From 0f01a39e886eb01df0252e32c12831dfc80d8d3c Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Sat, 20 Apr 2013 16:23:05 -0400 Subject: [PATCH] SPF: add trans. note spf_pass_host if SPF=pass --- plugins/sender_permitted_from | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/plugins/sender_permitted_from b/plugins/sender_permitted_from index fba7e32..fc78217 100644 --- a/plugins/sender_permitted_from +++ b/plugins/sender_permitted_from @@ -40,17 +40,20 @@ SPF levels above 4 are for crusaders who don't mind rejecting some valid mail wh http://spf.pobox.com/ http://en.wikipedia.org/wiki/Sender_Policy_Framework +=head1 TODO + +Check the scope of the SPF policy. If it's too broad (ie, the whole internet is valid), apply karma penalty +Examples of too broad: +all, + =head1 ACKNOWLDGEMENTS The reject options are modeled after, and aim to match the functionality of those found in the SPF patch for qmail-smtpd. =head1 AUTHOR -Matt Simerson - 2012 - increased policy options from 3 to 6 - -Matt Simerson - 2011 - rewrote using Mail::SPF - -Matt Sergeant - 2003 - initial plugin + Matt Simerson - 2012 - increased policy options from 3 to 6 + Matt Simerson - 2011 - rewrote using Mail::SPF + Matt Sergeant - 2003 - initial plugin =cut @@ -155,6 +158,7 @@ sub mail_handler { } elsif ( $code eq 'pass' ) { $self->adjust_karma( 1 ); + $transaction->notes('spf_pass_host', lc $sender->host); $self->log(LOGINFO, "pass, $code: $why" ); return (DECLINED); } @@ -224,6 +228,9 @@ sub data_post_handler { my $result = $transaction->notes('spfquery') or return DECLINED; +# if we skipped processing in mail_handler, we should skip here too + return (DECLINED) if $self->is_immune(); + $self->log(LOGDEBUG, "result was $result->code"); if ( ! $transaction->header ) {