byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6bea1ebd50
qpsmtpd/plugins/sender_permitted_from

260 lines
8.0 KiB
Plaintext
Raw Normal View History

Fix 01-syntax test failures Exclude some tests with dependencies. Remove -T from perl line in plugins This makes it harder to test with PERL5LIB/perlbrew etc
2012-04-29 10:35:59 +02:00
#!perl -w
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=head1 NAME
SPF: add more log messages
2012-06-25 08:55:02 +02:00
SPF - implement Sender Permitted From
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=head1 SYNOPSIS
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
Prevents email sender address spoofing by checking the SPF policy of the purported senders domain.
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 DESCRIPTION
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
SPF: add more log messages
2012-06-25 08:55:02 +02:00
Sender Policy Framework (SPF) is an email validation system designed to prevent source address spoofing. SPF allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific SPF record in the public DNS. Mail exchangers then use the DNS to verify that mail is being sent by a host sanctioned by a given domain administrators. -- http://en.wikipedia.org/wiki/Sender_Policy_Framework
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
The results of a SPF query are stored in a transaction note named 'spfquery';
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 CONFIGURATION
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
In config/plugins, add arguments to the sender_permitted_from line.
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
sender_permitted_from reject 3
=head2 reject
Set to a value between 1 and 6 to enable the following SPF behaviors:
1 annotate-only, add Received-SPF header, no rejections.
2 defer on DNS failures. Assure there's always a meaningful SPF header.
3 rejected if SPF record says 'fail'
4 stricter reject. Also rejects 'softfail'
5 reject 'neutral'
6 reject if no SPF records, or a syntax error
Most sites should start at level 3. It temporarily defers connections (4xx) that have soft SFP failures and only rejects (5xx) messages when the sending domains policy suggests it.
SPF: add more log messages
2012-06-25 08:55:02 +02:00
SPF levels above 4 are for crusaders who don't mind rejecting some valid mail when the sending server administrator hasn't dotted his i's and crossed his t's. May the deities bless their obsessive little hearts.
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
=head1 SEE ALSO
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
http://spf.pobox.com/
http://en.wikipedia.org/wiki/Sender_Policy_Framework
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
=head1 ACKNOWLDGEMENTS
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
The reject options are modeled after, and aim to match the functionality of those found in the SPF patch for qmail-smtpd.
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-28 01:00:52 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
=head1 AUTHOR
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
Matt Simerson - 2012 - increased policy options from 3 to 6
SPF: POD formatting fix
2013-04-15 03:42:42 +02:00
spf plugin, added logging
2012-05-07 09:36:02 +02:00
Matt Simerson - 2011 - rewrote using Mail::SPF
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
spf plugin, added logging
2012-05-07 09:36:02 +02:00
Matt Sergeant - 2003 - initial plugin
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
=cut
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
use strict;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
use warnings;
#use Mail::SPF 2.000; # eval'ed in ->register
POD corrections, additional tests, plugin consistency on files in plugins dir: fixed a number of POD errors formatted some # comments into POD removed bare 1; (these are plugins, not perl modules) most instances of this were copy/pasted from a previous plugin that had it removed instances of # vim ts=N ... they weren't consistent, many didn't match .perltidyrc on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;' Conflicts: plugins/async/check_earlytalker plugins/async/dns_whitelist_soft plugins/async/dnsbl plugins/async/queue/smtp-forward plugins/async/require_resolvable_fromhost plugins/async/rhsbl plugins/async/uribl plugins/auth/auth_checkpassword plugins/auth/auth_cvm_unix_local plugins/auth/auth_flat_file plugins/auth/auth_ldap_bind plugins/auth/auth_vpopmail plugins/auth/auth_vpopmail_sql plugins/auth/authdeny plugins/check_badmailfromto plugins/check_badrcptto_patterns plugins/check_bogus_bounce plugins/check_earlytalker plugins/check_norelay plugins/check_spamhelo plugins/connection_time plugins/dns_whitelist_soft plugins/dnsbl plugins/domainkeys plugins/greylisting plugins/hosts_allow plugins/http_config plugins/logging/adaptive plugins/logging/apache plugins/logging/connection_id plugins/logging/transaction_id plugins/logging/warn plugins/milter plugins/queue/exim-bsmtp plugins/queue/maildir plugins/queue/postfix-queue plugins/queue/smtp-forward plugins/quit_fortune plugins/random_error plugins/rcpt_map plugins/rcpt_regexp plugins/relay_only plugins/require_resolvable_fromhost plugins/rhsbl plugins/sender_permitted_from plugins/spamassassin plugins/tls plugins/tls_cert plugins/uribl plugins/virus/aveclient plugins/virus/bitdefender plugins/virus/clamav plugins/virus/clamdscan plugins/virus/hbedv plugins/virus/kavscanner plugins/virus/klez_filter plugins/virus/sophie plugins/virus/uvscan
2012-04-08 02:11:16 +02:00
use Qpsmtpd::Constants;
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
sub register {
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my ($self, $qp, %args) = @_;
initial import - based on my qpsmtpd fork which will merge into the main branch fairly easily
2012-06-22 11:38:01 +02:00
eval 'use Mail::SPF';
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
if ( $@ ) {
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
warn "skip: plugin disabled, is Mail::SPF installed?\n";
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
$self->log(LOGERROR, "skip: plugin disabled, is Mail::SPF installed?");
return;
};
$self->{_args} = { %args };
if ( $self->{_args}{spf_deny} ) {
$self->{_args}{reject} = 3 if $self->{_args}{spf_deny} == 1;
$self->{_args}{reject} = 4 if $self->{_args}{spf_deny} == 2;
};
if ( ! $self->{_args}{reject} && $self->qp->config('spfbehavior') ) {
$self->{_args}{reject} = $self->qp->config('spfbehavior');
};
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
$self->register_hook('mail', 'mail_handler');
$self->register_hook('data_post', 'data_post_handler');
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
}
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
sub mail_handler {
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my ($self, $transaction, $sender, %param) = @_;
updated plugins to use QP::Plugins::is_immune
2012-06-03 03:44:46 +02:00
return (DECLINED) if $self->is_immune();
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my $format = $sender->format;
spf plugin, added logging
2012-05-07 09:36:02 +02:00
if ( $format eq '<>' || ! $sender->host || ! $sender->user ) {
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
$self->log( LOGINFO, "skip, null sender" );
spf plugin, added logging
2012-05-07 09:36:02 +02:00
return (DECLINED, "SPF - null sender");
};
suppress log error when $user unset test for and return earlier when a null sender is encountered. Prevents using an undefined variable.
2012-04-08 04:03:30 +02:00
SPF: use $conn->relay_client instead of duplicated is_in_relayclients method. Expects relay plugin to have set relay_client, a reasonable assumption.
2012-11-15 05:21:20 +01:00
if ( $self->qp->connection->relay_client ) {
$self->log( LOGINFO, "skip, relay_client" );
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DECLINED, "SPF - relaying permitted");
spf plugin, added logging
2012-05-07 09:36:02 +02:00
};
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
if ( ! $self->{_args}{reject} ) {
$self->log( LOGINFO, "skip, reject disabled" );
return (DECLINED);
};
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my $client_ip = $self->qp->connection->remote_ip;
my $from = $sender->user . '@' . lc($sender->host);
my $helo = $self->qp->connection->hello_host;
my $scope = $from ? 'mfrom' : 'helo';
my %req_params = ( versions => [1, 2], # optional
scope => $scope,
ip_address => $client_ip,
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
);
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
if ($scope =~ /^mfrom|pra$/) {
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$req_params{identity} = $from;
$req_params{helo_identity} = $helo if $helo;
}
elsif ($scope eq 'helo') {
$req_params{identity} = $helo;
$req_params{helo_identity} = $helo;
}
my $spf_server = Mail::SPF::Server->new();
my $request = Mail::SPF::Request->new(%req_params);
SPF: add more log messages
2012-06-25 08:55:02 +02:00
my $result = $spf_server->process($request) or do {
$self->log( LOGINFO, "fail, no result" );
return DECLINED;
};
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$transaction->notes('spfquery', $result);
my $code = $result->code;
my $why = $result->local_explanation;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
my $reject = $self->{_args}{reject};
if ( ! $code ) {
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log( LOGINFO, "fail, no response" );
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - no response") if $reject >= 2;
return (DECLINED, "SPF - no response");
};
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
SPF: add more log messages
2012-06-25 08:55:02 +02:00
if ( ! $reject ) {
$self->log( LOGINFO, "fail, no reject policy ($code: $why)" );
return (DECLINED, "SPF - $code: $why")
};
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-28 01:00:52 +02:00
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
# SPF result codes: pass fail softfail neutral none error permerror temperror
SPF: more logging additions
2012-06-28 01:36:58 +02:00
return $self->handle_code_none($reject, $why) if $code eq 'none';
added karma awards for SPF pass/fail
2013-03-25 06:48:40 +01:00
if ( $code eq 'fail' ) {
$self->adjust_karma( -1 );
return $self->handle_code_fail($reject, $why);
}
elsif ( $code eq 'softfail' ) {
$self->adjust_karma( -1 );
return $self->handle_code_softfail($reject, $why);
}
elsif ( $code eq 'pass' ) {
$self->adjust_karma( 1 );
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "pass, $code: $why" );
return (DECLINED);
}
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
elsif ( $code eq 'neutral' ) {
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "fail, $code, $why" );
return (DENY, "SPF - $code: $why") if $reject >= 5;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
}
elsif ( $code eq 'error' ) {
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "fail, $code, $why" );
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENY, "SPF - $code: $why") if $reject >= 6;
added karma awards for SPF pass/fail
2013-03-25 06:48:40 +01:00
return (DENYSOFT, "SPF - $code: $why") if $reject > 3;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
}
elsif ( $code eq 'permerror' ) {
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "fail, $code, $why" );
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENY, "SPF - $code: $why") if $reject >= 6;
added karma awards for SPF pass/fail
2013-03-25 06:48:40 +01:00
return (DENYSOFT, "SPF - $code: $why") if $reject > 3;
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
}
elsif ( $code eq 'temperror' ) {
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "fail, $code, $why" );
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - $code: $why") if $reject >= 2;
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
}
SPF: add more log messages
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "SPF from $from was $code: $why");
return (DECLINED);
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 14:25:52 +02:00
}
SPF: more logging additions
2012-06-28 01:36:58 +02:00
sub handle_code_none {
my ($self, $reject, $why ) = @_;
if ( $reject >= 6 ) {
$self->log(LOGINFO, "fail, none, $why" );
return (DENY, "SPF - none: $why");
};
$self->log(LOGINFO, "pass, none, $why" );
return DECLINED;
};
sub handle_code_fail {
my ($self, $reject, $why ) = @_;
if ( $reject >= 2 ) {
$self->log(LOGINFO, "fail, $why" );
return (DENY, "SPF - forgery: $why") if $reject >= 3;
return (DENYSOFT, "SPF - fail: $why")
};
$self->log(LOGINFO, "pass, fail tolerated, $why" );
return DECLINED;
};
sub handle_code_softfail {
my ($self, $reject, $why ) = @_;
if ( $reject >= 3 ) {
$self->log(LOGINFO, "fail, soft, $why" );
return (DENY, "SPF - fail: $why") if $reject >= 4;
return (DENYSOFT, "SPF - fail: $why") if $reject >= 3;
};
$self->log(LOGINFO, "pass, softfail tolerated, $why" );
return DECLINED;
};
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
sub data_post_handler {
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my ($self, $transaction) = @_;
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
my $result = $transaction->notes('spfquery') or return DECLINED;
default the header to "unknown" git-svn-id: https://svn.perl.org/qpsmtpd/trunk@164 958fd67b-6ff1-0310-b445-bb7760255be9
2003-07-08 05:12:04 +02:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
$self->log(LOGDEBUG, "result was $result->code");
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
initial import - based on my qpsmtpd fork which will merge into the main branch fairly easily
2012-06-22 11:38:01 +02:00
if ( ! $transaction->header ) {
$self->log(LOGERROR, "missing headers!");
return DECLINED;
};
spf: remove rcpt hook, process to completion during from
2012-06-23 06:52:05 +02:00
$transaction->header->add('Received-SPF', $result->received_spf_header, 0);
spf: add comment re: Authentication-Results header
2013-03-28 00:07:23 +01:00
# consider also adding SPF status to Authentication-Results header
+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net): + * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
2004-02-03 03:57:04 +01:00
rewrote sender_permitted_from rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available. Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 07:41:08 +02:00
return DECLINED;
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9
2003-06-27 19:27:35 +02:00
}
SPF plugin: refactored, tests, new config option added POD description of spfquery note changed spf_deny -> reject (and offered 4 more options, see POD for reject) backwards compatible with old config settings replicates qmail-smtpd SPF patch behavior improved logging (again) uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed. background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-09 06:03:44 +02:00
sub is_special_recipient {
my ($self, $rcpt) = @_;
if ( ! $rcpt ) {
$self->log(LOGINFO, "skip: missing recipient");
return 1;
};
if ( ! $rcpt->user ) {
$self->log(LOGINFO, "skip: missing user");
return 1;
};
# special addresses don't get SPF-tested.
if ( $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i ) {
$self->log(LOGINFO, "skip: special user (".$rcpt->user.")");
return 1;
};
return;
};
Reference in New Issue Copy Permalink