byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
012a7a4918
qpsmtpd/plugins/sender_permitted_from

263 lines
8.0 KiB
Plaintext
Raw Normal View History

Fix 01-syntax test failures Exclude some tests with dependencies. Remove -T from perl line in plugins This makes it harder to test with PERL5LIB/perlbrew etc
2012-04-29 10:35:59 +02:00
#!perl -w
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=head1 NAME
SPF: add more log messages
2012-06-25 08:55:02 +02:00
SPF - implement Sender Permitted From
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=head1 SYNOPSIS
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
Prevents email sender address spoofing by checking the SPF policy of the purported senders domain.
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
SPF: add pod, documenting spf_pass_host note
2013-04-20 22:25:04 +02:00
Sets the transaction note spf_pass_host if the SPF result is pass.
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 DESCRIPTION
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
SPF: add more log messages
2012-06-25 08:55:02 +02:00
Sender Policy Framework (SPF) is an email validation system designed to prevent source address spoofing. SPF allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific SPF record in the public DNS. Mail exchangers then use the DNS to verify that mail is being sent by a host sanctioned by a given domain administrators. -- http://en.wikipedia.org/wiki/Sender_Policy_Framework
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
The results of a SPF query are stored in a transaction note named 'spfquery';
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 CONFIGURATION
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
In config/plugins, add arguments to the sender_permitted_from line.
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
sender_permitted_from reject 3
=head2 reject
Set to a value between 1 and 6 to enable the following SPF behaviors:
1 annotate-only, add Received-SPF header, no rejections.
2 defer on DNS failures. Assure there's always a meaningful SPF header.
3 rejected if SPF record says 'fail'
4 stricter reject. Also rejects 'softfail'
5 reject 'neutral'
6 reject if no SPF records, or a syntax error
Most sites should start at level 3. It temporarily defers connections (4xx) that have soft SFP failures and only rejects (5xx) messages when the sending domains policy suggests it.
SPF: add more log messages
2012-06-25 08:55:02 +02:00
SPF levels above 4 are for crusaders who don't mind rejecting some valid mail when the sending server administrator hasn't dotted his i's and crossed his t's. May the deities bless their obsessive little hearts.
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
=head1 SEE ALSO
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
http://spf.pobox.com/
http://en.wikipedia.org/wiki/Sender_Policy_Framework
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF: add trans. note spf_pass_host if SPF=pass
2013-04-20 22:23:05 +02:00
=head1 TODO
Check the scope of the SPF policy. If it's too broad (ie, the whole internet is valid), apply karma penalty
Examples of too broad: +all,
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
=head1 ACKNOWLDGEMENTS
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
The reject options are modeled after, and aim to match the functionality of those found in the SPF patch for qmail-smtpd.
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-28 01:00:52 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 AUTHOR
SPF: add trans. note spf_pass_host if SPF=pass
2013-04-20 22:23:05 +02:00
Matt Simerson - 2012 - increased policy options from 3 to 6
Matt Simerson - 2011 - rewrote using Mail::SPF
Matt Sergeant - 2003 - initial plugin
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=cut
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
use strict;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
use warnings;
#use Mail::SPF 2.000; # eval'ed in ->register
POD corrections, additional tests, plugin consistency on files in plugins dir: fixed a number of POD errors formatted some # comments into POD removed bare 1; (these are plugins, not perl modules) most instances of this were copy/pasted from a previous plugin that had it removed instances of # vim ts=N ... they weren't consistent, many didn't match .perltidyrc on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;' Conflicts: plugins/async/check_earlytalker plugins/async/dns_whitelist_soft plugins/async/dnsbl plugins/async/queue/smtp-forward plugins/async/require_resolvable_fromhost plugins/async/rhsbl plugins/async/uribl plugins/auth/auth_checkpassword plugins/auth/auth_cvm_unix_local plugins/auth/auth_flat_file plugins/auth/auth_ldap_bind plugins/auth/auth_vpopmail plugins/auth/auth_vpopmail_sql plugins/auth/authdeny plugins/check_badmailfromto plugins/check_badrcptto_patterns plugins/check_bogus_bounce plugins/check_earlytalker plugins/check_norelay plugins/check_spamhelo plugins/connection_time plugins/dns_whitelist_soft plugins/dnsbl plugins/domainkeys plugins/greylisting plugins/hosts_allow plugins/http_config plugins/logging/adaptive plugins/logging/apache plugins/logging/connection_id plugins/logging/transaction_id plugins/logging/warn plugins/milter plugins/queue/exim-bsmtp plugins/queue/maildir plugins/queue/postfix-queue plugins/queue/smtp-forward plugins/quit_fortune plugins/random_error plugins/rcpt_map plugins/rcpt_regexp plugins/relay_only plugins/require_resolvable_fromhost plugins/rhsbl plugins/sender_permitted_from plugins/spamassassin plugins/tls plugins/tls_cert plugins/uribl plugins/virus/aveclient plugins/virus/bitdefender plugins/virus/clamav plugins/virus/clamdscan plugins/virus/hbedv plugins/virus/kavscanner plugins/virus/klez_filter plugins/virus/sophie plugins/virus/uvscan
