summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/lua/arc.lua146
-rw-r--r--src/plugins/lua/dkim_signing.lua127
2 files changed, 8 insertions, 265 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index f6569680f..e18f0001c 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -16,6 +16,7 @@ limitations under the License.
local rspamd_logger = require "rspamd_logger"
local lua_util = require "lua_util"
+local dkim_sign_tools = require "dkim_sign_tools"
local rspamd_util = require "rspamd_util"
local rspamd_rsa_privkey = require "rspamd_rsa_privkey"
local rspamd_rsa = require "rspamd_rsa"
@@ -418,150 +419,11 @@ end
local function arc_signing_cb(task)
local arc_sigs = task:cache_get('arc-sigs')
local arc_seals = task:cache_get('arc-seals')
- local is_local, is_sign_networks
- local auser = task:get_user()
- local ip = task:get_from_ip()
- if ip and ip:is_local() then
- is_local = true
- end
-
- if settings.auth_only and not auser then
- if (settings.sign_networks and settings.sign_networks:get_key(ip)) then
- is_sign_networks = true
- rspamd_logger.debugm(N, task, 'mail is from address in sign_networks')
- elseif settings.sign_local and is_local then
- rspamd_logger.debugm(N, task, 'mail is from local address')
- else
- rspamd_logger.debugm(N, task, 'ignoring unauthenticated mail')
- return
- end
- end
-
- local efrom = task:get_from('smtp')
- if not settings.allow_envfrom_empty and
- #(((efrom or E)[1] or E).addr or '') == 0 then
- rspamd_logger.debugm(N, task, 'empty envelope from not allowed')
- return false
- end
-
- local hfrom = task:get_from('mime')
- if not settings.allow_hdrfrom_multiple and (hfrom or E)[2] then
- rspamd_logger.debugm(N, task, 'multiple header from not allowed')
- return false
- end
-
- local dkim_domain
- local hdom = ((hfrom or E)[1] or E).domain
- local edom = ((efrom or E)[1] or E).domain
- local udom = string.match(auser or '', '.*@(.*)')
-
- local function get_dkim_domain(type)
- if settings[type] == 'header' then
- return hdom
- elseif settings[type] == 'envelope' then
- return edom
- elseif settings[type] == 'auth' then
- return udom
- end
- end
-
- if hdom then
- hdom = hdom:lower()
- end
- if edom then
- edom = edom:lower()
- end
- if udom then
- udom = udom:lower()
- end
-
- if settings.use_domain_sign_networks and is_sign_networks then
- dkim_domain = get_dkim_domain('use_domain_sign_networks')
- elseif settings.use_domain_local and is_local then
- dkim_domain = get_dkim_domain('use_domain_local')
- else
- dkim_domain = get_dkim_domain('use_domain')
- end
-
- if not dkim_domain then
- rspamd_logger.debugm(N, task, 'could not extract dkim domain')
- return false
- else
- rspamd_logger.debugm(N, task, 'use domain(%s) for sugnature: %s',
- settings.use_domain, dkim_domain)
- end
-
- if settings.use_esld then
- dkim_domain = rspamd_util.get_tld(dkim_domain)
-
- if settings.use_domain == 'envelope' and hdom then
- hdom = rspamd_util.get_tld(hdom)
- elseif settings.use_domain == 'header' and edom then
- edom = rspamd_util.get_tld(edom)
- end
- end
- if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom then
- if settings.allow_hdrfrom_mismatch_local and is_local then
- rspamd_logger.debugm(N, task, 'domain mismatch allowed for local IP: %1 != %2', hdom, edom)
- elseif settings.allow_hdrfrom_mismatch_sign_networks and is_sign_networks then
- rspamd_logger.debugm(N, task, 'domain mismatch allowed for sign_networks: %1 != %2', hdom, edom)
- else
- rspamd_logger.debugm(N, task, 'domain mismatch not allowed: %1 != %2', hdom, edom)
- return false
- end
- end
-
- if auser and not settings.allow_username_mismatch then
- if not udom then
- rspamd_logger.debugm(N, task, 'couldnt find domain in username')
- return false
- end
- if settings.use_esld then
- udom = rspamd_util.get_tld(udom)
- end
- if udom ~= dkim_domain then
- rspamd_logger.debugm(N, task, 'user domain mismatch')
- return false
- end
- end
-
- local p = {}
-
- if settings.domain[dkim_domain] then
- p.selector = settings.domain[dkim_domain].selector
- p.key = settings.domain[dkim_domain].path
- end
-
- if not (p.key and p.selector) and not
- (settings.try_fallback or settings.use_redis or settings.selector_map or settings.path_map) then
- rspamd_logger.debugm(N, task, 'dkim unconfigured and fallback disabled')
- return false
- end
+ local ret,p = dkim_sign_tools.prepare_dkim_signing(N, task, settings)
- if not p.key then
- if not settings.use_redis then
- p.key = settings.path
- end
- end
-
- if not p.selector then
- p.selector = settings.selector
- end
- p.domain = dkim_domain
-
- if settings.selector_map then
- local data = settings.selector_map:get_key(dkim_domain)
- if data then
- p.selector = data
- end
- end
-
- if settings.path_map then
- local data = settings.path_map:get_key(dkim_domain)
- if data then
- p.key = data
- end
+ if not ret then
+ return
end
p.arc_cv = 'none'
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 7cd152ba3..ab6cf059e 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -16,7 +16,7 @@ limitations under the License.
