changeset 329:c9932c4d8053

allow multiple dkim signers in authentication results
author Carl Byington <carl@five-ten-sg.com>
date Mon, 19 Dec 2016 08:29:16 -0800
parents b4f766947202
children b5b93a7e1e6d
files src/context.cpp src/context.h src/dnsbl.cpp
diffstat 3 files changed, 26 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/context.cpp	Sun Dec 18 17:55:16 2016 -0800
+++ b/src/context.cpp	Mon Dec 19 08:29:16 2016 -0800
@@ -1099,13 +1099,23 @@
 }
 
 
-bool CONTEXT::acceptable_content(recorder &memory, int score, int bulk, string_set &signers, const char *from, string& msg) {
+void CONTEXT::log(const char *queueid, const char *msg, const char *v) {
+    char buf[maxlen];
+    snprintf(buf, maxlen, msg, v);
+    my_syslog(queueid, buf);
+}
+
+
+bool CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, string& msg) {
     DKIMP dk = find_dkim_from(from);
     bool requirement = false;
     for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) {
         const char *st = find_dkim_signer(*s);
         // signed by a white listed signer
-        if (st == token_white) return true;
+        if (st == token_white) {
+            log(queueid, "whitelisted dkim signer %s", *s);
+            return true;
+        }
         // signed by a black listed signer
         if (st == token_black) {
             char buf[maxlen];
@@ -1117,9 +1127,15 @@
         if (dk) {
             st = dk->action;
             // signed by a white listed signer
-            if ((st == token_signed_white)   && (strcasecmp(*s,dk->signer) == 0)) return true;
-            // is it signed by the required signer
-            if ((st == token_require_signed) && (strcasecmp(*s,dk->signer) == 0)) requirement = true;
+            if ((st == token_signed_white)   && (strcasecmp(*s,dk->signer) == 0)) {
+                log(queueid, "whitelisted dkim signer %s", *s);
+                return true;
+            }
+            // signed by the required signer
+            if ((st == token_require_signed) && (strcasecmp(*s,dk->signer) == 0)) {
+                log(queueid, "required dkim signer %s", *s);
+                requirement = true;
+            }
             // signed by a black listed signer
             if ((st == token_signed_black)   && (strcasecmp(*s,dk->signer) == 0)) {
                 char buf[maxlen];
@@ -1211,14 +1227,14 @@
             const char *a = (*i).second;
             printf("%s             %s %s; \n", indent, n, a);
         }
-        printf("%s         } \n", indent);
+        printf("%s         }; \n", indent);
         printf("%s         dkim_from { \n", indent);
         for (dkimp_map::iterator i=dkim_from_names.begin(); i!=dkim_from_names.end(); i++) {
             const char *n = (*i).first;
             DKIM &d = *(*i).second;
             printf("%s             %s %s %s; \n", indent, n, d.action, d.signer);
         }
-        printf("%s         } \n", indent);
+        printf("%s         }; \n", indent);
         if (content_suffix) {
             printf("%s         filter %s \"%s\"; \n", indent, content_suffix, content_message);
         }
--- a/src/context.h	Sun Dec 18 17:55:16 2016 -0800
+++ b/src/context.h	Mon Dec 19 08:29:16 2016 -0800
@@ -312,7 +312,8 @@
     dnsblp_list&    get_dnsbl_list();
     dnswlp_list&    get_dnswl_list();
 
-    bool        acceptable_content(recorder &memory, int score, int bulk, string_set &signers, const char *from, string& msg);
+    void        log(const char *queueid, const char *msg, const char *v);
+    bool        acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, string& msg);
     bool        ignore_host(const char *host);
 
     void        dump(bool isdefault, bool &spamass, int level = 0);
--- a/src/dnsbl.cpp	Sun Dec 18 17:55:16 2016 -0800
+++ b/src/dnsbl.cpp	Mon Dec 19 08:29:16 2016 -0800
@@ -1603,7 +1603,7 @@
         for (context_map::iterator i=priv.env_to.begin(); i!=priv.env_to.end(); i++) {
             const char *rcpt   = (*i).first;
             CONTEXT &con = *((*i).second);
-            if (!con.acceptable_content(*priv.memory, score, bulk, priv.dkim_signers, priv.fromaddr, msg)) {
+            if (!con.acceptable_content(*priv.memory, score, bulk, priv.queueid, priv.dkim_signers, priv.fromaddr, msg)) {
                 // bad html tags or excessive hosts or
                 // high spam assassin score or dcc bulk threshold exceedeed
                 // or signed by a dkim signer that we don't like