FreeBSD Bugzilla – Attachment 204383 Details for
Bug 237905
mail/rspamd: Add upstream patches to fix ARC signing and dynamic ratelimit score
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
rspamd.patch (text/plain), 7.32 KB, created by
Alexander Moisseev
on 2019-05-15 07:20:04 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Alexander Moisseev
Created:
2019-05-15 07:20:04 UTC
Size:
7.32 KB
patch
obsolete
>Index: mail/rspamd/Makefile >=================================================================== >--- mail/rspamd/Makefile (revision 501689) >+++ mail/rspamd/Makefile (working copy) >@@ -2,6 +2,7 @@ > > PORTNAME= rspamd > PORTVERSION= 1.9.3 >+PORTREVISION= 1 > CATEGORIES= mail > > MAINTAINER= vsevolod@FreeBSD.org >Index: mail/rspamd/files/patch-lualib_lua__auth__results.lua >=================================================================== >--- mail/rspamd/files/patch-lualib_lua__auth__results.lua (nonexistent) >+++ mail/rspamd/files/patch-lualib_lua__auth__results.lua (working copy) >@@ -0,0 +1,14 @@ >+--- lualib/lua_auth_results.lua.orig 2019-05-13 13:23:04 UTC >++++ lualib/lua_auth_results.lua >+@@ -49,7 +49,10 @@ local default_settings = { >+ add_smtp_user = true, >+ } >+ >+-local exports = {} >++local exports = { >++ default_settings = default_settings >++} >++ >+ local local_hostname = rspamd_util.get_hostname() >+ >+ local function gen_auth_results(task, settings) > >Property changes on: mail/rspamd/files/patch-lualib_lua__auth__results.lua >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: mail/rspamd/files/patch-lualib_lua__dkim__tools.lua >=================================================================== >--- mail/rspamd/files/patch-lualib_lua__dkim__tools.lua (nonexistent) >+++ mail/rspamd/files/patch-lualib_lua__dkim__tools.lua (working copy) >@@ -0,0 +1,12 @@ >+--- lualib/lua_dkim_tools.lua.orig 2019-05-13 13:23:04 UTC >++++ lualib/lua_dkim_tools.lua >+@@ -609,7 +609,8 @@ exports.sign_using_vault = function(N, task, settings, >+ local dkim_sign_data = { >+ rawkey = p.key, >+ selector = p.selector, >+- domain = p.domain or selectors.domain >++ domain = p.domain or selectors.domain, >++ alg = p.alg, >+ } >+ lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault', >+ dkim_sign_data.domain, dkim_sign_data.selector) > >Property changes on: mail/rspamd/files/patch-lualib_lua__dkim__tools.lua >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: mail/rspamd/files/patch-src_plugins_lua_arc.lua >=================================================================== >--- mail/rspamd/files/patch-src_plugins_lua_arc.lua (nonexistent) >+++ mail/rspamd/files/patch-src_plugins_lua_arc.lua (working copy) >@@ -0,0 +1,111 @@ >+--- src/plugins/lua/arc.lua.orig 2019-05-13 13:23:04 UTC >++++ src/plugins/lua/arc.lua >+@@ -91,10 +91,7 @@ local settings = { >+ } >+ >+ -- To match normal AR >+-local ar_settings = { >+- add_smtp_user = true, >+- stop_chars = ';' >+-} >++local ar_settings = auth_results.default_settings >+ >+ local function parse_arc_header(hdr, target) >+ -- Split elements by ';' and trim spaces >+@@ -512,7 +509,33 @@ local function arc_sign_seal(task, params, header) >+ task:insert_result(settings.sign_symbol, 1.0, string.format('i=%d', cur_idx)) >+ end >+ >++local function prepare_arc_selector(task, sel) >++ local arc_seals = task:cache_get('arc-seals') >++ >++ sel.arc_cv = 'none' >++ sel.arc_idx = 1 >++ sel.no_cache = true >++ sel.sign_type = 'arc-sign' >++ >++ if arc_seals then >++ sel.arc_idx = #arc_seals + 1 >++ >++ if task:has_symbol(arc_symbols.allow) then >++ sel.arc_cv = 'pass' >++ else >++ sel.arc_cv = 'fail' >++ end >++ end >++end >++ >+ local function do_sign(task, p) >++ if p.alg and p.alg ~= 'rsa' then >++ -- No support for ed25519 keys >++ return >++ end >++ >++ prepare_arc_selector(task, p) >++ >+ if settings.check_pubkey then >+ local resolve_name = p.selector .. "._domainkey." .. p.domain >+ task:get_resolver():resolve_txt({ >+@@ -558,38 +581,21 @@ local function sign_error(task, msg) >+ end >+ >+ local function arc_signing_cb(task) >+- local arc_seals = task:cache_get('arc-seals') >+- >+ local ret, selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings) >+ >+ if not ret then >+ return >+ end >+ >+- -- TODO: support multiple signatures here >+- local p = selectors[1] >+- >+- p.arc_cv = 'none' >+- p.arc_idx = 1 >+- p.no_cache = true >+- p.sign_type = 'arc-sign' >+- >+- if arc_seals then >+- p.arc_idx = #arc_seals + 1 >+- >+- if task:has_symbol(arc_symbols.allow) then >+- p.arc_cv = 'pass' >+- else >+- p.arc_cv = 'fail' >+- end >+- end >+- >+ if settings.use_redis then >+ dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) >+ else >+ if selectors.vault then >+ dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error) >+ else >++ -- TODO: no support for multiple sigs >++ local p = selectors[1] >++ prepare_arc_selector(task, p) >+ if ((p.key or p.rawkey) and p.selector) then >+ if p.key then >+ p.key = lua_util.template(p.key, { >+@@ -608,10 +614,7 @@ local function arc_signing_cb(task) >+ end >+ end >+ >+- local dret, hdr = dkim_sign(task, p) >+- if dret then >+- return arc_sign_seal(task, p, hdr) >+- end >++ do_sign(task, p) >+ else >+ rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') >+ return false >+@@ -646,6 +649,8 @@ if settings.use_redis then >+ 'but module is configured to load keys from redis, disable arc signing') >+ return >+ end >++ >++ settings.redis_params = redis_params >+ end >+ >+ rspamd_config:register_symbol({ > >Property changes on: mail/rspamd/files/patch-src_plugins_lua_arc.lua >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: mail/rspamd/files/patch-src_plugins_lua_ratelimit.lua >=================================================================== >--- mail/rspamd/files/patch-src_plugins_lua_ratelimit.lua (nonexistent) >+++ mail/rspamd/files/patch-src_plugins_lua_ratelimit.lua (working copy) >@@ -0,0 +1,11 @@ >+--- src/plugins/lua/ratelimit.lua.orig 2019-05-13 13:23:04 UTC >++++ src/plugins/lua/ratelimit.lua >+@@ -594,7 +594,7 @@ local function ratelimit_cb(task) >+ if data[1] == 1 then >+ -- set symbol only and do NOT soft reject >+ if settings.symbol then >+- task:insert_result(settings.symbol, 0.0, >++ task:insert_result(settings.symbol, 1.0, >+ string.format('%s(%s)', lim_name, lim_key)) >+ rspamd_logger.infox(task, >+ 'set_symbol_only: ratelimit "%s(%s)" exceeded, (%s / %s): %s (%s:%s dyn); redis key: %s', > >Property changes on: mail/rspamd/files/patch-src_plugins_lua_ratelimit.lua >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=204383">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 237905
: 204383