commit 43dfa08: [Fix] Do not blacklist mail by SPF/DMARC for local/authed users
Vsevolod Stakhov
vsevolod at highsecure.ru
Sat May 4 13:14:10 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-05-04 14:09:35 +0100
URL: https://github.com/rspamd/rspamd/commit/43dfa08ded5f0e78b321d4df54f960c07e631593
[Fix] Do not blacklist mail by SPF/DMARC for local/authed users
Issue: #2871
---
src/plugins/lua/dmarc.lua | 4 ++--
src/plugins/lua/whitelist.lua | 37 ++++++++++++++++++++++++++++++++++---
2 files changed, 36 insertions(+), 5 deletions(-)
diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua
index 2c9bf1951..333eb6f55 100644
--- a/src/plugins/lua/dmarc.lua
+++ b/src/plugins/lua/dmarc.lua
@@ -564,13 +564,13 @@ local function dmarc_callback(task)
local seen_invalid = false
if dmarc_checks ~= 2 then
- rspamd_logger.infox(task, "skip DMARC checks as either SPF or DKIM were not checked");
+ rspamd_logger.infox(task, "skip DMARC checks as either SPF or DKIM were not checked")
return
end
if ((not check_authed and task:get_user()) or
(not check_local and ip_addr and ip_addr:is_local())) then
- rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users");
+ rspamd_logger.infox(task, "skip DMARC checks for local networks and authorized users")
return
end
diff --git a/src/plugins/lua/whitelist.lua b/src/plugins/lua/whitelist.lua
index b9dce612b..4836f2d02 100644
--- a/src/plugins/lua/whitelist.lua
+++ b/src/plugins/lua/whitelist.lua
@@ -29,7 +29,8 @@ local options = {
dmarc_allow_symbol = 'DMARC_POLICY_ALLOW',
spf_allow_symbol = 'R_SPF_ALLOW',
dkim_allow_symbol = 'R_DKIM_ALLOW',
-
+ check_local = false,
+ check_authed = false,
rules = {}
}
@@ -127,6 +128,7 @@ local function whitelist_cb(symbol, rule, task)
local spf_violated = false
local dmarc_violated = false
+ local ip_addr = task:get_ip()
if rule['valid_spf'] then
if not task:has_symbol(options['spf_allow_symbol']) then
@@ -243,6 +245,7 @@ local function whitelist_cb(symbol, rule, task)
end
if rule.valid_dmarc then
+
found_wl = false
for dom,val in pairs(domains.dmarc or E) do
@@ -281,7 +284,16 @@ local function whitelist_cb(symbol, rule, task)
end
if found_bl then
- add_symbol(true, final_mult)
+ if not ((not options.check_authed and task:get_user()) or
+ (not options.check_local and ip_addr and ip_addr:is_local())) then
+ add_symbol(true, final_mult)
+ else
+ if rule.valid_spf or rule.valid_dmarc then
+ rspamd_logger.infox(task, "skip DMARC/SPF blacklists for local networks and/or authorized users")
+ else
+ add_symbol(true, final_mult)
+ end
+ end
elseif found_wl then
add_symbol(false, final_mult)
end
@@ -295,11 +307,30 @@ local function gen_whitelist_cb(symbol, rule)
end
local configure_whitelist_module = function()
- local opts = rspamd_config:get_all_opt('whitelist')
+ local opts = rspamd_config:get_all_opt('whitelist')
if opts then
for k,v in pairs(opts) do
options[k] = v
end
+
+ local function try_opts(where)
+ local ret = false
+ local opts = rspamd_config:get_all_opt(where)
+ if type(opts) == 'table' then
+ if type(opts['check_local']) == 'boolean' then
+ options.check_local = opts['check_local']
+ ret = true
+ end
+ if type(opts['check_authed']) == 'boolean' then
+ options.check_authed = opts['check_authed']
+ ret = true
+ end
+ end
+
+ return ret
+ end
+
+ if not try_opts(N) then try_opts('options') end
else
rspamd_logger.infox(rspamd_config, 'Module is unconfigured')
return
More information about the Commits
mailing list