|
|
| |
opendkim-lua(3) |
FreeBSD Library Functions Manual |
opendkim-lua(3) |
opendkim-lua - Programming the OpenDKIM filter using Lua scripts
The OpenDKIM filter has hooks to run user-provided scripts for making policy
decisions regarding signatures to add on outbound messages or verification and
acceptance of messages inbound. The hooks take the form of multiple Lua
scripts which, if defined, are run at important points during processing of a
message.
For a full description of the Lua language, consult Lua
programming references (see below for a starting point). This man page only
describes the use of Lua in the context of OpenDKIM, specifically the
functions and global variables OpenDKIM provides for use in user-constructed
scripts beyond what Lua provides by default.
Unless otherwise noted, all functions described below return a
single result; on success they return the requested data, and on error they
return the Lua constant "nil".
Four scripting hooks are provided. They are as follows:
- setup
- The setup script is run after all headers for the message have been
received but before any DKIM operations have started. At this point the
user can examine the available header fields to decide whether the message
should be signed or verified (or both) and, if signing, which key(s)
should be used to add signatures and which signature features are
desired.
- screen
- The screen script is run after the DKIM verification context has been
established. The main purpose of this script is to give the user an
opportunity to examine the message header fields compared to the available
DKIM signatures and determine which, if any, should be ignored during
verification. For example, the user might decide only signatures added by
domains exactly matching that in the From: domain are acceptable, and the
rest should be ignored.
- statistics
- The statistics script is run after all of the DKIM verification and
signing work has been completed but before any final message handling is
done. The main purpose of this script is to give the user an opportunity
to examine the message or its signatures and make arbitrary additional
statistical observations that should be recorded by the statistics module.
(Experimental feature not enabled for this installation.)
- final
- The final script is run after all of the DKIM verification and signing
work has been completed. The user has an opportunity to examine the
results of all of the signature evaluations and make a decision about
whether or not the message should be accepted, rejected, discarded,
quarantined, etc. If the message is accepted, any signatures requested
earlier will be added to the messages before it is released.
The following global variable(s) are provided for all user scripts:
- ctx
- This is a generic context pointer referring to the context in which the
filtering operation is being performed. It represents a single message in
progress, and the connection that accepted it.
These functions are made available to Lua for processing a message through the
setup script:
- odkim.check_popauth(ctx)
- Returns 1 if the SMTP client represented by ctx is coming from an
IP address found in the POPAUTH database (if enabled and configured), and
0 otherwise. Returns the Lua constant "nil" if the POPAUTH
database is not enabled or not configured.
- odkim.db_check(db, string)
- Returns 1 if db refers to a valid database handle (see
odkim.get_dbhandle() below) and string is found in that
database, and 0 otherwise. If an error occurs, the Lua constant
"nil" is returned.
- odkim.db_close(db)
- Closes the specified data set. Returns 1. The current implementation will
conduct data set garbage collection when the script terminates, so this is
not strictly necessary, but is recommended.
- odkim.db_open(name[, icase])
- Opens the data set specified by name. If icase is provided
and is "true", then queries into the database will be
case-insensitive. See the opendkim(8) man page for information on
specifying a data set. On success, returns a handle that can be passed to
odkim.db_check(); raises an exception on failure.
- odkim.export(ctx, name, value[, name2, value2[, ...]])
- Exports variables named with their corresponding values so that they will
be available to later scripts.
- odkim.get_clienthost(ctx)
- Returns the name of the host on the other end of the SMTP connection
sending the current message. This is usually a hostname, but might be an
IP address in square brackets if the SMTP client's IP address does not
have a name associated with it.
- odkim.get_clientip(ctx)
- Returns the IP address of the client on the other end of the SMTP
connection sending the current message as a string. Both IPv4 and IPv6
addresses are supported.
