* Skip SPF checks for local (127.) connections

* TODO skip localhost for IPv6.
2007-02-07 12:59:17 +00:00 · 2007-02-07 12:59:17 +00:00 · 0d8075552e
commit 0d8075552e
parent 515d21722d
4 changed files with 30 additions and 16 deletions
--- a/3
+++ b/3
@ -4,8 +4,9 @@
 #   ! = Changed something significant, or removed a feature
 #   * = Fixed a bug, or made a minor improvement

--- 2.000 (2007-02-06 16:00)
+--- 2.000 (2007-02-07 16:00)
  * Change reject reply to 550 for RFC 2821 compliance.
+  * Skip SPF checks for local (127.) connections
  * Clarified wording for some verbose logging.
  * Added more information about HELO checking to README.

--- a/5
+++ b/5
@ -24,7 +24,10 @@ If the message is not rejected or deferred, the policy server will PREPEND the
 appropriate SPF Received header.  In the case of multi-recipient mail, multiple 
 headers will get appended.  If Mail From is anything other than completely empty 
 (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail 
-From None even if HELO is Pass).  
+From None even if HELO is Pass).
+
+The policy server skips SPF checks for connections from the localhost (127.) and
+instead prepends and logs 'SPF skipped - localhost is always allowed.'

 Error conditions within the policy server (that don't result in a crash) or from 
 Mail::SPF will return DUNNO.  
--- a/debian/postfix-policyd-spf-perl.8
+++ b/debian/postfix-policyd-spf-perl.8
@ -168,6 +168,9 @@ headers will get appended.  If Mail From is anything other than completely empty
 (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail 
 From None even if HELO is Pass).  

+The policy server skips SPF checks for connections from the localhost (127.) and
+instead prepends and logs 'SPF skipped - localhost is always allowed.'
+
 Error conditions within the policy server (that don't result in a crash) or from 
 Mail::SPF will return DUNNO.  

--- a/35
+++ b/35
@ -43,7 +43,7 @@ my @HANDLERS = (
    }
 );

-my $VERBOSE = 1;
+my $VERBOSE = 0;

 my $DEFAULT_RESPONSE = 'DUNNO';

@ -113,24 +113,31 @@ while (<STDIN>) {
    
    my $action = $DEFAULT_RESPONSE;
    my %responses;
-    foreach my $handler (@HANDLERS) {
-        my $handler_name = $handler->{name};
-        my $handler_code = $handler->{code};
+    # Skip SPF check for local connections
+
+    if ($attr{client_address}=~ /^127\./) {
+        $action = "PREPEND SPF skipped - localhost is always allowed."
+    }
+    else {
+        foreach my $handler (@HANDLERS) {
+            my $handler_name = $handler->{name};
+            my $handler_code = $handler->{code};
        
-        my $response = $handler_code->(attr => \%attr);
+            my $response = $handler_code->(attr => \%attr);
        
-        if ($VERBOSE) {
-            syslog(debug => "handler %s: %s", $handler_name, $response);
-        }
+            if ($VERBOSE) {
+                syslog(debug => "handler %s: %s", $handler_name, $response);
+            }
        
-        # Picks whatever response is not dunno
-        if ($response and $response !~ /^dunno/i) {
-            syslog(info => "handler %s: is decisive.", $handler_name);
-            $action = $response;
-            last;
+            # Picks whatever response is not dunno
+            if ($response and $response !~ /^dunno/i) {
+                syslog(info => "handler %s: is decisive.", $handler_name);
+                $action = $response;
+                last;
+            }
        }
    }
-    
+
    syslog(info => "%s: Policy action=%s", $attr{queue_id}, $action);

    STDOUT->print("action=$action\n\n");