byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow an alternate ID for Authentication-Results (#323)

Browse Source 
* Allow an alternate ID for Authentication-Results

When using a cluster of servers, it's sometimes needed to have the same
ID in the Authentication-Results header, rather than just the hostname,
and you don't always want to change "me" (because that has other
effects).  Allow an alternate "ar-me" config file.

* Change Authentication-Results "me" file and expand

Per request, make the Authentication-Results server ID config file
"me-auth-results" for clarity.

Also, expand its meaning slightly - use "none" to disable adding or
modifying Authentication-Results headers.  This is useful when qpsmtpd
is used in an internal hop and should not be overriding an edge hop that
checked SPF/DKIM/etc.
This commit is contained in:
Chris Adams 2025-01-15 13:02:31 -06:00 committed by GitHub
parent 3012033317
commit d1043d0039
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/config.md
View File

@ -31,6 +31,13 @@ are shown below in ["Plugin settings"](#plugin-settings).
the _Received: _header, ... the _Received: _header, ...
Default is whatever Sys::Hostname's hostname() returns. Default is whatever Sys::Hostname's hostname() returns.
- me-auth-results
Sets the ID string used in Authentication-Results: header (useful
for multi-server clusters). If this is set to "none", no
Authentication-Results: header will be added or modifed.
Default is the same as me above.
- plugin\_dirs - plugin\_dirs
Where to search for plugins (one directory per line), defaults to `./plugins`. Where to search for plugins (one directory per line), defaults to `./plugins`.

13
lib/Qpsmtpd/SMTP.pm
View File

@ -776,7 +776,14 @@ sub data_respond {
sub authentication_results { sub authentication_results {
my ($self) = @_; my ($self) = @_;
my @auth_list = $self->config('me'); # don't add an Authentication-Results if this is "none"
my @auth_list = $self->config('me-auth-results');
if (! $auth_list[0]) {
@auth_list = $self->config('me');
}
elsif ($auth_list[0] eq "none") {
return;
}
if (!defined $self->{_auth}) { if (!defined $self->{_auth}) {
push @auth_list, 'auth=none'; push @auth_list, 'auth=none';
@ -805,6 +812,10 @@ sub authentication_results {
sub clean_authentication_results { sub clean_authentication_results {
my $self = shift; my $self = shift;
# don't change any Authentication-Results if this is "none"
my ($auth_id) = $self->config('me-auth-results');
return if ($auth_id && ($auth_id eq "none"));
# On messages received from the internet, move Authentication-Results headers # On messages received from the internet, move Authentication-Results headers
# to Original-AR, so our downstream can trust the A-R header we insert. # to Original-AR, so our downstream can trust the A-R header we insert.