From f7b3aad8316abe8fb5ac987c09656d888c847558 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Wed, 19 Oct 2022 17:53:32 +0200
Subject: [PATCH] Ensure we REJECT when we don't have a DMARC policy

This restores the old behaviour
---
 core/rspamd/conf/force_actions.conf | 7 +++++++
 core/rspamd/conf/multimap.conf      | 5 +++++
 2 files changed, 12 insertions(+)
 create mode 100644 core/rspamd/conf/force_actions.conf
 create mode 100644 core/rspamd/conf/multimap.conf

diff --git a/core/rspamd/conf/force_actions.conf b/core/rspamd/conf/force_actions.conf
new file mode 100644
index 00000000..64c992c4
--- /dev/null
+++ b/core/rspamd/conf/force_actions.conf
@@ -0,0 +1,7 @@
+rules {
+  WHITELIST_EXCEPTION {
+    action = "reject";
+    expression = "(AUTH_NA|BLACKLIST_ANTISPOOF) & IS_LOCAL_DOMAIN";
+    message = "Rejected (anti-spoofing)";
+  }
+}
diff --git a/core/rspamd/conf/multimap.conf b/core/rspamd/conf/multimap.conf
new file mode 100644
index 00000000..dd2ffa61
--- /dev/null
+++ b/core/rspamd/conf/multimap.conf
@@ -0,0 +1,5 @@
+IS_LOCAL_DOMAIN {
+  type = "from";
+  filter = "email:domain";
+  map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
+}