From 07f4c49ea5720265aebcd6e4a6f0635d382f5938 Mon Sep 17 00:00:00 2001
From: Andrew Lewis <nerf@judo.za.org>
Date: Mon, 29 Aug 2016 14:41:12 +0200
Subject: [PATCH] [Feature] Add R_DKIM_NA / R_SPF_NA / AUTH_NA symbols

---
 conf/composites.conf     |  4 ++++
 src/plugins/dkim_check.c | 31 +++++++++++++++++++++++++++++++
 src/plugins/spf.c        | 37 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/conf/composites.conf b/conf/composites.conf
index d6d845fe9b..d2e71bedf8 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -41,6 +41,10 @@ composite "FORGED_MUA_MAILLIST" {
 composite "RBL_SPAMHAUS_XBL_ANY" {
     expression = "(-RBL_SPAMHAUS_XBL | -RBL_SPAMHAUS_XBL1 | -RBL_SPAMHAUS_XBL2 | -RBL_SPAMHAUS_XBL3) & RECEIVED_SPAMHAUS_XBL";
 }
+composite "AUTH_NA" {
+    expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA";
+    score = 1.0;
+}
 
 .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
 .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 71e3b930a7..2e0b6d8a27 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -20,6 +20,7 @@
  * - symbol_allow (string): symbol to insert in case of allow (default: 'R_DKIM_ALLOW')
  * - symbol_reject (string): symbol to insert (default: 'R_DKIM_REJECT')
  * - symbol_tempfail (string): symbol to insert in case of temporary fail (default: 'R_DKIM_TEMPFAIL')
+ * - symbol_na (string): symbol to insert in case of no signing (default: 'R_DKIM_NA')
  * - whitelist (map): map of whitelisted networks
  * - domains (map): map of domains to check
  * - strict_multiplier (number): multiplier for strict domains
@@ -40,6 +41,7 @@
 #define DEFAULT_SYMBOL_REJECT "R_DKIM_REJECT"
 #define DEFAULT_SYMBOL_TEMPFAIL "R_DKIM_TEMPFAIL"
 #define DEFAULT_SYMBOL_ALLOW "R_DKIM_ALLOW"
+#define DEFAULT_SYMBOL_NA "R_DKIM_NA"
 #define DEFAULT_CACHE_SIZE 2048
 #define DEFAULT_CACHE_MAXAGE 86400
 #define DEFAULT_TIME_JITTER 60
@@ -50,6 +52,7 @@ struct dkim_ctx {
 	const gchar *symbol_reject;
 	const gchar *symbol_tempfail;
 	const gchar *symbol_allow;
+	const gchar *symbol_na;
 
 	rspamd_mempool_t *dkim_pool;
 	radix_compressed_t *whitelist_ip;
@@ -163,6 +166,15 @@ dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 			0,
 			NULL,
 			0);
+	rspamd_rcl_add_doc_by_path (cfg,
+			"dkim",
+			"Symbol that is added if mail is not signed",
+			"symbol_na",
+			UCL_STRING,
+			NULL,
+			0,
+			NULL,
+			0);
 	rspamd_rcl_add_doc_by_path (cfg,
 			"dkim",
 			"Size of DKIM keys cache",
@@ -284,6 +296,13 @@ dkim_module_config (struct rspamd_config *cfg)
 	else {
 		dkim_module_ctx->symbol_allow = DEFAULT_SYMBOL_ALLOW;
 	}
+	if ((value =
+		rspamd_config_get_module_opt (cfg, "dkim", "symbol_na")) != NULL) {
+		dkim_module_ctx->symbol_na = ucl_obj_tostring (value);
+	}
+	else {
+		dkim_module_ctx->symbol_na = DEFAULT_SYMBOL_NA;
+	}
 	if ((value =
 		rspamd_config_get_module_opt (cfg, "dkim",
 		"dkim_cache_size")) != NULL) {
@@ -376,6 +395,12 @@ dkim_module_config (struct rspamd_config *cfg)
 			NULL,
 			SYMBOL_TYPE_NORMAL|SYMBOL_TYPE_FINE,
 			-1);
+		rspamd_symbols_cache_add_symbol (cfg->cache,
+			dkim_module_ctx->symbol_na,
+			0,
+			NULL, NULL,
+			SYMBOL_TYPE_VIRTUAL|SYMBOL_TYPE_FINE,
+			cb_id);
 		rspamd_symbols_cache_add_symbol (cfg->cache,
 			dkim_module_ctx->symbol_tempfail,
 			0,
@@ -769,6 +794,12 @@ dkim_symbol_callback (struct rspamd_task *task, void *unused)
 			}
 		}
 	}
+	else {
+		rspamd_task_insert_result (task,
+				dkim_module_ctx->symbol_na,
+				1.0,
+				NULL);
+	}
 