- odkim.get_dbhandle(ctx, db)
- Returns a handle for the requested database that can be used in later
queries. The value of db should be one of DB_MTAS (database
of MTA names whose mail should be signed), DB_MACROS (database of
MTA macro checks to be done when determining signing), DB_DOMAINS
(database of domains to be signed), DB_SIGNINGTABLE (database of
signing table entries), DB_THIRDPARTY (database of third party
signatures to be trusted) and DB_DONTSIGNTO (database of recipients
whose mail should not be signed). If the requested database is not set in
the current configuration file, a Lua "nil" is returned.
- odkim.get_envfrom(ctx)
- Retrieves the SMTP envelope sender address for the message represented by
ctx.
- odkim.get_fromdomain(ctx)
- Retrieves the domain name of the sender of the message represented by
ctx.
- odkim.get_header(ctx, name, n)
- Retrieves the string contained in instance n of the header field
called name from the message represented by ctx, or the Lua
constant "nil" if there was no such header field. Header field
numbering starts at 0, so use 0 for the first instance, 1 for the second,
etc. For example:
fromaddr = odkim.get_header(ctx, "From", 0)
This will return the value of the first (and hopefully only)
"From" header field. Negative values of n count
backwards from the end of the set of header fields, so:
rcvd = odkim.get_header(ctx, "Received", -2)
will retrieve the second-last Received: header field on the
message.
- odkim.get_mtasymbol(ctx, name)
- Retrieves the value of the symbol called name from the MTA
connection represented by ctx, or the Lua constant "nil"
if the requested symbol was not available at the time of the request.
- odkim.get_rcpt(ctx, n)
- Returns the nth envelope recipient for the message represented by
ctx. Recipient numbering starts at 0, so for the first recipient,
use 0 for n. If n references an out-of-range value, the Lua
constant "nil" is returned.
- odkim.get_rcptarray(ctx)
- Returns the envelope recipients for the message represented by ctx
in a single Lua array.
- odkim.internal_ip(ctx)
- Returns 1 if the SMTP client is coming from an internal IP address, and 0
otherwise.
- odkim.log(ctx, log)
- Logs the string log if the current configuration requested logging.
(Checking current configuration is why the ctx parameter is
required.)
- odkim.rcpt_count(ctx)
- Returns the count of envelope recipients on the message.
- odkim.replace_header(ctx, name, n, newval)
- Retrieves the value of in instance n of header field name in
the message referenced by ctx and replaces it with the string in
newval. See odkim.get_header() above for more information
about possible parameter values for n. Note that this only changes
the content of the header field used when generating or verifying the
signature; the actual delivered message is not modified. This can be used
to anticipate how an intermediate mail transfer agent might alter the
message, thus correcting an avoidable signature invalidation.
- odkim.resign(ctx)
- Arranges that the arriving message will be verified and then re-signed in
a single operation. Returns 1 on success or the Lua constant
"nil" on failure.
- odkim.set_result(ctx, result)
- Arranges to have the MTA return a specific result code in response to the
message represented by ctx. The value of result must be one
of SMFIS_TEMPFAIL (temporary failure/rejection),
SMFIS_ACCEPT (accept without further processing),
SMFIS_DISCARD (accept but discard the message) and
SMFIS_REJECT (permanent failure/rejection). Returns 1 on success or
the Lua constant "nil" on failure. Note that returning any of
these codes indicates a final message disposition; the MTA will be told
immediately to take the specified action, and no further filter processing
will occur.
- odkim.sign(ctx[, keyname[, signer[, signlen]]])
- Requests that the filter sign the message represented by ctx using
the specified keyname. The key name will be translated into an
actual domain, selector and private key via a query to the KeyTable (see
the opendkim.conf(5) page for details). The keyname may be
omitted if the KeyTable is not defined, meaning the single signing domain,
selector and key should be used to sign. Returns 1 on success and 0 on
failure. If a signer is specified, the string there will be
included in the generated signature's "i=" tag. If a
signlen is specified, the signature will cover that many bytes of
the message body. The order of these last two parameters is
interchangeable.