2012-04-08 02:11:16 +02:00
use Qpsmtpd::Constants;
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
sub register {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my ($self, $qp, %args) = @_;
initial import - based on my qpsmtpd fork which will merge into the main branch fairly easily
2012-06-22 11:38:01 +02:00
eval 'use Mail::SPF';
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($@) {
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
warn "skip: plugin disabled, is Mail::SPF installed?\n";
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->log(LOGERROR, "skip: plugin disabled, is Mail::SPF installed?");
return;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
$self->{_args} = {%args};
if ($self->{_args}{spf_deny}) {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->{_args}{reject} = 3 if $self->{_args}{spf_deny} == 1;
$self->{_args}{reject} = 4 if $self->{_args}{spf_deny} == 2;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
if (!$self->{_args}{reject} && $self->qp->config('spfbehavior')) {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->{_args}{reject} = $self->qp->config('spfbehavior');
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
$self->register_hook('mail', 'mail_handler');
$self->register_hook('data_post', 'data_post_handler');
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
}
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
sub mail_handler {
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my ($self, $transaction, $sender, %param) = @_;
updated plugins to use QP::Plugins::is_immune
2012-06-03 03:44:46 +02:00
return (DECLINED) if $self->is_immune();
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my $format = $sender->format;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($format eq '<>' || !$sender->host || !$sender->user) {
$self->log(LOGINFO, "skip, null sender");
spf plugin, added logging
2012-05-07 09:36:02 +02:00
return (DECLINED, "SPF - null sender");
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
suppress log error when $user unset test for and return earlier when a null sender is encountered. Prevents using an undefined variable.
2012-04-08 04:03:30 +02:00
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
my $from = $sender->user . '@' . lc($sender->host);
my $helo = $self->qp->connection->hello_host;
my $scope = $from ? 'mfrom' : 'helo';
my %req_params = (
versions => [1, 2], # optional
scope => $scope,
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
ip_address => $self->qp->connection->remote_ip,
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
);
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
if ($scope =~ /^mfrom|pra$/) {
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$req_params{identity} = $from;
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$req_params{helo_identity} = $helo if $helo;
}
elsif ($scope eq 'helo') {
$req_params{identity} = $helo;
$req_params{helo_identity} = $helo;
}
my $spf_server = Mail::SPF::Server->new();
my $request = Mail::SPF::Request->new(%req_params);
SPF: add more log messages
2012-06-25 08:55:02 +02:00
my $result = $spf_server->process($request) or do {
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "fail, no result");
SPF: add more log messages
2012-06-25 08:55:02 +02:00
return DECLINED;
};
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$transaction->notes('spfquery', $result);
my $code = $result->code;
my $why = $result->local_explanation;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my $reject = $self->{_args}{reject};
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if (!$code) {
$self->log(LOGINFO, "fail, no response");
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - no response") if $reject >= 2;
return (DECLINED, "SPF - no response");
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
added Authentication-Results header, with provider dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-05-01 09:35:49 +02:00
$self->store_auth_results("spf=$code smtp.mailfrom=".$sender->host);
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
if ($code eq 'pass') {
$self->adjust_karma(1);
$transaction->notes('spf_pass_host', lc $sender->host);
added Authentication-Results header, with provider dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-05-01 09:35:49 +02:00
$self->log(LOGINFO, "pass, $why");
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
return (DECLINED);
}
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if (!$reject) {
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$self->log(LOGINFO, "skip, tolerated ($code: $why)");
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
return (DECLINED, "SPF - $code: $why");
}
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-28 01:00:52 +02:00
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
# SPF result codes: pass fail softfail neutral none error permerror temperror
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return $self->handle_code_none($reject, $why) if $code eq 'none';
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
return $self->handle_code_fail($reject, $why) if $code eq 'fail';
return $self->handle_code_softfail($reject, $why) if $code eq 'softfail';
if ($code eq 'neutral') {
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
if ($reject >= 5 ) {
$self->log(LOGINFO, "fail, $code, $why");
return (DENY, "SPF - $code: $why");
};
$self->log(LOGINFO, "fail, tolerated, $code, $why");
return (DECLINED);
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
}
