2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
main
bors[bot] 2 years ago committed by GitHub
commit db2a490256
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,17 +1,17 @@
rules { rules {
ANTISPOOF_NOAUTH { ANTISPOOF_NOAUTH {
action = "reject"; action = "reject";
expression = "!MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))"; expression = "!IS_LOCALLY_GENERATED & !MAILLIST & ((IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)))";
message = "Rejected (anti-spoofing: noauth). Please setup DMARC with DKIM or SPF if you want to send emails from your domain from other servers."; message = "Rejected (anti-spoofing: noauth). Please setup DMARC with DKIM or SPF if you want to send emails from your domain from other servers.";
} }
ANTISPOOF_DMARC_ENFORCE_LOCAL { ANTISPOOF_DMARC_ENFORCE_LOCAL {
action = "reject"; action = "reject";
expression = "!MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)"; expression = "!IS_LOCALLY_GENERATED & !MAILLIST & (IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE | DMARC_NA)";
message = "Rejected (anti-spoofing: DMARC compliance is enforced for local domains, regardless of the policy setting)"; message = "Rejected (anti-spoofing: DMARC compliance is enforced for local domains, regardless of the policy setting)";
} }
ANTISPOOF_AUTH_FAILED { ANTISPOOF_AUTH_FAILED {
action = "reject"; action = "reject";
expression = "!MAILLIST & BLACKLIST_ANTISPOOF"; expression = "!IS_LOCALLY_GENERATED & !MAILLIST & BLACKLIST_ANTISPOOF";
message = "Rejected (anti-spoofing: auth-failed)"; message = "Rejected (anti-spoofing: auth-failed)";
} }
} }

@ -0,0 +1,2 @@
{{ SUBNET }}
{{ SUBNET6 }}

@ -10,6 +10,11 @@ IS_LOCAL_DOMAIN_E {
map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains"; map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
} }
IS_LOCALLY_GENERATED {
type = "ip"
map = ["/etc/rspamd/local.d/local_subnet.map"];
}
FORBIDDEN_FILE_EXTENSION { FORBIDDEN_FILE_EXTENSION {
type = "filename"; type = "filename";
filter = "extension"; filter = "extension";

@ -0,0 +1 @@
Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules
Loading…
Cancel
Save