! Only prepend a single SPF Received header for multi-recipient mail.
This commit is contained in:
Scott Kitterman
parent
871b66f596
commit
0f355dacc2
4 changed files with 24 additions and 15 deletions
3
CHANGES
3
CHANGES
|
|
@ -4,6 +4,9 @@
|
||||||
# ! = Changed something significant, or removed a feature
|
# ! = Changed something significant, or removed a feature
|
||||||
# * = Fixed a bug, or made a minor improvement
|
# * = Fixed a bug, or made a minor improvement
|
||||||
|
|
||||||
|
--- 2.002 (2007-02-19 14:35)
|
||||||
|
! Only prepend SPF received header once for multi-recipient mail.
|
||||||
|
|
||||||
--- 2.001 (2007-02-08 00:36)
|
--- 2.001 (2007-02-08 00:36)
|
||||||
* Safer check for local connections.
|
* Safer check for local connections.
|
||||||
|
|
||||||
|
|
|
||||||
9
README
9
README
|
|
@ -1,4 +1,4 @@
|
||||||
postfix-policyd-spf-perl 2.001
|
postfix-policyd-spf-perl 2.002
|
||||||
A Postfix SMTPd policy server for SPF checking
|
A Postfix SMTPd policy server for SPF checking
|
||||||
(C) 2007 Scott Kitterman <scott@kitterman.com>
|
(C) 2007 Scott Kitterman <scott@kitterman.com>
|
||||||
2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
||||||
|
|
@ -21,10 +21,9 @@ temporary SPF error and the message would othersise be permitted
|
||||||
will not be checked.
|
will not be checked.
|
||||||
|
|
||||||
If the message is not rejected or deferred, the policy server will PREPEND the
|
If the message is not rejected or deferred, the policy server will PREPEND the
|
||||||
appropriate SPF Received header. In the case of multi-recipient mail, multiple
|
appropriate SPF Received header. If Mail From is anything other than completely
|
||||||
headers will get appended. If Mail From is anything other than completely empty
|
empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g.
|
||||||
(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail
|
Mail From None even if HELO is Pass).
|
||||||
From None even if HELO is Pass).
|
|
||||||
|
|
||||||
The policy server skips SPF checks for connections from the localhost (127.) and
|
The policy server skips SPF checks for connections from the localhost (127.) and
|
||||||
instead prepends and logs 'SPF skipped - localhost is always allowed.'
|
instead prepends and logs 'SPF skipped - localhost is always allowed.'
|
||||||
|
|
|
||||||
12
debian/postfix-policyd-spf-perl.8
vendored
12
debian/postfix-policyd-spf-perl.8
vendored
|
|
@ -128,12 +128,12 @@
|
||||||
.\" ========================================================================
|
.\" ========================================================================
|
||||||
.\"
|
.\"
|
||||||
.IX Title "postfix-policyd-spf-perl 1p"
|
.IX Title "postfix-policyd-spf-perl 1p"
|
||||||
.TH postfix-policyd-spf-perl 8p "2007-01-11"
|
.TH postfix-policyd-spf-perl 8p "2007-02-19"
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
postfix-policyd-spf-perl \- pure-Perl Postfix policy daemon for SPF checking
|
postfix-policyd-spf-perl \- pure-Perl Postfix policy daemon for SPF checking
|
||||||
.SH "VERSION"
|
.SH "VERSION"
|
||||||
.IX Header "VERSION"
|
.IX Header "VERSION"
|
||||||
2\.001
|
2\.002
|
||||||
|
|
||||||
.SH "USAGE"
|
.SH "USAGE"
|
||||||
.IX Header "USAGE"
|
.IX Header "USAGE"
|
||||||
|
|
@ -163,10 +163,9 @@ temporary SPF error and the message would othersise be permitted
|
||||||
will not be checked.
|
will not be checked.
|
||||||
|
|
||||||
If the message is not rejected or deferred, the policy server will PREPEND the
|
If the message is not rejected or deferred, the policy server will PREPEND the
|
||||||
appropriate SPF Received header. In the case of multi-recipient mail, multiple
|
appropriate SPF Received header. If Mail From is anything other than completely
|
||||||
headers will get appended. If Mail From is anything other than completely empty
|
empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g.
