diff options
Diffstat (limited to 'src/plugins/lua/dkim_signing.lua')
-rw-r--r-- | src/plugins/lua/dkim_signing.lua | 127 |
1 files changed, 4 insertions, 123 deletions
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 7cd152ba3..ab6cf059e 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -16,7 +16,7 @@ limitations under the License. ]]-- local rspamd_logger = require "rspamd_logger" -local rspamd_util = require "rspamd_util" +local dkim_sign_tools = require "dkim_sign_tools" if confighelp then return @@ -60,129 +60,10 @@ local function simple_template(tmpl, keys) end local function dkim_signing_cb(task) - local is_local, is_sign_networks - local auser = task:get_user() - local ip = task:get_from_ip() - if ip and ip:is_local() then - is_local = true - end - if settings.auth_only and not auser then - if (settings.sign_networks and settings.sign_networks:get_key(ip)) then - is_sign_networks = true - rspamd_logger.debugm(N, task, 'mail is from address in sign_networks') - elseif settings.sign_local and is_local then - rspamd_logger.debugm(N, task, 'mail is from local address') - else - rspamd_logger.debugm(N, task, 'ignoring unauthenticated mail') - return - end - end - local efrom = task:get_from('smtp') - if not settings.allow_envfrom_empty and - #(((efrom or E)[1] or E).addr or '') == 0 then - rspamd_logger.debugm(N, task, 'empty envelope from not allowed') - return false - end - local hfrom = task:get_from('mime') - if not settings.allow_hdrfrom_multiple and (hfrom or E)[2] then - rspamd_logger.debugm(N, task, 'multiple header from not allowed') - return false - end - local dkim_domain - local hdom = ((hfrom or E)[1] or E).domain - local edom = ((efrom or E)[1] or E).domain - if hdom then - hdom = hdom:lower() - end - if edom then - edom = edom:lower() - end - if settings.use_domain_sign_networks and is_sign_networks then - if settings.use_domain_sign_networks == 'header' then - dkim_domain = hdom - else - dkim_domain = edom - end - elseif settings.use_domain_local and is_local then - if settings.use_domain_local == 'header' then - dkim_domain = hdom - else - dkim_domain = edom - end - else - if settings.use_domain == 'header' then - dkim_domain = hdom - else - dkim_domain = edom - end - end - if not dkim_domain then - rspamd_logger.debugm(N, task, 'could not extract dkim domain') - return false - end - if settings.use_esld then - dkim_domain = rspamd_util.get_tld(dkim_domain) - if settings.use_domain == 'envelope' and hdom then - hdom = rspamd_util.get_tld(hdom) - elseif settings.use_domain == 'header' and edom then - edom = rspamd_util.get_tld(edom) - end - end - if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom then - if settings.allow_hdrfrom_mismatch_local and is_local then - rspamd_logger.debugm(N, task, 'domain mismatch allowed for local IP: %1 != %2', hdom, edom) - elseif settings.allow_hdrfrom_mismatch_sign_networks and is_sign_networks then - rspamd_logger.debugm(N, task, 'domain mismatch allowed for sign_networks: %1 != %2', hdom, edom) - else - rspamd_logger.debugm(N, task, 'domain mismatch not allowed: %1 != %2', hdom, edom) - return false - end - end - if auser and not settings.allow_username_mismatch then - local udom = string.match(auser, '.*@(.*)') - if not udom then - rspamd_logger.debugm(N, task, 'couldnt find domain in username') - return false - end - if settings.use_esld then - udom = rspamd_util.get_tld(udom) - end - if udom ~= dkim_domain then - rspamd_logger.debugm(N, task, 'user domain mismatch') - return false - end - end - local p = {} - if settings.domain[dkim_domain] then - p.selector = settings.domain[dkim_domain].selector - p.key = settings.domain[dkim_domain].path - end - if not (p.key and p.selector) and not - (settings.try_fallback or settings.use_redis or settings.selector_map or settings.path_map) then - rspamd_logger.debugm(N, task, 'dkim unconfigured and fallback disabled') - return false - end - if not p.key then - if not settings.use_redis then - p.key = settings.path - end - end - if not p.selector then - p.selector = settings.selector - end - p.domain = dkim_domain + local ret,p = dkim_sign_tools.prepare_dkim_signing(N, task, settings) - if settings.selector_map then - local data = settings.selector_map:get_key(dkim_domain) - if data then - p.selector = data - end - end - if settings.path_map then - local data = settings.path_map:get_key(dkim_domain) - if data then - p.key = data - end + if not ret then + return end if settings.use_redis then |