* Skip SPF checks for local (127.) connections

* TODO skip localhost for IPv6.

CHANGES

@@ -4,8 +4,9 @@
 #   ! = Changed something significant, or removed a feature
 #   * = Fixed a bug, or made a minor improvement
 
---- 2.000 (2007-02-06 16:00)
+--- 2.000 (2007-02-07 16:00)
   * Change reject reply to 550 for RFC 2821 compliance.
+  * Skip SPF checks for local (127.) connections
   * Clarified wording for some verbose logging.
   * Added more information about HELO checking to README.
 

README

@@ -24,7 +24,10 @@ If the message is not rejected or deferred, the policy server will PREPEND the
 appropriate SPF Received header.  In the case of multi-recipient mail, multiple 
 headers will get appended.  If Mail From is anything other than completely empty 
 (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail 
-From None even if HELO is Pass).  
+From None even if HELO is Pass).
+
+The policy server skips SPF checks for connections from the localhost (127.) and
+instead prepends and logs 'SPF skipped - localhost is always allowed.'
 
 Error conditions within the policy server (that don't result in a crash) or from 
 Mail::SPF will return DUNNO.  

debian/postfix-policyd-spf-perl.8

@@ -168,6 +168,9 @@ headers will get appended.  If Mail From is anything other than completely empty
 (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail 
 From None even if HELO is Pass).  
 
+The policy server skips SPF checks for connections from the localhost (127.) and
+instead prepends and logs 'SPF skipped - localhost is always allowed.'
+
 Error conditions within the policy server (that don't result in a crash) or from 
 Mail::SPF will return DUNNO.  
 

postfix-policyd-spf-perl

@@ -43,7 +43,7 @@ my @HANDLERS = (
     }
 );
 
-my $VERBOSE = 1;
+my $VERBOSE = 0;
 
 my $DEFAULT_RESPONSE = 'DUNNO';
 
@@ -113,24 +113,31 @@ while (<STDIN>) {
     
     my $action = $DEFAULT_RESPONSE;
     my %responses;
-    foreach my $handler (@HANDLERS) {
+    # Skip SPF check for local connections
-        my $handler_name = $handler->{name};
+
-        my $handler_code = $handler->{code};
+    if ($attr{client_address}=~ /^127\./) {
+        $action = "PREPEND SPF skipped - localhost is always allowed."
+    }
+    else {
+        foreach my $handler (@HANDLERS) {
+            my $handler_name = $handler->{name};
+            my $handler_code = $handler->{code};
         
-        my $response = $handler_code->(attr => \%attr);
+            my $response = $handler_code->(attr => \%attr);
         
-        if ($VERBOSE) {
+            if ($VERBOSE) {
-            syslog(debug => "handler %s: %s", $handler_name, $response);
+                syslog(debug => "handler %s: %s", $handler_name, $response);
-        }
+            }
         
-        # Picks whatever response is not dunno
+            # Picks whatever response is not dunno
-        if ($response and $response !~ /^dunno/i) {
+            if ($response and $response !~ /^dunno/i) {
-            syslog(info => "handler %s: is decisive.", $handler_name);
+                syslog(info => "handler %s: is decisive.", $handler_name);
-            $action = $response;
+                $action = $response;
-            last;
+                last;
+            }
         }
     }
-    
+
     syslog(info => "%s: Policy action=%s", $attr{queue_id}, $action);
 
     STDOUT->print("action=$action\n\n");