qpsmtpd/plugins/sender_permitted_from


=head1 NAME

SPF - plugin to implement Sender Permitted From

=head1 SYNOPSIS

  # in config/plugins
  sender_permitted_from

Or if you wish to issue 5xx on SPF fail:

  sender_permitted_from spf_deny 1

See also http://spf.pobox.com/

=cut

use Mail::SPF::Query;

sub register {
  my ($self, $qp, @args) = @_;
  %{$self->{_args}} = @args;
  $self->register_hook("mail", "mail_handler");
  $self->register_hook("rcpt", "rcpt_handler");
  $self->register_hook("data_post", "data_handler");
}

sub mail_handler {
  my ($self, $transaction, $sender) = @_;

  return (DECLINED) unless ($sender->format ne "<>"
                            and $sender->host && $sender->user);

  my $host = lc $sender->host;
  my $from = $sender->user . '@' . $host;

  my $ip = $self->qp->connection->remote_ip;
  my $query = Mail::SPF::Query->new(ip => $ip, sender => $from)
    || die "Couldn't construct Mail::SPF::Query object";
  $transaction->notes('spfquery', $query);
               
  return (DECLINED);
}

sub rcpt_handler {
  my ($self, $transaction, $rcpt) = @_;
  
  # special addresses don't get SPF-tested.
  return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i;
  
  my $query = $transaction->notes('spfquery');
  my ($result, $comment) = $query->result();
  
  $self->qp->connection->notes('spf_result',  $result);
  $self->qp->connection->notes('spf_comment', $comment);
  $self->qp->connection->notes('spf_header', "$result ($comment)");

  if ($result eq "fail" and $self->{_args}{spf_deny}) {
    my $ip = $self->qp->connection->remote_ip;
    my $sender = $transaction->sender;

    my $why = "http://spf.pobox.com/why?sender=" . _uri_escape($sender) . "&ip=$ip";
    return (DENY, "SPF forgery ($comment; see $why)");
  }
   
  return DECLINED;
}

sub _uri_escape {
  my $str = shift;
  $str =~ s/([^A-Za-z0-9\-_.!~*\'()])/sprintf "%%%X", ord($1)/eg;
  return $str;
}

sub data_handler {
    my ($self, $transaction) = @_;

    my $header = $self->qp->connection->notes('spf_header') || 'unknown';

    $transaction->header->add('Received-SPF' => $header, 0);

    return DECLINED;
}
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00
			`=head1 NAME`

			`SPF - plugin to implement Sender Permitted From`

			`=head1 SYNOPSIS`

			`# in config/plugins`
			`sender_permitted_from`

Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00			`Or if you wish to issue 5xx on SPF fail:`

			`sender_permitted_from spf_deny 1`

Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00			`See also http://spf.pobox.com/`

Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`=cut`

			`use Mail::SPF::Query;`

			`sub register {`
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00			`my ($self, $qp, @args) = @_;`
			`%{$self->{_args}} = @args;`
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`$self->register_hook("mail", "mail_handler");`
			`$self->register_hook("rcpt", "rcpt_handler");`
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00			`$self->register_hook("data_post", "data_handler");`
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`}`

			`sub mail_handler {`
			`my ($self, $transaction, $sender) = @_;`

			`return (DECLINED) unless ($sender->format ne "<>"`
			`and $sender->host && $sender->user);`

			`my $host = lc $sender->host;`
			`my $from = $sender->user . '@' . $host;`

			`my $ip = $self->qp->connection->remote_ip;`
			`my $query = Mail::SPF::Query->new(ip => $ip, sender => $from)`
			`\|\| die "Couldn't construct Mail::SPF::Query object";`
			`$transaction->notes('spfquery', $query);`

			`return (DECLINED);`
			`}`

			`sub rcpt_handler {`
			`my ($self, $transaction, $rcpt) = @_;`
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00
			`# special addresses don't get SPF-tested.`
			`return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster\|abuse\|mailer-daemon\|root)$/i;`

Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`my $query = $transaction->notes('spfquery');`
			`my ($result, $comment) = $query->result();`

Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00			`$self->qp->connection->notes('spf_result', $result);`
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00			`$self->qp->connection->notes('spf_comment', $comment);`
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00			`$self->qp->connection->notes('spf_header', "$result ($comment)");`
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00
			`if ($result eq "fail" and $self->{_args}{spf_deny}) {`
Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00			`my $ip = $self->qp->connection->remote_ip;`
			`my $sender = $transaction->sender;`

			`my $why = "http://spf.pobox.com/why?sender=" . _uri_escape($sender) . "&ip=$ip";`
			`return (DENY, "SPF forgery ($comment; see $why)");`
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`}`

Patch from freeside to do things slightly more correctly git-svn-id: https://svn.perl.org/qpsmtpd/trunk@162 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-28 01:00:52 +02:00			`return DECLINED;`
			`}`

			`sub _uri_escape {`
			`my $str = shift;`
			`$str =~ s/([^A-Za-z0-9\-_.!~*\'()])/sprintf "%%%X", ord($1)/eg;`
			`return $str;`
Initial hack at an SPF filter git-svn-id: https://svn.perl.org/qpsmtpd/trunk@160 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 14:25:52 +02:00			`}`

Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00			`sub data_handler {`
			`my ($self, $transaction) = @_;`
default the header to "unknown" git-svn-id: https://svn.perl.org/qpsmtpd/trunk@164 958fd67b-6ff1-0310-b445-bb7760255be9 2003-07-08 05:12:04 +02:00
			`my $header = $self->qp->connection->notes('spf_header') \|\| 'unknown';`

			`$transaction->header->add('Received-SPF' => $header, 0);`
Right names are "fail" and "softfail" (bad docs, bad) Add headers by default instead of issuing DENY git-svn-id: https://svn.perl.org/qpsmtpd/trunk@161 958fd67b-6ff1-0310-b445-bb7760255be9 2003-06-27 19:27:35 +02:00
			`return DECLINED;`
			`}`