- odkim.signfor(ctx, address[, multi])
- Applies whatever signatures would be applied by default if the candidate
message had the specified address in the message's From: field. The
multi parameter, if "true" (default is
"false"), allows the application of multiple signatures. Returns
the number of signatures applied, which may be zero.
- odkim.spam(ctx)
- Tags the message as spam, for use in developing reputation about domains
that signed the message. Returns nothing. (Experimental feature not
enabled for this installation.)
- odkim.use_ltag(ctx)
- Requests that all signatures added to the message represented by
ctx include "l=" (body length) tags. Always returns the
Lua constant "nil".
- odkim.verify(ctx)
- Requests that the message represented by ctx be subjected to DKIM
signature verification. Returns the Lua constant "nil" on
success, or an error string on failure.
- odkim.xtag(ctx, tag, value)
- Requests that all signatures added to the message represented by
ctx include the named extension tag and value.
Returns the number of signatures successfully modified, or -1 on error. An
error can occur if the named tag is one already explicitly supported by
the DKIM library, or if there is a syntax error in the tag or value.
The screen script has the following functions available to it, whose
descriptions can be found above: odkim.db_check, odkim.db_close,
odkim.db_open, odkim.export, odkim.get_dbhandle,
odkim.get_envfrom, odkim.get_fromdomain,
odkim.get_header, odkim.get_mtasymbol, odkim.get_rcpt,
odkim.get_rcptarray, odkim.log, odkim.rcpt_count, and
odkim.spam.
The following additional functions are provided for this
script:
- odkim.get_sigarray(ctx)
- Returns the complete set of signature handles found in the message
represented by ctx, as a Lua array, or the Lua constant
"nil" in case of an error.
- odkim.get_sigcount(ctx)
- Returns the number of signatures found in the message represented by
ctx, or the Lua constant "nil" in case of an error.
- odkim.get_sighandle(ctx, n)
- Returns a handle representing an internal copy of the nth signature
found on the message represented by ctx. n must be a number
greater than or equal to zero (representing the first signature) and less
than the number of signatures on the message, which can be determined
using odkim.get_sigcount above. The requested handle is returned on
success, or the Lua constant "nil" is returned on failure.
- odkim.parse_field(string)
- Parses the contents of a header field, provided as string, into
user and domain parts, discarding whitespace and comment components.
Returns two strings, the user part and the domain part, or the Lua
constant "nil" in case of a parsing error.
- odkim.sig_getdomain(sig)
- Returns the name of the domain in the signature handle specified by
sig, previously returned by a call to odkim.get_sighandle().
This is taken from the signature's "d=" tag.
- odkim.sig_getidentity(sig)
- Returns the identity of the agent adding the signature handle specified by
sig, previously returned by a call to odkim.get_sighandle().
This is taken from the signature's "i=" tag. This may be a
default value and not one that was explicitly part of the signature. If
the identity could not be determined, the Lua constant "nil" is
returned.
- odkim.sig_ignore(sig)
- Instructs the verification code to ignore completely the signature
specified by sig, previously returned by a call to
odkim.get_sighandle(). Any pending verification of the message will
act as if that signature was not present on the message. Always returns
the Lua constant "nil".
The statistics script has the following functions available to it, whose
descriptions can be found above: odkim.export,
odkim.get_envfrom, odkim.get_header, odkim.get_mtasymbol,
odkim.get_rcpt, odkim.get_rcptarray, odkim.get_sigarray,
odkim.get_sigcount, odkim.get_sighandle, odkim.log,
odkim.parse_field, odkim.rcpt_count, odkim.sig_getdomain,
odkim.sig_getidentity, and odkim.spam.
The following functions are also available, defined in the next
section: odkim.rbl_check, odkim.rcpt_count,
odkim.sig_bhresult, odkim.sig_bodylength,
odkim.sig_canonlength, and odkim.sig_result.
The following additional function is provided for this script:
- odkim.stats(ctx, name, value)
- Records the additional statistic called name with its associated
value for the message represented by ctx.
