spf: remove rcpt hook, process to completion during from

This commit is contained in:
Matt Simerson 2012-06-23 00:52:05 -04:00
parent dc61deb9aa
commit 8f40e2ef9a

View File

@ -46,8 +46,7 @@ The reject options are modeled after, and aim to match the functionality of thos
=head1 AUTHOR =head1 AUTHOR
Matt Simerson - 2002 - increased policy options from 3 to 6 Matt Simerson - 2012 - increased policy options from 3 to 6
Matt Simerson - 2011 - rewrote using Mail::SPF Matt Simerson - 2011 - rewrote using Mail::SPF
Matt Sergeant - 2003 - initial plugin Matt Sergeant - 2003 - initial plugin
@ -64,7 +63,7 @@ sub register {
my ($self, $qp, %args) = @_; my ($self, $qp, %args) = @_;
eval 'use Mail::SPF'; eval 'use Mail::SPF';
if ( $@ ) { if ( $@ ) {
warn "skip: plugin disabled, could not find Mail::SPF\n"; warn "skip: plugin disabled, is Mail::SPF installed?\n";
$self->log(LOGERROR, "skip: plugin disabled, is Mail::SPF installed?"); $self->log(LOGERROR, "skip: plugin disabled, is Mail::SPF installed?");
return; return;
}; };
@ -76,28 +75,31 @@ sub register {
if ( ! $self->{_args}{reject} && $self->qp->config('spfbehavior') ) { if ( ! $self->{_args}{reject} && $self->qp->config('spfbehavior') ) {
$self->{_args}{reject} = $self->qp->config('spfbehavior'); $self->{_args}{reject} = $self->qp->config('spfbehavior');
}; };
$self->register_hook('mail', 'mail_handler');
$self->register_hook('data_post', 'data_post_handler');
} }
sub hook_mail { sub mail_handler {
my ($self, $transaction, $sender, %param) = @_; my ($self, $transaction, $sender, %param) = @_;
return (DECLINED) if $self->is_immune(); return (DECLINED) if $self->is_immune();
if ( ! $self->{_args}{reject} ) {
$self->log( LOGINFO, "skip: disabled in config" );
return (DECLINED);
};
my $format = $sender->format; my $format = $sender->format;
if ( $format eq '<>' || ! $sender->host || ! $sender->user ) { if ( $format eq '<>' || ! $sender->host || ! $sender->user ) {
$self->log( LOGINFO, "skip: null sender" ); $self->log( LOGINFO, "skip, null sender" );
return (DECLINED, "SPF - null sender"); return (DECLINED, "SPF - null sender");
}; };
if ( $self->is_in_relayclients() ) { if ( $self->is_in_relayclients() ) {
$self->log( LOGINFO, "skip, in relayclients" );
return (DECLINED, "SPF - relaying permitted"); return (DECLINED, "SPF - relaying permitted");
}; };
if ( ! $self->{_args}{reject} ) {
$self->log( LOGINFO, "skip, reject disabled" );
return (DECLINED);
};
my $client_ip = $self->qp->connection->remote_ip; my $client_ip = $self->qp->connection->remote_ip;
my $from = $sender->user . '@' . lc($sender->host); my $from = $sender->user . '@' . lc($sender->host);
my $helo = $self->qp->connection->hello_host; my $helo = $self->qp->connection->hello_host;
@ -118,21 +120,10 @@ sub hook_mail {
my $spf_server = Mail::SPF::Server->new(); my $spf_server = Mail::SPF::Server->new();
my $request = Mail::SPF::Request->new(%req_params); my $request = Mail::SPF::Request->new(%req_params);
my $result = $spf_server->process($request); my $result = $spf_server->process($request) or return DECLINED;
$transaction->notes('spfquery', $result); $transaction->notes('spfquery', $result);
$self->log( LOGINFO, $result );
return (DECLINED, "SPF - $result->code");
}
sub hook_rcpt {
my ($self, $transaction, $rcpt, %param) = @_;
return DECLINED if $self->is_special_recipient( $rcpt );
my $result = $transaction->notes('spfquery') or return DECLINED;
my $code = $result->code; my $code = $result->code;
my $why = $result->local_explanation; my $why = $result->local_explanation;
my $reject = $self->{_args}{reject}; my $reject = $self->{_args}{reject};
@ -172,11 +163,11 @@ sub hook_rcpt {
return (DENYSOFT, "SPF - $code: $why") if $reject >= 2; return (DENYSOFT, "SPF - $code: $why") if $reject >= 2;
} }
$self->log(LOGDEBUG, "result for $rcpt->address was $code: $why"); $self->log(LOGDEBUG, "SPF from $from was $code: $why");
return (DECLINED, "SPF - $code: $why"); return (DECLINED, "SPF - $code: $why");
} }
sub hook_data_post { sub data_post_handler {
my ($self, $transaction) = @_; my ($self, $transaction) = @_;
my $result = $transaction->notes('spfquery') or return DECLINED; my $result = $transaction->notes('spfquery') or return DECLINED;
@ -188,7 +179,7 @@ sub hook_data_post {
return DECLINED; return DECLINED;
}; };
$transaction->header->add('Received-SPF' => $result->received_spf_header, 0); $transaction->header->add('Received-SPF', $result->received_spf_header, 0);
return DECLINED; return DECLINED;
} }
@ -196,8 +187,6 @@ sub hook_data_post {
sub is_in_relayclients { sub is_in_relayclients {
my $self = shift; my $self = shift;
# If we are receiving from a relay permitted host, then we are probably
# not the delivery system, and so we shouldn't check
my $client_ip = $self->qp->connection->remote_ip; my $client_ip = $self->qp->connection->remote_ip;
my @relay_clients = $self->qp->config('relayclients'); my @relay_clients = $self->qp->config('relayclients');
my $more_relay_clients = $self->qp->config('morerelayclients', 'map'); my $more_relay_clients = $self->qp->config('morerelayclients', 'map');
@ -206,7 +195,7 @@ sub is_in_relayclients {
while ($client_ip) { while ($client_ip) {
if ( exists $relay_clients{$client_ip} || if ( exists $relay_clients{$client_ip} ||
exists $more_relay_clients->{$client_ip} ) { exists $more_relay_clients->{$client_ip} ) {
$self->log( LOGDEBUG, "skip: relaying permitted (config)" ); $self->log( LOGDEBUG, "skip, IP in relayclients" );
return 1; return 1;
}; };
$client_ip =~ s/\d+\.?$// or last; # strip off another 8 bits $client_ip =~ s/\d+\.?$// or last; # strip off another 8 bits