ~= '' and smtp_from['addr'] ~= nil then
+ hdr = hdr .. ' smtp.mailfrom=' .. smtp_from['addr']
+ else
+ local helo = task:get_helo()
+ if helo then
+ hdr = hdr .. ' smtp.helo=' .. task:get_helo()
+ end
+ end
+ table.insert(hdr_parts, hdr)
+ end
+ end
+ end
+ if #hdr_parts > 0 then
+ return table.concat(hdr_parts, '; ')
+ end
+
+ return nil
+end
+
+exports.gen_auth_results = gen_auth_results
+
+return exports \ No newline at end of file
diff --git a/src/plugins/lua/rmilter_headers.lua b/src/plugins/lua/rmilter_headers.lua
index 3221aa496..ca5571636 100644
--- a/src/plugins/lua/rmilter_headers.lua
+++ b/src/plugins/lua/rmilter_headers.lua
@@ -150,17 +150,17 @@ local function rmilter_headers(task)
local virii = {}
for _, sym in ipairs(settings.routines['x-virus'].symbols) do
if not (common.symbols[sym] == false) then
- local s = task:get_symbol(sym)
- if not s then
- common.symbols[sym] = false
- else
- common.symbols[sym] = s
- if (((s or E)[1] or E).options or E)[1] then
- table.insert(virii, s[1].options[1])
- else
- table.insert(virii, 'unknown')
- end
- end
+ local s = task:get_symbol(sym)
+ if not s then
+ common.symbols[sym] = false
+ else
+ common.symbols[sym] = s
+ if (((s or E)[1] or E).options or E)[1] then
+ table.insert(virii, s[1].options[1])
+ else
+ table.insert(virii, 'unknown')
+ end
+ end
end
end
if #virii > 0 then
@@ -192,90 +192,18 @@ local function rmilter_headers(task)
end
routines['authentication-results'] = function()
- local auth_results, hdr_parts = {}, {}
- if not common.symbols then
- common.symbols = {}
- end
- local auth_types = {
- dkim = settings.routines['authentication-results'].dkim_symbols,
- dmarc = settings.routines['authentication-results'].dmarc_symbols,
- spf = settings.routines['authentication-results'].spf_symbols,
- }
- for auth_type, symbols in pairs(auth_types) do
- for key, sym in pairs(symbols) do
- if not (common.symbols[sym] == false) then
- local s = task:get_symbol(sym)
- if not s then
- common.symbols[sym] = false
- else
- common.symbols[sym] = s
- if not auth_results[auth_type] then
- auth_results[auth_type] = {key}
- else
- table.insert(auth_results[auth_type], key)
- end
- if auth_type ~= 'dkim' then
- break
- end
- end
- end
- end
- end
+ local ar = require "auth_results"
+
if settings.routines['authentication-results'].remove then
- remove[settings.routines['authentication-results'].header] = settings.routines['authentication-results'].remove
+ remove[settings.routines['authentication-results'].header] =
+ settings.routines['authentication-results'].remove
end
- for auth_type, keys in pairs(auth_results) do
- for _, key in ipairs(keys) do
- local hdr = ''
- if auth_type == 'dmarc' and key ~= 'none' then
- hdr = hdr .. 'dmarc='
- if key == 'reject' or key == 'quarantine' or key == 'softfail' then
- hdr = hdr .. 'fail'
- else
- hdr = hdr .. key
- end
- if key == 'pass' then
- hdr = hdr .. ' policy=' .. common.symbols[auth_types['dmarc'][key]][1]['options'][2]
- hdr = hdr .. ' header.from=' .. common.symbols[auth_types['dmarc'][key]][1]['options'][1]
- elseif key ~= 'none' then
- local t = rspamd_str_split(common.symbols[auth_types['dmarc'][key]][1]['options'][1], ' : ')
- local dom = t[1]
- local rsn = t[2]
- if rsn then
- hdr = hdr .. ' reason="' .. rsn .. '"'
- end
- hdr = hdr .. ' header.from=' .. dom
- if key == 'softfail' then
- hdr = hdr .. ' policy=none'
- else
- hdr = hdr .. ' policy=' .. key
- end
- end
- table.insert(hdr_parts, hdr)
- elseif auth_type == 'dkim' and key ~= 'none' then
- if common.symbols[auth_types['dkim'][key]][1] then
- for _, v in ipairs(common.symbols[auth_types['dkim'][key]][1]['options']) do
- hdr = hdr .. auth_type .. '=' .. key .. ' header.d=' .. v
- table.insert(hdr_parts, hdr)
- end
- end
- elseif auth_type == 'spf' and key ~= 'none' then
- hdr = hdr .. auth_type .. '=' .. key
- local smtp_from = task:get_from('smtp')
- if smtp_from['addr'] ~= '' and smtp_from['addr'] ~= nil then
- hdr = hdr .. ' smtp.mailfrom=' .. smtp_from['addr']
- else
- local helo = task:get_helo()
- if helo then
- hdr = hdr .. ' smtp.helo=' .. task:get_helo()
- end
- end
- table.insert(hdr_parts, hdr)
- end
- end
- end
- if #hdr_parts > 0 then
- add[settings.routines['authentication-results'].header] = table.concat(hdr_parts, '; ')
+
+ local res = ar.gen_auth_results(task,
+ settings.routines['authentication-results'])
+
+ if res then
+ add[settings.routines['authentication-results'].header] = res
end
end