[Minor] Move http_headers to plugin

 - Support multiple DKIM results
 - Insert DKIM trace symbols
 - Always disable callbacks if we got a header
 - Make the plugin default-disabled
 - Disable callbacks instead of virtual symbols

diff --git a/conf/modules.d/http_headers.conf b/conf/modules.d/http_headers.conf
new file mode 100644 (file)
index 0000000..51e5b82
--- /dev/null
+++ b/conf/modules.d/http_headers.conf
@@ -0,0 +1,22 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/http_headers.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/http_headers.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at  https://rspamd.com/doc/modules/http_headers.html
+
+http_headers {
+  # This module is default-disabled
+  enabled = false;
+
+  .include(try=true,priority=5) "${DBDIR}/dynamic/http_headers.conf"
+  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/http_headers.conf"
+  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/http_headers.conf"
+}

diff --git a/rules/rspamd.lua b/rules/rspamd.lua
index 64aefa9d19d1b821281d0f53ae0a98098eb4cc33..c7efab76a73b0793033276e104176c699845bee1 100644 (file)
--- a/rules/rspamd.lua
+++ b/rules/rspamd.lua
@@ -33,7 +33,6 @@ dofile(local_rules .. '/html.lua')
 dofile(local_rules .. '/headers_checks.lua')
 dofile(local_rules .. '/subject_checks.lua')
 dofile(local_rules .. '/misc.lua')
-dofile(local_rules .. '/http_headers.lua')
 dofile(local_rules .. '/forwarding.lua')
 dofile(local_rules .. '/mid.lua')
 dofile(local_rules .. '/bitcoin.lua')

diff --git a/rules/http_headers.lua b/src/plugins/lua/http_headers.lua
similarity index 71%
rename from rules/http_headers.lua
rename to src/plugins/lua/http_headers.lua
index d02ac24f7610526b7d9557424e35073a398324e6..b5018a225bd2b8fc9e19ed482c7e78134ba0972a 100644 (file)
--- a/rules/http_headers.lua
+++ b/src/plugins/lua/http_headers.lua
@@ -33,6 +33,14 @@ local dkim_symbols = {
   symbol_tempfail = 'R_DKIM_TEMPFAIL',
   symbol_na = 'R_DKIM_NA',
   symbol_permfail = 'R_DKIM_PERMFAIL',
+  symbol_trace = 'DKIM_TRACE',
+}
+
+local dkim_trace = {
+  pass = '+',
+  fail = '-',
+  temperror = '?',
+  permerror = '~',
 }
 
 local dmarc_symbols = {
@@ -73,7 +81,7 @@ if opts then
 end
 
 -- Disable DKIM checks if passed via HTTP headers
-rspamd_config:add_condition("R_DKIM_ALLOW", function(task)
+rspamd_config:add_condition("DKIM_CHECK", function(task)
   local hdr = task:get_request_header('DKIM')
 
   if hdr then
@@ -84,30 +92,43 @@ rspamd_config:add_condition("R_DKIM_ALLOW", function(task)
       return true
     end
 
-    local obj = parser:get_object()
+    local p_obj = parser:get_object()
+    local results = p_obj['results']
+    if not results and p_obj['result'] then
+      results = {{result = p_obj['result'], domain = 'unknown'}}
+    end
 
-    if obj['result'] then
-      if obj['result'] == 'pass' or obj['result'] == 'allow' then
-        task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')
-      elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
-        task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')
-      elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then
-        task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')
-      elseif obj['result'] == 'permfail' then
-        task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')
-      elseif obj['result'] == 'na' then
-        task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')
+    if results then
+      for _, obj in ipairs(results) do
+       local dkim_domain = obj['domain'] or 'unknown'
+        if obj['result'] == 'pass' or obj['result'] == 'allow' then
+          task:insert_result(dkim_symbols['symbol_allow'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+             string.format('%s:%s', dkim_domain, dkim_trace.pass))
+        elseif obj['result'] == 'fail' or obj['result'] == 'reject' then
+          task:insert_result(dkim_symbols['symbol_deny'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+             string.format('%s:%s', dkim_domain, dkim_trace.fail))
+        elseif obj['result'] == 'tempfail' or obj['result'] == 'softfail' then
+          task:insert_result(dkim_symbols['symbol_tempfail'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+             string.format('%s:%s', dkim_domain, dkim_trace.temperror))
+        elseif obj['result'] == 'permfail' then
+          task:insert_result(dkim_symbols['symbol_permfail'], 1.0, 'http header')
+          task:insert_result(dkim_symbols['symbol_trace'], 1.0,
+             string.format('%s:%s', dkim_domain, dkim_trace.permerror))
+        elseif obj['result'] == 'na' then
+          task:insert_result(dkim_symbols['symbol_na'], 1.0, 'http header')
+        end
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)
 
 -- Disable SPF checks if passed via HTTP headers
-rspamd_config:add_condition("R_SPF_ALLOW", function(task)
+rspamd_config:add_condition("SPF_CHECK", function(task)
   local hdr = task:get_request_header('SPF')
 
   if hdr then
@@ -134,15 +155,13 @@ rspamd_config:add_condition("R_SPF_ALLOW", function(task)
       elseif obj['result'] == 'na' then
         task:insert_result(spf_symbols['symbol_na'], 1.0, 'http header')
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)
 
-rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)
+rspamd_config:add_condition("DMARC_CALLBACK", function(task)
   local hdr = task:get_request_header('DMARC')
 
   if hdr then
@@ -171,11 +190,9 @@ rspamd_config:add_condition("DMARC_POLICY_ALLOW", function(task)
       elseif obj['result'] == 'na' then
         task:insert_result(dmarc_symbols['na'], 1.0, 'http header')
       end
-
-      return false
     end
   end
 
-  return true
+  return false
 end)