Mercurial > dnsbl

diff src/context.cpp @ 326:5e4b5540c8cc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
allow multiple dkim signers in authentication results
author Carl Byington <carl@five-ten-sg.com>
date Sun, 18 Dec 2016 16:51:33 -0800
parents b6f173ac5209
children c9932c4d8053
line wrap: on
line diff
--- a/src/context.cpp	Sat Dec 17 21:59:23 2016 -0800
+++ b/src/context.cpp	Sun Dec 18 16:51:33 2016 -0800
@@ -1099,36 +1099,43 @@
 }
 
 
-bool CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *signer, const char *from, string& msg) {
-    const char *st = find_dkim_signer(signer);
+bool CONTEXT::acceptable_content(recorder &memory, int score, int bulk, string_set &signers, const char *from, string& msg) {
+    DKIMP dk = find_dkim_from(from);
+    bool requirement = false;
+    for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) {
+        const char *st = find_dkim_signer(*s);
+        // signed by a white listed signer
     if (st == token_white) return true;
+        // signed by a black listed signer
     if (st == token_black) {
         char buf[maxlen];
-        snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", signer);
+            snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", *s);
         msg = string(buf);
         return false;
     }
 
-    DKIMP dk = find_dkim_from(from);
     if (dk) {
         st = dk->action;
         // signed by a white listed signer
-        if ((st == token_signed_white)   && (strcasecmp(signer,dk->signer) == 0)) return true;
-        // not signed by the required signer
-        if ((st == token_require_signed) && (strcasecmp(signer,dk->signer) != 0)) {
-            char buf[maxlen];
-            snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer);
-            msg = string(buf);
-            return false;
-        }
+            if ((st == token_signed_white)   && (strcasecmp(*s,dk->signer) == 0)) return true;
+            // is it signed by the required signer
+            if ((st == token_require_signed) && (strcasecmp(*s,dk->signer) == 0)) requirement = true;
         // signed by a black listed signer
-        if ((st == token_signed_black)   && (strcasecmp(signer,dk->signer) == 0)) {
+            if ((st == token_signed_black)   && (strcasecmp(*s,dk->signer) == 0)) {
             char buf[maxlen];
             snprintf(buf, sizeof(buf), "Mail rejected - dkim signed by %s", dk->signer);
             msg = string(buf);
             return false;
         }
     }
+    }
+
+    if (dk && (dk->action == token_require_signed) && !requirement) {
+        char buf[maxlen];
+        snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer);
+        msg = string(buf);
+        return false;
+    }
 
     if (spamassassin_limit && (score > spamassassin_limit)) {
         char buf[maxlen];