+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net):

+   * Integrated with Mail::SPF::Query 1.991
+   * Don't do SPF processing when you are acting as a relay system
+   * Remove the MX changes as they are now inside Mail::SPF::Query


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
Ask Bjørn Hansen 2004-02-03 02:57:04 +00:00
parent 98e2f08885
commit 773ca08ebf
2 changed files with 59 additions and 14 deletions

View File

@ -1,5 +1,10 @@
0.27 0.27
Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net):
* Integrated with Mail::SPF::Query 1.991
* Don't do SPF processing when you are acting as a relay system
* Remove the MX changes as they are now inside Mail::SPF::Query
Take out Data::Dumper to save a few bytes of memory Take out Data::Dumper to save a few bytes of memory
Say Received: ... via ESMTP instead of via SMTP when the client Say Received: ... via ESMTP instead of via SMTP when the client

View File

@ -12,11 +12,21 @@ Or if you wish to issue 5xx on SPF fail:
sender_permitted_from spf_deny 1 sender_permitted_from spf_deny 1
Other arguments are 'trust 0' and 'guess 0'. These turn off processing of
spf.trusted-forwarders.org and the best_guess functionality. It is unlikely
that you want to turn these off.
Adding 'spf_deny 2' will also issue a 5xx on a softfail response.
You can also specify local SPF policy with
include '<spf mechanism list>'
See also http://spf.pobox.com/ See also http://spf.pobox.com/
=cut =cut
use Mail::SPF::Query; use Mail::SPF::Query 1.991;
sub register { sub register {
my ($self, $qp, @args) = @_; my ($self, $qp, @args) = @_;
@ -32,12 +42,31 @@ sub mail_handler {
return (DECLINED) unless ($sender->format ne "<>" return (DECLINED) unless ($sender->format ne "<>"
and $sender->host && $sender->user); and $sender->host && $sender->user);
# If we are receving from a relay permitted host, then we are probably
# not the delivery system, and so we shouldn't check
return (DECLINED) if exists $ENV{RELAYCLIENT};
my @relay_clients = $self->qp->config("relayclients");
my $more_relay_clients = $self->qp->config("morerelayclients", "map");
my %relay_clients = map { $_ => 1 } @relay_clients;
my $client_ip = $self->qp->connection->remote_ip;
while ($client_ip) {
return (DECLINED) if exists $relay_clients{$client_ip};
return (DECLINED) if exists $more_relay_clients->{$client_ip};
$client_ip =~ s/\d+\.?$//; # strip off another 8 bits
}
my $host = lc $sender->host; my $host = lc $sender->host;
my $from = $sender->user . '@' . $host; my $from = $sender->user . '@' . $host;
my $ip = $self->qp->connection->remote_ip; my $ip = $self->qp->connection->remote_ip;
my $helo = $self->qp->connection->hello_host; my $helo = $self->qp->connection->hello_host;
my $query = Mail::SPF::Query->new(ip => $ip, sender => $from, helo => $helo)
my $query = Mail::SPF::Query->new(ip => $ip, sender => $from, helo => $helo,
sanitize => 1,
local => $self->{_args}{local},
guess => defined($self->{_args}{guess}) ? $self->{_args}{guess} : 1,
trusted => defined($self->{_args}{trust}) ? $self->{_args}{trust} : 1)
|| die "Couldn't construct Mail::SPF::Query object"; || die "Couldn't construct Mail::SPF::Query object";
$transaction->notes('spfquery', $query); $transaction->notes('spfquery', $query);
@ -51,18 +80,24 @@ sub rcpt_handler {
return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i; return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i;
my $query = $transaction->notes('spfquery'); my $query = $transaction->notes('spfquery');
my ($result, $comment) = $query->result();
$self->qp->connection->notes('spf_result', $result); return DECLINED if !$query;
$self->qp->connection->notes('spf_comment', $comment); my ($result, $smtp_comment, $comment) = $query->result2($rcpt->address);
$self->qp->connection->notes('spf_header', "$result ($comment)");
if ($result eq "error") {
return (DENYSOFT, "SPF error: $smtp_comment");
}
if ($result eq "fail" and $self->{_args}{spf_deny}) { if ($result eq "fail" and $self->{_args}{spf_deny}) {
my $ip = $self->qp->connection->remote_ip; return (DENY, "SPF forgery: $smtp_comment");
my $sender = $transaction->sender; }
my $why = "http://spf.pobox.com/why?sender=" . _uri_escape($sender) . "&ip=$ip"; if ($result eq "softfail" and $self->{_args}{spf_deny} > 1) {
return (DENY, "SPF forgery ($comment; see $why)"); return (DENY, "SPF probable forgery: $smtp_comment");
}
if ($result eq 'fail' or $result eq 'softfail') {
$self->log(1, "result for $rcpt->address was $result: $comment");
} }
return DECLINED; return DECLINED;
@ -77,9 +112,14 @@ sub _uri_escape {
sub data_handler { sub data_handler {
my ($self, $transaction) = @_; my ($self, $transaction) = @_;
my $header = $self->qp->connection->notes('spf_header') || 'unknown'; my $query = $transaction->notes('spfquery');
return DECLINED if !$query;
$transaction->header->add('Received-SPF' => $header, 0); my ($result, $smtp_comment, $comment) = $query->message_result2();
$self->log(1, "result was $result: $comment") if ($result);
$transaction->header->add('Received-SPF' => "$result ($comment)", 0);
return DECLINED; return DECLINED;
} }