commit 5104d14: [Minor] Move http_headers to plugin

Andrew Lewis nerf at judo.za.org
Sat Dec 19 21:07:07 UTC 2020 

Author: Andrew Lewis
Date: 2020-12-17 12:58:39 +0200
URL: https://github.com/rspamd/rspamd/commit/5104d145d7b1d0059c81bfcb43180c6b6e6514e2 (refs/pull/3577/head)

[Minor] Move http_headers to plugin
 - Support multiple DKIM results
 - Insert DKIM trace symbols
 - Always disable callbacks if we got a header
 - Make the plugin default-disabled
 - Disable callbacks instead of virtual symbols

---
 conf/modules.d/{spf.conf => http_headers.conf} | 18 +++----
 rules/rspamd.lua                               |  1 -
 {rules => src/plugins/lua}/http_headers.lua    | 65 ++++++++++++++++----------
 3 files changed, 50 insertions(+), 34 deletions(-)

diff --git a/conf/modules.d/spf.conf b/conf/modules.d/http_headers.conf
similarity index 50%
copy from conf/modules.d/spf.conf
copy to conf/modules.d/http_headers.conf
index c4284bc1c..51e5b82f8 100644
--- a/conf/modules.d/spf.conf
+++ b/conf/modules.d/http_headers.conf
@@ -1,22 +1,22 @@
 # Please don't modify this file as your changes might be overwritten with
 # the next update.
 #
-# You can modify 'local.d/spf.conf' to add and merge
+# You can modify 'local.d/http_headers.conf' to add and merge
 # parameters defined inside this section
 #
-# You can modify 'override.d/spf.conf' to strictly override all
+# You can modify 'override.d/http_headers.conf' to strictly override all
 # parameters defined inside this section
 #
 # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
 # for details
 #
-# Module documentation can be found at  https://rspamd.com/doc/modules/spf.html
-spf {
-  spf_cache_size = 2k;
-  spf_cache_expire = 1d;
+# Module documentation can be found at  https://rspamd.com/doc/modules/http_headers.html
 
-  .include(try=true,priority=5) "${DBDIR}/dynamic/spf.conf"
-  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/spf.conf"
-  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/spf.conf"
+http_headers {
+  # This module is default-disabled
+  enabled = false;
 
+  .include(try=true,priority=5) "${DBDIR}/dynamic/http_headers.conf"
+  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/http_headers.conf"
+  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/http_headers.conf"
 }
diff --git a/rules/rspamd.lua b/rules/rspamd.lua
index 64aefa9d1..c7efab76a 100644
--- a/rules/rspamd.lua
+++ b/rules/rspamd.lua
@@ -33,7 +33,6 @@ dofile(local_rules .. '/html.lua')
 dofile(local_rules .. '/headers_checks.lua')
 dofile(local_rules .. '/subject_checks.lua')
 dofile(local_rules .. '/misc.lua')
-dofile(local_rules .. '/http_headers.lua')
 dofile(local_rules .. '/forwarding.lua')
 dofile(local_rules .. '/mid.lua')
 dofile(local_rules .. '/bitcoin.lua')
diff --git a/rules/http_headers.lua b/src/plugins/lua/http_headers.lua
similarity index 71%
rename from rules/http_headers.lua
rename to src/plugins/lua/http_headers.lua
index d02ac24f7..b5018a225 100644
--- a/rules/http_headers.lua
+++ b/src/plugins/lua/http_headers.lua
@@ -33,6 +33,14 @@ local dkim_symbols = {
   symbol_tempfail = 'R_DKIM_TEMPFAIL',
   symbol_na = 'R_DKIM_NA',
   symbol_permfail = 'R_DKIM_PERMFAIL',
+  symbol_trace = 'DKIM_TRACE',
+}
+
+local dkim_trace = {
+  pass = '+',
+  fail = '-',
+  temperror = '?',
+  permerror = '~',
 }
 
 local dmarc_symbols = {
@@ -73,7 +81,7 @@ if opts then
 end
 
 -- Disable DKIM checks if passed via HTTP headers
-rspamd_config:add_condition("R_DKIM_ALLOW", function(task)
+rspamd_config:add_condition("DKIM_CHECK", function(task)
   local hdr = task:get_request_header('DKIM')
 
   if hdr then
@@ -84,30 +92,43 @@ rspamd_config:add_condition("R_DKIM_ALLOW", function(task)
       return true
     end
 
-    local obj = parser:get_object()
+    local p_obj = parser:get_object()
+    local results = p_obj['results']
+    if not results and p_obj['result'] then
+      results = {{result = p_obj['result'], domain = 'unknown'}}
+    end
 
-    if obj['result'] then
-      if obj['result'] == 'pass' or obj['result'] == 'allow' then
-        task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')
-      elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
-        task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')
-      elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then
-        task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')
-      elseif obj['result'] == 'permfail' then
-        task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')
-      elseif obj['result'] == 'na' then
-        task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')
+    if results then
+      for _, obj in ipairs(results) do
+	local dkim_domain = obj['domain'] or 'unknown'
+        if obj['result'] == 'pass' or obj['result'] == 'allow' then
+          task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+	      string.format('%s:%s', dkim_domain, dkim_trace.pass))
+        elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
+          task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+	      string.format('%s:%s', dkim_domain, dkim_trace.fail))
+        elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then
+          task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+	      string.format('%s:%s', dkim_domain, dkim_trace.temperror))
+        elseif obj['result'] == 'permfail' then
+          task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+	      string.format('%s:%s', dkim_domain, dkim_trace.permerror))
+        elseif obj['result'] == 'na' then
+          task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')
+        end
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)
 
 -- Disable SPF checks if passed via HTTP headers
-rspamd_config:add_condition("R_SPF_ALLOW", function(task)
+rspamd_config:add_condition("SPF_CHECK", function(task)
   local hdr = task:get_request_header('SPF')
 
   if hdr then
@@ -134,15 +155,13 @@ rspamd_config:add_condition("R_SPF_ALLOW", function(task)
       elseif obj['result'] == 'na' then
         task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header')
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)
 
-rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)
+rspamd_config:add_condition("DMARC_CALLBACK", function(task)
   local hdr = task:get_request_header('DMARC')
 
   if hdr then
@@ -171,11 +190,9 @@ rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)
       elseif obj['result'] == 'na' then
         task:insert_result(dmarc_symbols['na'], 1.0, 'http header')
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)

More information about the Commits mailing list