Change DKIM to new method, add clamav forced action when virus is found"

2017-04-25 20:32:36 +02:00 · 2017-04-25 20:32:36 +02:00 · fd84b2ffa9
parent f9662025cc
commit fd84b2ffa9
3 changed files with 33 additions and 34 deletions
--- a/data/conf/rspamd/local.d/dkim.conf
+++ b/data/conf/rspamd/local.d/dkim.conf
@ -1,34 +0,0 @@
-sign_condition =<<EOD
-return function(task)
-  local smtp_from = task:get_from('smtp')
-  local mime_from = task:get_from('mime')
-  local rspamd_logger = require "rspamd_logger"
-  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
-    domain = smtp_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
-    if not task:get_user() then
-      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
-      return false
-    end
-  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
-    domain = mime_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
-  else
-    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
-    return false
-  end
-  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
-  if keyfile then
-    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
-    keyfile:close()
-    return {
-      key = "/data/dkim/keys/" .. domain .. ".dkim",
-      domain = domain,
-      selector = "dkim"
-    }
-  else
-    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
-  end
-  return false
-end
-EOD;
--- a/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@ -0,0 +1,28 @@
+# If false, messages with empty envelope from are not signed
+allow_envfrom_empty = false;
+# If true, envelope/header domain mismatch is ignored
+allow_hdrfrom_mismatch = true;
+# If true, multiple from headers are allowed (but only first is used)
+allow_hdrfrom_multiple = true;
+# If true, username does not need to contain matching domain
+allow_username_mismatch = true;
+# If false, messages from authenticated users are not selected for signing
+auth_only = true;
+# Default path to key, can include '$domain' and '$selector' variables
+path = "/data/dkim/keys/$domain.dkim";
+# Default selector to use
+selector = "dkim";
+# If false, messages from local networks are not selected for signing
+sign_local = true;
+# Symbol to add when message is signed
+symbol = "DKIM_SIGNED";
+# Whether to fallback to global config
+try_fallback = true;
+# Domain to use for DKIM signing: can be "header" or "envelope"
+use_domain = "envelope";
+# Whether to normalise domains to eSLD
+use_esld = true;
+# Whether to get keys from Redis
+use_redis = false;
+# Hash for DKIM keys in Redis
+hash_key = "DKIM_KEYS";
--- a/data/conf/rspamd/local.d/force_actions.conf
+++ b/data/conf/rspamd/local.d/force_actions.conf
@ -4,4 +4,9 @@ rules {
    expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
    require_action = ["no action", "greylist"];
  }
+  VIRUS_FOUND {
+    action = "reject";
+    expression = "CLAM_VIRUS & !MAILCOW_WHITE";
+    honor_action = ["reject"];
+  }
 }