The final script has the following functions available to it, whose descriptions
can be found above: odkim.get_clienthost, odkim.get_clientip,
odkim.get_envfrom, odkim.get_fromdomain,
odkim.get_header, odkim.get_mtasymbol, odkim.get_rcpt,
odkim.get_rcptarray, odkim.get_sigarray,
odkim.get_sigcount, odkim.get_sighandle, odkim.log,
odkim.parse_field, odkim.rcpt_count, odkim.set_result,
odkim.sig_getdomain, odkim.sig_getidentity, odkim.spam,
and odkim.xtags.
The following additional functions are provided for this
script:
- odkim.add_header(ctx, name, value)
- Adds a new header field called name with the specified value
to the message represented by ctx. Returns 1 on success, or the Lua
constant "nil" on failure.
- odkim.add_rcpt(ctx, addr)
- Adds addr as an envelope recipient to the message represented by
ctx. Returns 1 on success, or the Lua constant "nil" on
failure.
- odkim.del_header(ctx, name, n)
- Deletes the nth instance (starting from 0) of the header field
called name from the message represented by ctx. Returns 1
on success, or the Lua constant "nil" on failure.
- odkim.del_rcpt(ctx, addr)
- Deletes addr from the list of envelope recipients on the message
represented by ctx, and adds a new X-Original-Recipient: header
field containing the deleted address. Returns 1 on success, or the Lua
constant "nil" on failure.
- odkim.quarantine(ctx, reason)
- Asks the MTA to quarantine the message represented by ctx using
reason as a text string indicating the reason for the request.
Returns 1 on success or the Lua constant "nil" on failure.
- odkim.rbl_check(ctx, query, qroot[, timeout])
- Makes an RBL query. The root of the RBL is assumed to be at qroot
and the subject of the query is query, so the query performed will
be query.qroot . The context handle ctx must also be
provided as it contains a handle to the established DNS service. The
optional timeout parameter is the timeout to use, in seconds.
Returns "nil" on error, no values if the requested record was
not present in the RBL, or the four octets of the RBL entry if it was. The
octets are returned in big-endian order. (Experimental feature not enabled
for this installation.)
- odkim.set_reply(ctx, rcode, xcode, message)
- Instructs the MTA to return the specified SMTP reply to the client sending
the message represented by ctx. rcode must be a three-digit
SMTP reply code starting with 4 or 5 (for temporary or permanent failures,
respectively); xcode must be the empty string or a valid extended
reply code (see RFC2034) matching rcode; and message must be
the text portion of the SMTP reply to be sent. Returns 1 on success or the
Lua constant "nil" on failure.
- odkim.sig_bhresult(sig)
- Returns the result code corresponding to the body hash evaluation of the
signature handled specified by sig, previously returned by a call
to odkim.get_sighandle(). Valid values are the DKIM_SIGBH_*
constants defined in the libopendkim header file
dkim.h.
- odkim.sig_bodylength(sig)
- Returns the total length of the message signed by sig, previously
returned by a call to odkim.get_sighandle(), or the Lua constant
"nil" if this value could not be determined.
- odkim.sig_canonlength(sig)
- Returns the canonicalized length of the message signed by sig,
previously returned by a call to odkim.get_sighandle(), or the Lua
constant "nil" if this value could not be determined. Note that
this may be less than the value returned by odkim.get_bodylength()
if the signature only covered part of the message.
- odkim.sig_result(sig)
- Returns the result code corresponding to the signature handled specified
by sig, previously returned by a call to
odkim.get_sighandle(). Valid values are the constants with
DKIM_SIGERROR_ prefixes as defined in the libopendkim header file
dkim.h.
This man page covers version 2.10.3 of OpenDKIM.
Copyright (c) 2009-2014, The Trusted Domain Project. All rights reserved.
opendkim(8), opendkim.conf(5)
Lua -- http://www.lua.org
Visit the GSP FreeBSD Man Page Interface. Output converted with ManDoc. |