diff options
Diffstat (limited to 'lualib/lua_auth_results.lua')
-rw-r--r-- | lualib/lua_auth_results.lua | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/lualib/lua_auth_results.lua b/lualib/lua_auth_results.lua new file mode 100644 index 000000000..92f702950 --- /dev/null +++ b/lualib/lua_auth_results.lua @@ -0,0 +1,203 @@ +--[[ +Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org> +Copyright (c) 2017, Vsevolod Stakhov <vsevolod@highsecure.ru> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +]]-- + +local global = require "global_functions" + +local default_settings = { + spf_symbols = { + pass = 'R_SPF_ALLOW', + fail = 'R_SPF_FAIL', + softfail = 'R_SPF_SOFTFAIL', + neutral = 'R_SPF_NEUTRAL', + temperror = 'R_SPF_DNSFAIL', + none = 'R_SPF_NA', + permerror = 'R_SPF_PERMFAIL', + }, + dkim_symbols = { + pass = 'R_DKIM_ALLOW', + fail = 'R_DKIM_REJECT', + temperror = 'R_DKIM_TEMPFAIL', + none = 'R_DKIM_NA', + permerror = 'R_DKIM_PERMFAIL', + }, + dmarc_symbols = { + pass = 'DMARC_POLICY_ALLOW', + permerror = 'DMARC_BAD_POLICY', + temperror = 'DMARC_DNSFAIL', + none = 'DMARC_NA', + reject = 'DMARC_POLICY_REJECT', + softfail = 'DMARC_POLICY_SOFTFAIL', + quarantine = 'DMARC_POLICY_QUARANTINE', + }, + arc_symbols = { + pass = 'ARC_ALLOW', + permerror = 'ARC_INVALID', + temperror = 'ARC_DNSFAIL', + none = 'ARC_NA', + reject = 'ARC_REJECT', + }, + add_smtp_user = true, +} + +local exports = {} + +local function gen_auth_results(task, settings) + local table = table + local pairs = pairs + local ipairs = ipairs + local auth_results, hdr_parts = {}, {} + + if not settings then + settings = default_settings + end + + local auth_types = { + dkim = settings.dkim_symbols, + dmarc = settings.dmarc_symbols, + spf = settings.spf_symbols, + arc = settings.arc_symbols, + } + + local common = { + symbols = {} + } + + local received = task:get_received_headers() or {} + local mxname = (received[1] or {}).by_hostname + if mxname then + table.insert(hdr_parts, mxname) + end + + for auth_type, symbols in pairs(auth_types) do + for key, sym in pairs(symbols) do + if not common.symbols.sym then + local s = task:get_symbol(sym) + if not s then + common.symbols[sym] = false + else + common.symbols[sym] = s + if not auth_results[auth_type] then + auth_results[auth_type] = {key} + else + table.insert(auth_results[auth_type], key) + end + + if auth_type ~= 'dkim' then + break + end + end + end + end + end + + for auth_type, keys in pairs(auth_results) do + for _, key in ipairs(keys) do + local hdr = '' + if auth_type == 'dmarc' and key ~= 'none' then + local opts = common.symbols[auth_types['dmarc'][key]][1]['options'] or {} + hdr = hdr .. 'dmarc=' + if key == 'reject' or key == 'quarantine' or key == 'softfail' then + hdr = hdr .. 'fail' + else + hdr = hdr .. key + end + if key == 'pass' then + hdr = hdr .. ' (policy=' .. opts[2] .. ')' + hdr = hdr .. ' header.from=' .. opts[1] + elseif key ~= 'none' then + local t = global.rspamd_str_split(opts[1], ' : ') + local dom = t[1] + local rsn = t[2] + if rsn then + hdr = hdr .. ' reason="' .. rsn .. '"' + end + hdr = hdr .. ' header.from=' .. dom + if key == 'softfail' then + hdr = hdr .. ' (policy=none)' + else + hdr = hdr .. ' (policy=' .. key .. ')' + end + end + table.insert(hdr_parts, hdr) + elseif auth_type == 'dkim' and key ~= 'none' then + if common.symbols[auth_types['dkim'][key]][1] then + local dkim_parts = {} + local opts = common.symbols[auth_types['dkim'][key]][1]['options'] + for _, v in ipairs(opts) do + table.insert(dkim_parts, auth_type .. '=' .. key .. ' header.d=' .. v) + end + table.insert(hdr_parts, table.concat(dkim_parts, '; ')) + end + elseif auth_type == 'arc' and key ~= 'none' then + if common.symbols[auth_types['arc'][key]][1] then + local opts = common.symbols[auth_types['arc'][key]][1]['options'] or {} + for _, v in ipairs(opts) do + hdr = hdr .. auth_type .. '=' .. key .. ' (' .. v .. ')' + table.insert(hdr_parts, hdr) + end + end + elseif auth_type == 'spf' and key ~= 'none' then + hdr = hdr .. auth_type .. '=' .. key + local smtp_from = task:get_from('smtp') + if smtp_from and smtp_from[1] and smtp_from[1]['addr'] ~= '' and smtp_from[1]['addr'] ~= nil then + hdr = hdr .. ' smtp.mailfrom=' .. smtp_from[1]['addr'] + else + local helo = task:get_helo() + if helo then + hdr = hdr .. ' smtp.helo=' .. task:get_helo() + end + end + table.insert(hdr_parts, hdr) + end + end + end + + local u = task:get_user() + local smtp_from = task:get_from('smtp') + + if u and smtp_from then + local hdr + + if #smtp_from[1]['addr'] > 0 then + if settings['add_smtp_user'] then + hdr = string.format('auth=pass smtp.auth=%s smtp.mailfrom=%s', + u, smtp_from[1]['addr']) + else + hdr = string.format('auth=pass smtp.mailfrom=%s', + smtp_from[1]['addr']) + end + else + if settings['add_smtp_user'] then + hdr = string.format('auth=pass smtp.auth=%s', u) + else + hdr = 'auth=pass' + end + end + + table.insert(hdr_parts, hdr) + end + + if #hdr_parts > 0 then + return table.concat(hdr_parts, '; ') + end + + return nil +end + +exports.gen_auth_results = gen_auth_results + +return exports |