Change DKIM to new method, add clamav forced action when virus is found"
This commit is contained in:
parent
f9662025cc
commit
fd84b2ffa9
@ -1,34 +0,0 @@
|
|||||||
sign_condition =<<EOD
|
|
||||||
return function(task)
|
|
||||||
local smtp_from = task:get_from('smtp')
|
|
||||||
local mime_from = task:get_from('mime')
|
|
||||||
local rspamd_logger = require "rspamd_logger"
|
|
||||||
if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
|
|
||||||
domain = smtp_from[1]['domain']
|
|
||||||
rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
|
|
||||||
if not task:get_user() then
|
|
||||||
rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
|
|
||||||
domain = mime_from[1]['domain']
|
|
||||||
rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
|
|
||||||
else
|
|
||||||
rspamd_logger.infox(task, "cannot determine domain for dkim signing")
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
|
|
||||||
if keyfile then
|
|
||||||
rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
|
|
||||||
keyfile:close()
|
|
||||||
return {
|
|
||||||
key = "/data/dkim/keys/" .. domain .. ".dkim",
|
|
||||||
domain = domain,
|
|
||||||
selector = "dkim"
|
|
||||||
}
|
|
||||||
else
|
|
||||||
rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
EOD;
|
|
28
data/conf/rspamd/local.d/dkim_signing.conf
Normal file
28
data/conf/rspamd/local.d/dkim_signing.conf
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# If false, messages with empty envelope from are not signed
|
||||||
|
allow_envfrom_empty = false;
|
||||||
|
# If true, envelope/header domain mismatch is ignored
|
||||||
|
allow_hdrfrom_mismatch = true;
|
||||||
|
# If true, multiple from headers are allowed (but only first is used)
|
||||||
|
allow_hdrfrom_multiple = true;
|
||||||
|
# If true, username does not need to contain matching domain
|
||||||
|
allow_username_mismatch = true;
|
||||||
|
# If false, messages from authenticated users are not selected for signing
|
||||||
|
auth_only = true;
|
||||||
|
# Default path to key, can include '$domain' and '$selector' variables
|
||||||
|
path = "/data/dkim/keys/$domain.dkim";
|
||||||
|
# Default selector to use
|
||||||
|
selector = "dkim";
|
||||||
|
# If false, messages from local networks are not selected for signing
|
||||||
|
sign_local = true;
|
||||||
|
# Symbol to add when message is signed
|
||||||
|
symbol = "DKIM_SIGNED";
|
||||||
|
# Whether to fallback to global config
|
||||||
|
try_fallback = true;
|
||||||
|
# Domain to use for DKIM signing: can be "header" or "envelope"
|
||||||
|
use_domain = "envelope";
|
||||||
|
# Whether to normalise domains to eSLD
|
||||||
|
use_esld = true;
|
||||||
|
# Whether to get keys from Redis
|
||||||
|
use_redis = false;
|
||||||
|
# Hash for DKIM keys in Redis
|
||||||
|
hash_key = "DKIM_KEYS";
|
@ -4,4 +4,9 @@ rules {
|
|||||||
expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
|
expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
|
||||||
require_action = ["no action", "greylist"];
|
require_action = ["no action", "greylist"];
|
||||||
}
|
}
|
||||||
|
VIRUS_FOUND {
|
||||||
|
action = "reject";
|
||||||
|
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
|
||||||
|
honor_action = ["reject"];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user