+ Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net):
+ * Integrated with Mail::SPF::Query 1.991 + * Don't do SPF processing when you are acting as a relay system + * Remove the MX changes as they are now inside Mail::SPF::Query git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
98e2f08885
commit
773ca08ebf
5
Changes
5
Changes
@ -1,5 +1,10 @@
|
|||||||
0.27
|
0.27
|
||||||
|
|
||||||
|
Update the SPF plugin (Philip Gladstone, philip@gladstonefamily.net):
|
||||||
|
* Integrated with Mail::SPF::Query 1.991
|
||||||
|
* Don't do SPF processing when you are acting as a relay system
|
||||||
|
* Remove the MX changes as they are now inside Mail::SPF::Query
|
||||||
|
|
||||||
Take out Data::Dumper to save a few bytes of memory
|
Take out Data::Dumper to save a few bytes of memory
|
||||||
|
|
||||||
Say Received: ... via ESMTP instead of via SMTP when the client
|
Say Received: ... via ESMTP instead of via SMTP when the client
|
||||||
|
@ -12,11 +12,21 @@ Or if you wish to issue 5xx on SPF fail:
|
|||||||
|
|
||||||
sender_permitted_from spf_deny 1
|
sender_permitted_from spf_deny 1
|
||||||
|
|
||||||
|
Other arguments are 'trust 0' and 'guess 0'. These turn off processing of
|
||||||
|
spf.trusted-forwarders.org and the best_guess functionality. It is unlikely
|
||||||
|
that you want to turn these off.
|
||||||
|
|
||||||
|
Adding 'spf_deny 2' will also issue a 5xx on a softfail response.
|
||||||
|
|
||||||
|
You can also specify local SPF policy with
|
||||||
|
|
||||||
|
include '<spf mechanism list>'
|
||||||
|
|
||||||
See also http://spf.pobox.com/
|
See also http://spf.pobox.com/
|
||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
use Mail::SPF::Query;
|
use Mail::SPF::Query 1.991;
|
||||||
|
|
||||||
sub register {
|
sub register {
|
||||||
my ($self, $qp, @args) = @_;
|
my ($self, $qp, @args) = @_;
|
||||||
@ -32,12 +42,31 @@ sub mail_handler {
|
|||||||
return (DECLINED) unless ($sender->format ne "<>"
|
return (DECLINED) unless ($sender->format ne "<>"
|
||||||
and $sender->host && $sender->user);
|
and $sender->host && $sender->user);
|
||||||
|
|
||||||
|
# If we are receving from a relay permitted host, then we are probably
|
||||||
|
# not the delivery system, and so we shouldn't check
|
||||||
|
|
||||||
|
return (DECLINED) if exists $ENV{RELAYCLIENT};
|
||||||
|
my @relay_clients = $self->qp->config("relayclients");
|
||||||
|
my $more_relay_clients = $self->qp->config("morerelayclients", "map");
|
||||||
|
my %relay_clients = map { $_ => 1 } @relay_clients;
|
||||||
|
my $client_ip = $self->qp->connection->remote_ip;
|
||||||
|
while ($client_ip) {
|
||||||
|
return (DECLINED) if exists $relay_clients{$client_ip};
|
||||||
|
return (DECLINED) if exists $more_relay_clients->{$client_ip};
|
||||||
|
$client_ip =~ s/\d+\.?$//; # strip off another 8 bits
|
||||||
|
}
|
||||||
|
|
||||||
my $host = lc $sender->host;
|
my $host = lc $sender->host;
|
||||||
my $from = $sender->user . '@' . $host;
|
my $from = $sender->user . '@' . $host;
|
||||||
|
|
||||||
my $ip = $self->qp->connection->remote_ip;
|
my $ip = $self->qp->connection->remote_ip;
|
||||||
my $helo = $self->qp->connection->hello_host;
|
my $helo = $self->qp->connection->hello_host;
|
||||||
my $query = Mail::SPF::Query->new(ip => $ip, sender => $from, helo => $helo)
|
|
||||||
|
my $query = Mail::SPF::Query->new(ip => $ip, sender => $from, helo => $helo,
|
||||||
|
sanitize => 1,
|
||||||
|
local => $self->{_args}{local},
|
||||||
|
guess => defined($self->{_args}{guess}) ? $self->{_args}{guess} : 1,
|
||||||
|
trusted => defined($self->{_args}{trust}) ? $self->{_args}{trust} : 1)
|
||||||
|| die "Couldn't construct Mail::SPF::Query object";
|
|| die "Couldn't construct Mail::SPF::Query object";
|
||||||
$transaction->notes('spfquery', $query);
|
$transaction->notes('spfquery', $query);
|
||||||
|
|
||||||
@ -51,18 +80,24 @@ sub rcpt_handler {
|
|||||||
return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i;
|
return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i;
|
||||||
|
|
||||||
my $query = $transaction->notes('spfquery');
|
my $query = $transaction->notes('spfquery');
|
||||||
my ($result, $comment) = $query->result();
|
|
||||||
|
return DECLINED if !$query;
|
||||||
|
my ($result, $smtp_comment, $comment) = $query->result2($rcpt->address);
|
||||||
|
|
||||||
$self->qp->connection->notes('spf_result', $result);
|
if ($result eq "error") {
|
||||||
$self->qp->connection->notes('spf_comment', $comment);
|
return (DENYSOFT, "SPF error: $smtp_comment");
|
||||||
$self->qp->connection->notes('spf_header', "$result ($comment)");
|
}
|
||||||
|
|
||||||
if ($result eq "fail" and $self->{_args}{spf_deny}) {
|
if ($result eq "fail" and $self->{_args}{spf_deny}) {
|
||||||
my $ip = $self->qp->connection->remote_ip;
|
return (DENY, "SPF forgery: $smtp_comment");
|
||||||
my $sender = $transaction->sender;
|
}
|
||||||
|
|
||||||
my $why = "http://spf.pobox.com/why?sender=" . _uri_escape($sender) . "&ip=$ip";
|
if ($result eq "softfail" and $self->{_args}{spf_deny} > 1) {
|
||||||
return (DENY, "SPF forgery ($comment; see $why)");
|
return (DENY, "SPF probable forgery: $smtp_comment");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($result eq 'fail' or $result eq 'softfail') {
|
||||||
|
$self->log(1, "result for $rcpt->address was $result: $comment");
|
||||||
}
|
}
|
||||||
|
|
||||||
return DECLINED;
|
return DECLINED;
|
||||||
@ -75,12 +110,17 @@ sub _uri_escape {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub data_handler {
|
sub data_handler {
|
||||||
my ($self, $transaction) = @_;
|
my ($self, $transaction) = @_;
|
||||||
|
|
||||||
my $header = $self->qp->connection->notes('spf_header') || 'unknown';
|
my $query = $transaction->notes('spfquery');
|
||||||
|
return DECLINED if !$query;
|
||||||
|
|
||||||
$transaction->header->add('Received-SPF' => $header, 0);
|
my ($result, $smtp_comment, $comment) = $query->message_result2();
|
||||||
|
|
||||||
return DECLINED;
|
$self->log(1, "result was $result: $comment") if ($result);
|
||||||
|
|
||||||
|
$transaction->header->add('Received-SPF' => "$result ($comment)", 0);
|
||||||
|
|
||||||
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user