From 5104d145d7b1d0059c81bfcb43180c6b6e6514e2 Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Thu, 17 Dec 2020 12:58:39 +0200 Subject: [Minor] Move http_headers to plugin - Support multiple DKIM results - Insert DKIM trace symbols - Always disable callbacks if we got a header - Make the plugin default-disabled - Disable callbacks instead of virtual symbols --- rules/http_headers.lua | 181 ------------------------------------------------- rules/rspamd.lua | 1 - 2 files changed, 182 deletions(-) delete mode 100644 rules/http_headers.lua (limited to 'rules') diff --git a/rules/http_headers.lua b/rules/http_headers.lua deleted file mode 100644 index d02ac24f7..000000000 --- a/rules/http_headers.lua +++ /dev/null @@ -1,181 +0,0 @@ ---[[ -Copyright (c) 2015, Vsevolod Stakhov - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -]]-- - -local logger = require "rspamd_logger" -local ucl = require "ucl" - -local spf_symbols = { - symbol_allow = 'R_SPF_ALLOW', - symbol_deny = 'R_SPF_FAIL', - symbol_softfail = 'R_SPF_SOFTFAIL', - symbol_neutral = 'R_SPF_NEUTRAL', - symbol_tempfail = 'R_SPF_DNSFAIL', - symbol_na = 'R_SPF_NA', - symbol_permfail = 'R_SPF_PERMFAIL', -} - -local dkim_symbols = { - symbol_allow = 'R_DKIM_ALLOW', - symbol_deny = 'R_DKIM_REJECT', - symbol_tempfail = 'R_DKIM_TEMPFAIL', - symbol_na = 'R_DKIM_NA', - symbol_permfail = 'R_DKIM_PERMFAIL', -} - -local dmarc_symbols = { - allow = 'DMARC_POLICY_ALLOW', - badpolicy = 'DMARC_BAD_POLICY', - dnsfail = 'DMARC_DNSFAIL', - na = 'DMARC_NA', - reject = 'DMARC_POLICY_REJECT', - softfail = 'DMARC_POLICY_SOFTFAIL', - quarantine = 'DMARC_POLICY_QUARANTINE', -} - -local opts = rspamd_config:get_all_opt('dmarc') -if opts and opts['symbols'] then - for k,_ in pairs(dmarc_symbols) do - if opts['symbols'][k] then - dmarc_symbols[k] = opts['symbols'][k] - end - end -end - -opts = rspamd_config:get_all_opt('dkim') -if opts then - for k,_ in pairs(dkim_symbols) do - if opts[k] then - dkim_symbols[k] = opts[k] - end - end -end - -opts = rspamd_config:get_all_opt('spf') -if opts then - for k,_ in pairs(spf_symbols) do - if opts[k] then - spf_symbols[k] = opts[k] - end - end -end - --- Disable DKIM checks if passed via HTTP headers -rspamd_config:add_condition("R_DKIM_ALLOW", function(task) - local hdr = task:get_request_header('DKIM') - - if hdr then - local parser = ucl.parser() - local res, err = parser:parse_string(tostring(hdr)) - if not res then - logger.infox(task, "cannot parse DKIM header: %1", err) - return true - end - - local obj = parser:get_object() - - if obj['result'] then - if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header') - elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header') - elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then - task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header') - elseif obj['result'] == 'permfail' then - task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header') - elseif obj['result'] == 'na' then - task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header') - end - - return false - end - end - - return true -end) - --- Disable SPF checks if passed via HTTP headers -rspamd_config:add_condition("R_SPF_ALLOW", function(task) - local hdr = task:get_request_header('SPF') - - if hdr then - local parser = ucl.parser() - local res, err = parser:parse_string(tostring(hdr)) - if not res then - logger.infox(task, "cannot parse SPF header: %1", err) - return true - end - - local obj = parser:get_object() - - if obj['result'] then - if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result(spf_symbols['symbol_allow'], 1.0, 'http header') - elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result(spf_symbols['symbol_deny'], 1.0, 'http header') - elseif obj['result'] == 'neutral' then - task:insert_result(spf_symbols['symbol_neutral'], 1.0, 'http header') - elseif obj['result'] == 'softfail' then - task:insert_result(spf_symbols['symbol_softfail'], 1.0, 'http header') - elseif obj['result'] == 'permfail' then - task:insert_result(spf_symbols['symbol_permfail'], 1.0, 'http header') - elseif obj['result'] == 'na' then - task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header') - end - - return false - end - end - - return true -end) - -rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task) - local hdr = task:get_request_header('DMARC') - - if hdr then - local parser = ucl.parser() - local res, err = parser:parse_string(tostring(hdr)) - if not res then - logger.infox(task, "cannot parse DMARC header: %1", err) - return true - end - - local obj = parser:get_object() - - if obj['result'] then - if obj['result'] == 'pass' or obj['result'] == 'allow' then - task:insert_result(dmarc_symbols['allow'], 1.0, 'http header') - elseif obj['result'] == 'fail' or obj['result'] == 'reject' then - task:insert_result(dmarc_symbols['reject'], 1.0, 'http header') - elseif obj['result'] == 'quarantine' then - task:insert_result(dmarc_symbols['quarantine'], 1.0, 'http header') - elseif obj['result'] == 'tempfail' then - task:insert_result(dmarc_symbols['dnsfail'], 1.0, 'http header') - elseif obj['result'] == 'softfail' or obj['result'] == 'none' then - task:insert_result(dmarc_symbols['softfail'], 1.0, 'http header') - elseif obj['result'] == 'permfail' or obj['result'] == 'badpolicy' then - task:insert_result(dmarc_symbols['badpolicy'], 1.0, 'http header') - elseif obj['result'] == 'na' then - task:insert_result(dmarc_symbols['na'], 1.0, 'http header') - end - - return false - end - end - - return true -end) - diff --git a/rules/rspamd.lua b/rules/rspamd.lua index 64aefa9d1..c7efab76a 100644 --- a/rules/rspamd.lua +++ b/rules/rspamd.lua @@ -33,7 +33,6 @@ dofile(local_rules .. '/html.lua') dofile(local_rules .. '/headers_checks.lua') dofile(local_rules .. '/subject_checks.lua') dofile(local_rules .. '/misc.lua') -dofile(local_rules .. '/http_headers.lua') dofile(local_rules .. '/forwarding.lua') dofile(local_rules .. '/mid.lua') dofile(local_rules .. '/bitcoin.lua') -- cgit v1.2.3