 	if (res != NULL) {
 		rspamd_session_watcher_push (task->s);
diff --git a/src/plugins/spf.c b/src/plugins/spf.c
index 6e466a11f0..0cce844d6d 100644
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -20,6 +20,8 @@
  * - symbol_allow (string): symbol to insert (default: 'R_SPF_ALLOW')
  * - symbol_fail (string): symbol to insert (default: 'R_SPF_FAIL')
  * - symbol_softfail (string): symbol to insert (default: 'R_SPF_SOFTFAIL')
+ * - symbol_na (string): symbol to insert (default: 'R_SPF_NA')
+ * - symbol_dnsfail (string): symbol to insert (default: 'R_SPF_DNSFAIL')
  * - whitelist (map): map of whitelisted networks
  */
 
@@ -36,6 +38,7 @@
 #define DEFAULT_SYMBOL_NEUTRAL "R_SPF_NEUTRAL"
 #define DEFAULT_SYMBOL_ALLOW "R_SPF_ALLOW"
 #define DEFAULT_SYMBOL_DNSFAIL "R_SPF_DNSFAIL"
+#define DEFAULT_SYMBOL_NA "R_SPF_NA"
 #define DEFAULT_CACHE_SIZE 2048
 #define DEFAULT_CACHE_MAXAGE 86400
 
@@ -46,6 +49,7 @@ struct spf_ctx {
 	const gchar *symbol_neutral;
 	const gchar *symbol_allow;
 	const gchar *symbol_dnsfail;
+	const gchar *symbol_na;
 
 	rspamd_mempool_t *spf_pool;
 	radix_compressed_t *whitelist_ip;
@@ -143,6 +147,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 			0,
 			NULL,
 			0);
+	rspamd_rcl_add_doc_by_path (cfg,
+			"spf",
+			"Symbol that is added if no SPF policy is found",
+			"symbol_na",
+			UCL_STRING,
+			NULL,
+			0,
+			NULL,
+			0);
 	rspamd_rcl_add_doc_by_path (cfg,
 			"spf",
 			"Size of SPF parsed records cache",
@@ -205,6 +218,13 @@ spf_module_config (struct rspamd_config *cfg)
 	else {
 		spf_module_ctx->symbol_dnsfail = DEFAULT_SYMBOL_DNSFAIL;
 	}
+	if ((value =
+		rspamd_config_get_module_opt (cfg, "spf", "symbol_na")) != NULL) {
+		spf_module_ctx->symbol_na = ucl_obj_tostring (value);
+	}
+	else {
+		spf_module_ctx->symbol_na = DEFAULT_SYMBOL_NA;
+	}
 	if ((value =
 		rspamd_config_get_module_opt (cfg, "spf", "spf_cache_size")) != NULL) {
 		cache_size = ucl_obj_toint (value);
@@ -231,6 +251,11 @@ spf_module_config (struct rspamd_config *cfg)
 			NULL, NULL,
 			SYMBOL_TYPE_VIRTUAL,
 			cb_id);
+	rspamd_symbols_cache_add_symbol (cfg->cache,
+			spf_module_ctx->symbol_na, 0,
+			NULL, NULL,
+			SYMBOL_TYPE_VIRTUAL,
+			cb_id);
 	rspamd_symbols_cache_add_symbol (cfg->cache,
 			spf_module_ctx->symbol_neutral, 0,
 			NULL, NULL,
@@ -417,7 +442,13 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task,
 	struct spf_resolved *l;
 	struct rspamd_async_watcher *w = ud;
 
-	if (record && record->elts->len > 0 && record->domain) {
+	if (record && record->elts->len == 0) {
+		rspamd_task_insert_result (task,
+				spf_module_ctx->symbol_na,
+				1,
+				NULL);
+	}
+	else if (record && record->elts->len > 0 && record->domain) {
 
 		if ((l = rspamd_lru_hash_lookup (spf_module_ctx->spf_hash,
 					record->domain, task->tv.tv_sec)) == NULL) {
@@ -472,6 +503,10 @@ spf_symbol_callback (struct rspamd_task *task, void *unused)
 			if (!rspamd_spf_resolve (task, spf_plugin_callback, w)) {
 				msg_info_task ("cannot make spf request for [%s]",
 						task->message_id);
+				rspamd_task_insert_result (task,
+						spf_module_ctx->symbol_dnsfail,
+						1,
+						"(SPF): spf DNS fail");
 			}
 			else {
 				rspamd_session_watcher_push (task->s);
-- 
2.47.3