]]--
local rspamd_logger = require "rspamd_logger"
-local rspamd_util = require "rspamd_util"
+local dkim_sign_tools = require "dkim_sign_tools"
if confighelp then
return
@@ -60,129 +60,10 @@ local function simple_template(tmpl, keys)
end
local function dkim_signing_cb(task)
- local is_local, is_sign_networks
- local auser = task:get_user()
- local ip = task:get_from_ip()
- if ip and ip:is_local() then
- is_local = true
- end
- if settings.auth_only and not auser then
- if (settings.sign_networks and settings.sign_networks:get_key(ip)) then
- is_sign_networks = true
- rspamd_logger.debugm(N, task, 'mail is from address in sign_networks')
- elseif settings.sign_local and is_local then
- rspamd_logger.debugm(N, task, 'mail is from local address')
- else
- rspamd_logger.debugm(N, task, 'ignoring unauthenticated mail')
- return
- end
- end
- local efrom = task:get_from('smtp')
- if not settings.allow_envfrom_empty and
- #(((efrom or E)[1] or E).addr or '') == 0 then
- rspamd_logger.debugm(N, task, 'empty envelope from not allowed')
- return false
- end
- local hfrom = task:get_from('mime')
- if not settings.allow_hdrfrom_multiple and (hfrom or E)[2] then
- rspamd_logger.debugm(N, task, 'multiple header from not allowed')
- return false
- end
- local dkim_domain
- local hdom = ((hfrom or E)[1] or E).domain
- local edom = ((efrom or E)[1] or E).domain
- if hdom then
- hdom = hdom:lower()
- end
- if edom then
- edom = edom:lower()
- end
- if settings.use_domain_sign_networks and is_sign_networks then
- if settings.use_domain_sign_networks == 'header' then
- dkim_domain = hdom
- else
- dkim_domain = edom
- end
- elseif settings.use_domain_local and is_local then
- if settings.use_domain_local == 'header' then
- dkim_domain = hdom
- else
- dkim_domain = edom
- end
- else
- if settings.use_domain == 'header' then
- dkim_domain = hdom
- else
- dkim_domain = edom
- end
- end
- if not dkim_domain then
- rspamd_logger.debugm(N, task, 'could not extract dkim domain')
- return false
- end
- if settings.use_esld then
- dkim_domain = rspamd_util.get_tld(dkim_domain)
- if settings.use_domain == 'envelope' and hdom then
- hdom = rspamd_util.get_tld(hdom)
- elseif settings.use_domain == 'header' and edom then
- edom = rspamd_util.get_tld(edom)
- end
- end
- if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom then
- if settings.allow_hdrfrom_mismatch_local and is_local then
- rspamd_logger.debugm(N, task, 'domain mismatch allowed for local IP: %1 != %2', hdom, edom)
- elseif settings.allow_hdrfrom_mismatch_sign_networks and is_sign_networks then
- rspamd_logger.debugm(N, task, 'domain mismatch allowed for sign_networks: %1 != %2', hdom, edom)
- else
- rspamd_logger.debugm(N, task, 'domain mismatch not allowed: %1 != %2', hdom, edom)
- return false
- end
- end
- if auser and not settings.allow_username_mismatch then
- local udom = string.match(auser, '.*@(.*)')
- if not udom then
- rspamd_logger.debugm(N, task, 'couldnt find domain in username')
- return false
- end
- if settings.use_esld then
- udom = rspamd_util.get_tld(udom)
- end
- if udom ~= dkim_domain then
- rspamd_logger.debugm(N, task, 'user domain mismatch')
- return false
- end
- end
- local p = {}
- if settings.domain[dkim_domain] then
- p.selector = settings.domain[dkim_domain].selector
- p.key = settings.domain[dkim_domain].path
- end
- if not (p.key and p.selector) and not
- (settings.try_fallback or settings.use_redis or settings.selector_map or settings.path_map) then
- rspamd_logger.debugm(N, task, 'dkim unconfigured and fallback disabled')
- return false
- end
- if not p.key then
- if not settings.use_redis then
- p.key = settings.path
- end
- end
- if not p.selector then
- p.selector = settings.selector
- end
- p.domain = dkim_domain
+ local ret,p = dkim_sign_tools.prepare_dkim_signing(N, task, settings)
- if settings.selector_map then
- local data = settings.selector_map:get_key(dkim_domain)
- if data then
- p.selector = data
- end
- end
- if settings.path_map then
- local data = settings.path_map:get_key(dkim_domain)
- if data then
- p.key = data
- end
+ if not ret then
+ return
end
if settings.use_redis then