|
||||||
(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail
|
Mail From None even if HELO is Pass).
|
||||||
From None even if HELO is Pass).
|
|
||||||
|
|
||||||
The policy server skips SPF checks for connections from the localhost (127.) and
|
The policy server skips SPF checks for connections from the localhost (127.) and
|
||||||
instead prepends and logs 'SPF skipped - localhost is always allowed.'
|
instead prepends and logs 'SPF skipped - localhost is always allowed.'
|
||||||
|
|
@ -206,6 +205,7 @@ uses only a few of all the attributes shown below:
|
||||||
protocol_name=SMTP
|
protocol_name=SMTP
|
||||||
helo_name=some.domain.tld
|
helo_name=some.domain.tld
|
||||||
queue_id=8045F2AB23
|
queue_id=8045F2AB23
|
||||||
|
instance=12345.6789
|
||||||
sender=foo@bar.tld
|
sender=foo@bar.tld
|
||||||
recipient=bar@foo.tld
|
recipient=bar@foo.tld
|
||||||
client_address=1.2.3.4
|
client_address=1.2.3.4
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
# postfix-policyd-spf-perl
|
# postfix-policyd-spf-perl
|
||||||
# http://www.openspf.org/Software
|
# http://www.openspf.org/Software
|
||||||
# version 2.001
|
# version 2.002
|
||||||
#
|
#
|
||||||
#(C) 2007 Scott Kitterman <scott@kitterman.com>
|
#(C) 2007 Scott Kitterman <scott@kitterman.com>
|
||||||
#(C) 2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
#(C) 2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
||||||
|
|
@ -21,7 +21,7 @@
|
||||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
use version; our $VERSION = qv('2.001');
|
use version; our $VERSION = qv('2.002');
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
|
|
@ -51,6 +51,7 @@ my @HANDLERS = (
|
||||||
my $VERBOSE = 0;
|
my $VERBOSE = 0;
|
||||||
|
|
||||||
my $DEFAULT_RESPONSE = 'DUNNO';
|
my $DEFAULT_RESPONSE = 'DUNNO';
|
||||||
|
my $accepted = "UNDEF";
|
||||||
|
|
||||||
#
|
#
|
||||||
# Syslogging options for verbose mode and for fatal errors.
|
# Syslogging options for verbose mode and for fatal errors.
|
||||||
|
|
@ -120,7 +121,7 @@ while (<STDIN>) {
|
||||||
syslog(debug => "Attribute: %s=%s", $_, $attr{$_});
|
syslog(debug => "Attribute: %s=%s", $_, $attr{$_});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
my $instance = $attr{instance};
|
||||||
my $action = $DEFAULT_RESPONSE;
|
my $action = $DEFAULT_RESPONSE;
|
||||||
my %responses;
|
my %responses;
|
||||||
# Skip SPF check for local connections
|
# Skip SPF check for local connections
|
||||||
|
|
@ -130,7 +131,12 @@ while (<STDIN>) {
|
||||||
my $handler_code = $handler->{code};
|
my $handler_code = $handler->{code};
|
||||||
|
|
||||||
my $response = $handler_code->(attr => \%attr);
|
my $response = $handler_code->(attr => \%attr);
|
||||||
|
|
||||||
|
if($instance && $instance eq $accepted) {
|
||||||
|
$response = 'DUNNO';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if ($VERBOSE) {
|
if ($VERBOSE) {
|
||||||
syslog(debug => "handler %s: %s", $handler_name, $response);
|
syslog(debug => "handler %s: %s", $handler_name, $response);
|
||||||
}
|
}
|
||||||
|
|
@ -146,6 +152,7 @@ while (<STDIN>) {
|
||||||
syslog(info => "%s: Policy action=%s", $attr{queue_id}, $action);
|
syslog(info => "%s: Policy action=%s", $attr{queue_id}, $action);
|
||||||
|
|
||||||
STDOUT->print("action=$action\n\n");
|
STDOUT->print("action=$action\n\n");
|
||||||
|
$accepted = $instance;
|
||||||
%attr = ();
|
%attr = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue