2012-04-29 10:35:59 +02:00
#!perl -w
2003-06-27 14:25:52 +02:00
=head1 NAME
2012-06-25 08:55:02 +02:00
SPF - implement Sender Permitted From
2003-06-27 14:25:52 +02:00
=head1 SYNOPSIS
2010-05-11 07:41:08 +02:00
Prevents email sender address spoofing by checking the SPF policy of the purported senders domain.
2003-06-27 14:25:52 +02:00
2013-04-20 22:25:04 +02:00
Sets the transaction note spf_pass_host if the SPF result is pass.
2010-05-11 07:41:08 +02:00
=head1 DESCRIPTION
2003-06-27 19:27:35 +02:00
2012-06-25 08:55:02 +02:00
Sender Policy Framework (SPF) is an email validation system designed to prevent source address spoofing. SPF allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific SPF record in the public DNS. Mail exchangers then use the DNS to verify that mail is being sent by a host sanctioned by a given domain administrators. -- http://en.wikipedia.org/wiki/Sender_Policy_Framework
2010-05-11 07:41:08 +02:00
2012-05-09 06:03:44 +02:00
The results of a SPF query are stored in a transaction note named 'spfquery';
2010-05-11 07:41:08 +02:00
=head1 CONFIGURATION
2003-06-27 19:27:35 +02:00
2010-05-11 07:41:08 +02:00
In config/plugins, add arguments to the sender_permitted_from line.
2004-02-03 03:57:04 +01:00
2012-05-09 06:03:44 +02:00
sender_permitted_from reject 3
=head2 reject
Set to a value between 1 and 6 to enable the following SPF behaviors:
1 annotate-only, add Received-SPF header, no rejections.
2 defer on DNS failures. Assure there's always a meaningful SPF header.
3 rejected if SPF record says 'fail'
4 stricter reject. Also rejects 'softfail'
5 reject 'neutral'
6 reject if no SPF records, or a syntax error
Most sites should start at level 3. It temporarily defers connections (4xx) that have soft SFP failures and only rejects (5xx) messages when the sending domains policy suggests it.
2012-06-25 08:55:02 +02:00
SPF levels above 4 are for crusaders who don't mind rejecting some valid mail when the sending server administrator hasn't dotted his i's and crossed his t's. May the deities bless their obsessive little hearts.
2012-05-09 06:03:44 +02:00
=head1 SEE ALSO
2004-02-03 03:57:04 +01:00
2012-05-09 06:03:44 +02:00
http://spf.pobox.com/
http://en.wikipedia.org/wiki/Sender_Policy_Framework
2004-02-03 03:57:04 +01:00
2013-04-20 22:23:05 +02:00
=head1 TODO
Check the scope of the SPF policy. If it's too broad (ie, the whole internet is valid), apply karma penalty
Examples of too broad: +all,
2012-05-09 06:03:44 +02:00
=head1 ACKNOWLDGEMENTS
2004-02-03 03:57:04 +01:00
2012-05-09 06:03:44 +02:00
The reject options are modeled after, and aim to match the functionality of those found in the SPF patch for qmail-smtpd.
2003-06-28 01:00:52 +02:00
2010-05-11 07:41:08 +02:00
=head1 AUTHOR
2013-04-20 22:23:05 +02:00
Matt Simerson - 2012 - increased policy options from 3 to 6
Matt Simerson - 2011 - rewrote using Mail::SPF
Matt Sergeant - 2003 - initial plugin
2010-05-11 07:41:08 +02:00
2003-06-27 14:25:52 +02:00
=cut
2010-05-11 07:41:08 +02:00
use strict;
2012-05-09 06:03:44 +02:00
use warnings;
#use Mail::SPF 2.000; # eval'ed in ->register
2012-04-08 02:11:16 +02:00
use Qpsmtpd::Constants;
2003-06-27 14:25:52 +02:00
sub register {
2012-05-09 06:03:44 +02:00
my ($self, $qp, %args) = @_;
2012-06-22 11:38:01 +02:00
eval 'use Mail::SPF';
2013-04-21 06:50:39 +02:00
if ($@) {
2012-06-23 06:52:05 +02:00
warn "skip: plugin disabled, is Mail::SPF installed?\n";
2012-05-09 06:03:44 +02:00
$self->log(LOGERROR, "skip: plugin disabled, is Mail::SPF installed?");
return;
2013-04-21 06:50:39 +02:00
}
$self->{_args} = {%args};
if ($self->{_args}{spf_deny}) {
2012-05-09 06:03:44 +02:00
$self->{_args}{reject} = 3 if $self->{_args}{spf_deny} == 1;
$self->{_args}{reject} = 4 if $self->{_args}{spf_deny} == 2;
2013-04-21 06:50:39 +02:00
}
if (!$self->{_args}{reject} && $self->qp->config('spfbehavior')) {
2012-05-09 06:03:44 +02:00
$self->{_args}{reject} = $self->qp->config('spfbehavior');
2013-04-21 06:50:39 +02:00
}
2012-06-23 06:52:05 +02:00
$self->register_hook('mail', 'mail_handler');
$self->register_hook('data_post', 'data_post_handler');
2003-06-27 14:25:52 +02:00
}
2012-06-23 06:52:05 +02:00
sub mail_handler {
2010-05-11 07:41:08 +02:00
my ($self, $transaction, $sender, %param) = @_;
2012-06-03 03:44:46 +02:00
return (DECLINED) if $self->is_immune();
2012-05-09 06:03:44 +02:00
my $format = $sender->format;
2013-04-21 06:50:39 +02:00
if ($format eq '<>' || !$sender->host || !$sender->user) {
$self->log(LOGINFO, "skip, null sender");
2012-05-07 09:36:02 +02:00
return (DECLINED, "SPF - null sender");
2013-04-21 06:50:39 +02:00
}
2012-04-08 04:03:30 +02:00
2013-04-21 06:50:39 +02:00
if ($self->qp->connection->relay_client) {
$self->log(LOGINFO, "skip, relay_client");
2012-05-09 06:03:44 +02:00
return (DECLINED, "SPF - relaying permitted");
2013-04-21 06:50:39 +02:00
}
2010-05-11 07:41:08 +02:00
2013-04-21 06:50:39 +02:00
if (!$self->{_args}{reject}) {
$self->log(LOGINFO, "skip, reject disabled");
2012-06-23 06:52:05 +02:00
return (DECLINED);
2013-04-21 06:50:39 +02:00
}
2012-06-23 06:52:05 +02:00
2013-04-21 06:50:39 +02:00
my $client_ip = $self->qp->connection->remote_ip;
my $from = $sender->user . '@' . lc($sender->host);
my $helo = $self->qp->connection->hello_host;
my $scope = $from ? 'mfrom' : 'helo';
my %req_params = (
versions => [1, 2], # optional
scope => $scope,
ip_address => $client_ip,
2010-05-11 07:41:08 +02:00
);
2012-05-09 06:03:44 +02:00
if ($scope =~ /^mfrom|pra$/) {
2010-05-11 07:41:08 +02:00
$req_params{identity} = $from;
$req_params{helo_identity} = $helo if $helo;
}
elsif ($scope eq 'helo') {
$req_params{identity} = $helo;
$req_params{helo_identity} = $helo;
}
my $spf_server = Mail::SPF::Server->new();
my $request = Mail::SPF::Request->new(%req_params);
2012-06-25 08:55:02 +02:00
my $result = $spf_server->process($request) or do {
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "fail, no result");
2012-06-25 08:55:02 +02:00
return DECLINED;
};
2010-05-11 07:41:08 +02:00
$transaction->notes('spfquery', $result);
my $code = $result->code;
my $why = $result->local_explanation;
2012-05-09 06:03:44 +02:00
my $reject = $self->{_args}{reject};
2013-04-21 06:50:39 +02:00
if (!$code) {
$self->log(LOGINFO, "fail, no response");
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - no response") if $reject >= 2;
return (DECLINED, "SPF - no response");
2013-04-21 06:50:39 +02:00
}
2010-05-11 07:41:08 +02:00
2013-04-21 06:50:39 +02:00
if (!$reject) {
$self->log(LOGINFO, "fail, no reject policy ($code: $why)");
return (DECLINED, "SPF - $code: $why");
}
2003-06-28 01:00:52 +02:00
2013-04-21 06:50:39 +02:00
# SPF result codes: pass fail softfail neutral none error permerror temperror
2012-06-28 01:36:58 +02:00
return $self->handle_code_none($reject, $why) if $code eq 'none';
2013-04-21 06:50:39 +02:00
if ($code eq 'fail') {
$self->adjust_karma(-1);
2013-03-25 06:48:40 +01:00
return $self->handle_code_fail($reject, $why);
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'softfail') {
$self->adjust_karma(-1);
2013-03-25 06:48:40 +01:00
return $self->handle_code_softfail($reject, $why);
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'pass') {
$self->adjust_karma(1);
2013-04-20 22:23:05 +02:00
$transaction->notes('spf_pass_host', lc $sender->host);
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "pass, $code: $why");
2012-06-25 08:55:02 +02:00
return (DECLINED);
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'neutral') {
$self->log(LOGINFO, "fail, $code, $why");
2012-06-25 08:55:02 +02:00
return (DENY, "SPF - $code: $why") if $reject >= 5;
2012-05-09 06:03:44 +02:00
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'error') {
$self->log(LOGINFO, "fail, $code, $why");
return (DENY, "SPF - $code: $why") if $reject >= 6;
2013-03-25 06:48:40 +01:00
return (DENYSOFT, "SPF - $code: $why") if $reject > 3;
2012-05-09 06:03:44 +02:00
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'permerror') {
$self->log(LOGINFO, "fail, $code, $why");
return (DENY, "SPF - $code: $why") if $reject >= 6;
2013-03-25 06:48:40 +01:00
return (DENYSOFT, "SPF - $code: $why") if $reject > 3;
2012-05-09 06:03:44 +02:00
}
2013-04-21 06:50:39 +02:00
elsif ($code eq 'temperror') {
$self->log(LOGINFO, "fail, $code, $why");
2012-05-09 06:03:44 +02:00
return (DENYSOFT, "SPF - $code: $why") if $reject >= 2;
2010-05-11 07:41:08 +02:00
}
2012-06-25 08:55:02 +02:00
$self->log(LOGINFO, "SPF from $from was $code: $why");
return (DECLINED);
2003-06-27 14:25:52 +02:00
}
2012-06-28 01:36:58 +02:00
sub handle_code_none {
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
if ($reject >= 6) {
$self->log(LOGINFO, "fail, none, $why");
2012-06-28 01:36:58 +02:00
return (DENY, "SPF - none: $why");
2013-04-21 06:50:39 +02:00
}
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "pass, none, $why");
2012-06-28 01:36:58 +02:00
return DECLINED;
2013-04-21 06:50:39 +02:00
}
2012-06-28 01:36:58 +02:00
sub handle_code_fail {
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
if ($reject >= 2) {
$self->log(LOGINFO, "fail, $why");
2012-06-28 01:36:58 +02:00
return (DENY, "SPF - forgery: $why") if $reject >= 3;
2013-04-21 06:50:39 +02:00
return (DENYSOFT, "SPF - fail: $why");
}
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "pass, fail tolerated, $why");
2012-06-28 01:36:58 +02:00
return DECLINED;
2013-04-21 06:50:39 +02:00
}
2012-06-28 01:36:58 +02:00
sub handle_code_softfail {
2013-04-21 06:50:39 +02:00
my ($self, $reject, $why) = @_;
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
if ($reject >= 3) {
$self->log(LOGINFO, "fail, soft, $why");
return (DENY, "SPF - fail: $why") if $reject >= 4;
2012-06-28 01:36:58 +02:00
return (DENYSOFT, "SPF - fail: $why") if $reject >= 3;
2013-04-21 06:50:39 +02:00
}
2012-06-28 01:36:58 +02:00
2013-04-21 06:50:39 +02:00
$self->log(LOGINFO, "pass, softfail tolerated, $why");
2012-06-28 01:36:58 +02:00
return DECLINED;
2013-04-21 06:50:39 +02:00
}
2012-06-28 01:36:58 +02:00
2012-06-23 06:52:05 +02:00
sub data_post_handler {
2010-05-11 07:41:08 +02:00
my ($self, $transaction) = @_;
2004-02-03 03:57:04 +01:00
2010-05-11 07:41:08 +02:00
my $result = $transaction->notes('spfquery') or return DECLINED;
2003-07-08 05:12:04 +02:00
2013-04-21 06:50:39 +02:00
# if we skipped processing in mail_handler, we should skip here too
2013-04-20 22:23:05 +02:00
return (DECLINED) if $self->is_immune();
2010-05-11 07:41:08 +02:00
$self->log(LOGDEBUG, "result was $result->code");
2003-06-27 19:27:35 +02:00
2013-04-21 06:50:39 +02:00
if (!$transaction->header) {
2012-06-22 11:38:01 +02:00
$self->log(LOGERROR, "missing headers!");
return DECLINED;
2013-04-21 06:50:39 +02:00
}
2012-06-22 11:38:01 +02:00
2012-06-23 06:52:05 +02:00
$transaction->header->add('Received-SPF', $result->received_spf_header, 0);
2013-04-21 06:50:39 +02:00
# consider also adding SPF status to Authentication-Results header
2004-02-03 03:57:04 +01:00
2010-05-11 07:41:08 +02:00
return DECLINED;
2003-06-27 19:27:35 +02:00
}
2012-05-09 06:03:44 +02:00
sub is_special_recipient {
my ($self, $rcpt) = @_;
2013-04-21 06:50:39 +02:00
if (!$rcpt) {
2012-05-09 06:03:44 +02:00
$self->log(LOGINFO, "skip: missing recipient");
return 1;
2013-04-21 06:50:39 +02:00
}
if (!$rcpt->user) {
2012-05-09 06:03:44 +02:00
$self->log(LOGINFO, "skip: missing user");
return 1;
2013-04-21 06:50:39 +02:00
}
2012-05-09 06:03:44 +02:00
# special addresses don't get SPF-tested.
2013-04-21 06:50:39 +02:00
if ($rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i) {
$self->log(LOGINFO, "skip: special user (" . $rcpt->user . ")");
2012-05-09 06:03:44 +02:00
return 1;
2013-04-21 06:50:39 +02:00
}
2012-05-09 06:03:44 +02:00
return;
2013-04-21 06:50:39 +02:00
}