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
if ($code =~ /(?:permerror|error)/ ) {
$self->log(LOGINFO, "fail, $code, $why") if $reject > 3;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
return (DENY, "SPF - $code: $why") if $reject >= 6;
added karma awards for SPF pass/fail
2013-03-25 06:48:40 +01:00
return (DENYSOFT, "SPF - $code: $why") if $reject > 3;
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
$self->log(LOGINFO, "fail, tolerated, $code, $why");
return (DECLINED);
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
}
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
if ($code eq 'temperror') {
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "fail, $code, $why");
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - $code: $why") if $reject >= 2;
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
$self->log(LOGINFO, "fail, tolerated, $code, $why");
return (DECLINED);
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
}
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "SPF from $from was $code: $why");
return (DECLINED);
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
sub handle_code_none {
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
SPF: more logging additions
2012-06-28 01:36:58 +02:00
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($reject >= 6) {
$self->log(LOGINFO, "fail, none, $why");
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return (DENY, "SPF - none: $why");
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$self->log(LOGINFO, "skip, tolerated, none, $why");
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return DECLINED;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
sub handle_code_fail {
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
SPF: more logging additions
2012-06-28 01:36:58 +02:00
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$self->adjust_karma(-1);
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($reject >= 2) {
$self->log(LOGINFO, "fail, $why");
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return (DENY, "SPF - forgery: $why") if $reject >= 3;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
return (DENYSOFT, "SPF - fail: $why");
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$self->log(LOGINFO, "fail, tolerated, $why");
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return DECLINED;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
sub handle_code_softfail {
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
SPF: more logging additions
2012-06-28 01:36:58 +02:00
SPF: arrage flow so if a pass result is possible, we will get it and set the note for DMARC plugin
2013-04-24 09:09:02 +02:00
$self->adjust_karma(-1);
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($reject >= 3) {
$self->log(LOGINFO, "fail, soft, $why");
return (DENY, "SPF - fail: $why") if $reject >= 4;
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return (DENYSOFT, "SPF - fail: $why") if $reject >= 3;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
SPF: added more precise disposition logs, so that postprocess can determine if a SPF failure caused a rejection
2013-04-24 22:18:22 +02:00
$self->log(LOGINFO, "fail, tolerated, soft, $why");
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return DECLINED;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
sub data_post_handler {
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my ($self, $transaction) = @_;
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my $result = $transaction->notes('spfquery') or return DECLINED;
default the header to "unknown" git-svn-id: https://svn.perl.org/qpsmtpd/trunk@164 958fd67b-6ff1-0310-b445-bb7760255be9
2003-07-08 05:12:04 +02:00
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
# if we skipped processing in mail_handler, we should skip here too
SPF: add trans. note spf_pass_host if SPF=pass
2013-04-20 22:23:05 +02:00
return (DECLINED) if $self->is_immune();
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$self->log(LOGDEBUG, "result was $result->code");
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if (!$transaction->header) {
initial import - based on my qpsmtpd fork which will merge into the main branch fairly easily
2012-06-22 11:38:01 +02:00
$self->log(LOGERROR, "missing headers!");
return DECLINED;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
initial import - based on my qpsmtpd fork which will merge into the main branch fairly easily
2012-06-22 11:38:01 +02:00
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
$transaction->header->add('Received-SPF', $result->received_spf_header, 0);
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
return DECLINED;
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
}
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
sub is_special_recipient {
my ($self, $rcpt) = @_;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if (!$rcpt) {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->log(LOGINFO, "skip: missing recipient");
return 1;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
if (!$rcpt->user) {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->log(LOGINFO, "skip: missing user");
return 1;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
# special addresses don't get SPF-tested.
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
if ($rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i) {
$self->log(LOGINFO, "skip: special user (" . $rcpt->user . ")");
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return 1;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return;
find plugins -type f -exec perltidy -b {} \;
2013-04-21 06:50:39 +02:00
}
Reference in New Issue Copy Permalink