From d1043d00391843fd6b6fd4c2f9358019dc901e30 Mon Sep 17 00:00:00 2001 From: Chris Adams Date: Wed, 15 Jan 2025 13:02:31 -0600 Subject: [PATCH] Allow an alternate ID for Authentication-Results (#323) * Allow an alternate ID for Authentication-Results When using a cluster of servers, it's sometimes needed to have the same ID in the Authentication-Results header, rather than just the hostname, and you don't always want to change "me" (because that has other effects). Allow an alternate "ar-me" config file. * Change Authentication-Results "me" file and expand Per request, make the Authentication-Results server ID config file "me-auth-results" for clarity. Also, expand its meaning slightly - use "none" to disable adding or modifying Authentication-Results headers. This is useful when qpsmtpd is used in an internal hop and should not be overriding an edge hop that checked SPF/DKIM/etc. --- docs/config.md | 7 +++++++ lib/Qpsmtpd/SMTP.pm | 13 ++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/config.md b/docs/config.md index a4709e3..4fbfabc 100644 --- a/docs/config.md +++ b/docs/config.md @@ -31,6 +31,13 @@ are shown below in ["Plugin settings"](#plugin-settings). the _Received: _header, ... Default is whatever Sys::Hostname's hostname() returns. +- me-auth-results + + Sets the ID string used in Authentication-Results: header (useful + for multi-server clusters). If this is set to "none", no + Authentication-Results: header will be added or modifed. + Default is the same as me above. + - plugin\_dirs Where to search for plugins (one directory per line), defaults to `./plugins`. diff --git a/lib/Qpsmtpd/SMTP.pm b/lib/Qpsmtpd/SMTP.pm index 913879d..d145190 100644 --- a/lib/Qpsmtpd/SMTP.pm +++ b/lib/Qpsmtpd/SMTP.pm @@ -776,7 +776,14 @@ sub data_respond { sub authentication_results { my ($self) = @_; - my @auth_list = $self->config('me'); + # don't add an Authentication-Results if this is "none" + my @auth_list = $self->config('me-auth-results'); + if (! $auth_list[0]) { + @auth_list = $self->config('me'); + } + elsif ($auth_list[0] eq "none") { + return; + } if (!defined $self->{_auth}) { push @auth_list, 'auth=none'; @@ -805,6 +812,10 @@ sub authentication_results { sub clean_authentication_results { my $self = shift; + # don't change any Authentication-Results if this is "none" + my ($auth_id) = $self->config('me-auth-results'); + return if ($auth_id && ($auth_id eq "none")); + # On messages received from the internet, move Authentication-Results headers # to Original-AR, so our downstream can trust the A-R header we insert.