diff --git a/CHANGES b/CHANGES index 03d5375..ed5987e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ # ! = Changed something significant, or removed a feature # * = Fixed a bug, or made a minor improvement +--- 2.002 (2007-02-19 14:35) + ! Only prepend SPF received header once for multi-recipient mail. + --- 2.001 (2007-02-08 00:36) * Safer check for local connections. diff --git a/README b/README index 206fe1d..f3b3378 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -postfix-policyd-spf-perl 2.001 +postfix-policyd-spf-perl 2.002 A Postfix SMTPd policy server for SPF checking (C) 2007 Scott Kitterman 2003-2004 Meng Weng Wong @@ -21,10 +21,9 @@ temporary SPF error and the message would othersise be permitted will not be checked. If the message is not rejected or deferred, the policy server will PREPEND the -appropriate SPF Received header. In the case of multi-recipient mail, multiple -headers will get appended. If Mail From is anything other than completely empty -(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail -From None even if HELO is Pass). +appropriate SPF Received header. If Mail From is anything other than completely +empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g. +Mail From None even if HELO is Pass). The policy server skips SPF checks for connections from the localhost (127.) and instead prepends and logs 'SPF skipped - localhost is always allowed.' diff --git a/debian/postfix-policyd-spf-perl.8 b/debian/postfix-policyd-spf-perl.8 index e537a3a..89dd8ae 100644 --- a/debian/postfix-policyd-spf-perl.8 +++ b/debian/postfix-policyd-spf-perl.8 @@ -128,12 +128,12 @@ .\" ======================================================================== .\" .IX Title "postfix-policyd-spf-perl 1p" -.TH postfix-policyd-spf-perl 8p "2007-01-11" +.TH postfix-policyd-spf-perl 8p "2007-02-19" .SH "NAME" postfix-policyd-spf-perl \- pure-Perl Postfix policy daemon for SPF checking .SH "VERSION" .IX Header "VERSION" -2\.001 +2\.002 .SH "USAGE" .IX Header "USAGE" @@ -163,10 +163,9 @@ temporary SPF error and the message would othersise be permitted will not be checked. If the message is not rejected or deferred, the policy server will PREPEND the -appropriate SPF Received header. In the case of multi-recipient mail, multiple -headers will get appended. If Mail From is anything other than completely empty -(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail -From None even if HELO is Pass). +appropriate SPF Received header. If Mail From is anything other than completely +empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g. +Mail From None even if HELO is Pass). The policy server skips SPF checks for connections from the localhost (127.) and instead prepends and logs 'SPF skipped - localhost is always allowed.' @@ -206,6 +205,7 @@ uses only a few of all the attributes shown below: protocol_name=SMTP helo_name=some.domain.tld queue_id=8045F2AB23 + instance=12345.6789 sender=foo@bar.tld recipient=bar@foo.tld client_address=1.2.3.4 diff --git a/postfix-policyd-spf-perl b/postfix-policyd-spf-perl index 6dcadf2..5793ac9 100755 --- a/postfix-policyd-spf-perl +++ b/postfix-policyd-spf-perl @@ -2,7 +2,7 @@ # postfix-policyd-spf-perl # http://www.openspf.org/Software -# version 2.001 +# version 2.002 # #(C) 2007 Scott Kitterman #(C) 2003-2004 Meng Weng Wong @@ -21,7 +21,7 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -use version; our $VERSION = qv('2.001'); +use version; our $VERSION = qv('2.002'); use strict; @@ -51,6 +51,7 @@ my @HANDLERS = ( my $VERBOSE = 0; my $DEFAULT_RESPONSE = 'DUNNO'; +my $accepted = "UNDEF"; # # Syslogging options for verbose mode and for fatal errors. @@ -120,7 +121,7 @@ while () { syslog(debug => "Attribute: %s=%s", $_, $attr{$_}); } } - + my $instance = $attr{instance}; my $action = $DEFAULT_RESPONSE; my %responses; # Skip SPF check for local connections @@ -130,7 +131,12 @@ while () { my $handler_code = $handler->{code}; my $response = $handler_code->(attr => \%attr); - + + if($instance && $instance eq $accepted) { + $response = 'DUNNO'; + } + + if ($VERBOSE) { syslog(debug => "handler %s: %s", $handler_name, $response); } @@ -146,6 +152,7 @@ while () { syslog(info => "%s: Policy action=%s", $attr{queue_id}, $action); STDOUT->print("action=$action\n\n"); + $accepted = $instance; %attr = (); }