postfix-policyd-spf-perl/trunk/postfix-policyd-spf
* Version 1.06.
This commit is contained in:
Julian Mehnle
parent
2cba66720b
commit
5e0cd7d9a0
1 changed files with 27 additions and 33 deletions
|
|
@ -1,26 +1,25 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# mengwong@pobox.com
|
||||
# Wed Dec 10 03:52:04 EST 2003
|
||||
# postfix-policyd-spf
|
||||
# version 1.05
|
||||
# see http://spf.pobox.com/
|
||||
# http://www.openspf.org
|
||||
# version 1.06
|
||||
# $Id$
|
||||
|
||||
use Fcntl;
|
||||
use Sys::Syslog qw(:DEFAULT setlogsock);
|
||||
use strict;
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# configuration
|
||||
# configuration
|
||||
# ----------------------------------------------------------
|
||||
|
||||
# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://spf.pobox.com/downloads.html
|
||||
# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://www.openspf.org/downloads.html
|
||||
|
||||
my @HANDLERS;
|
||||
push @HANDLERS, "testing";
|
||||
push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
|
||||
|
||||
my $VERBOSE = 1;
|
||||
my $VERBOSE = 0;
|
||||
|
||||
my $DEFAULT_RESPONSE = "DUNNO";
|
||||
|
||||
|
|
@ -37,7 +36,7 @@ my $syslog_priority = "info";
|
|||
my $syslog_ident = "postfix/policy-spf";
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# minimal documentation
|
||||
# minimal documentation
|
||||
# ----------------------------------------------------------
|
||||
|
||||
#
|
||||
|
|
@ -70,10 +69,10 @@ my $syslog_ident = "postfix/policy-spf";
|
|||
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
|
||||
#
|
||||
# smtpd_recipient_restrictions =
|
||||
# ...
|
||||
# reject_unauth_destination
|
||||
# check_policy_service unix:private/policy
|
||||
# ...
|
||||
# ...
|
||||
# reject_unauth_destination
|
||||
# check_policy_service unix:private/policy
|
||||
# ...
|
||||
#
|
||||
# NOTE: specify check_policy_service AFTER reject_unauth_destination
|
||||
# or else your system can become an open relay.
|
||||
|
|
@ -114,7 +113,7 @@ my $syslog_ident = "postfix/policy-spf";
|
|||
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# initialization
|
||||
# initialization
|
||||
# ----------------------------------------------------------
|
||||
|
||||
#
|
||||
|
|
@ -140,7 +139,7 @@ setlogsock $syslog_socktype;
|
|||
openlog $syslog_ident, $syslog_options, $syslog_facility;
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# main
|
||||
# main
|
||||
# ----------------------------------------------------------
|
||||
|
||||
#
|
||||
|
|
@ -179,36 +178,32 @@ while (<STDIN>) {
|
|||
}
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# plugin: SPF
|
||||
# plugin: SPF
|
||||
# ----------------------------------------------------------
|
||||
sub sender_permitted_from {
|
||||
local %_ = @_;
|
||||
my %attr = %{ $_{attr} };
|
||||
|
||||
my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
|
||||
sender=>$attr{sender},
|
||||
helo =>$attr{helo_name}) };
|
||||
sender=>$attr{sender},
|
||||
helo =>$attr{helo_name}) };
|
||||
if ($@) {
|
||||
syslog(info=>"%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
|
||||
$attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
|
||||
$attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
|
||||
return "DUNNO";
|
||||
}
|
||||
my ($result, $smtp_comment, $header_comment) = $query->result();
|
||||
|
||||
syslog(info=>"%s: SPF %s: smtp_comment=%s, header_comment=%s",
|
||||
$attr{queue_id}, $result, $smtp_comment, $header_comment);
|
||||
$attr{queue_id}, $result, $smtp_comment, $header_comment);
|
||||
|
||||
if ($result eq "pass") { return "DUNNO"; }
|
||||
elsif ($result eq "fail") { return "REJECT " . ($smtp_comment || $header_comment); }
|
||||
elsif ($result eq "error") { return "450 temporary failure: $smtp_comment"; }
|
||||
else { return "DUNNO"; }
|
||||
# unknown, softfail, neutral and none all return DUNNO
|
||||
|
||||
# TODO XXX: prepend Received-SPF header. Wietse says he will add that functionality soon.
|
||||
if ($result eq "fail") { return "REJECT $smtp_comment"; }
|
||||
elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; }
|
||||
else { return "PREPEND Received-SPF: $result ($header_comment)"; }
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# plugin: testing
|
||||
# plugin: testing
|
||||
# ----------------------------------------------------------
|
||||
sub testing {
|
||||
local %_ = @_;
|
||||
|
|
@ -220,15 +215,15 @@ sub testing {
|
|||
$attr{recipient} =~ /policyblock/) {
|
||||
|
||||
syslog(info=>"%s: testing: will block as requested",
|
||||
$attr{queue_id});
|
||||
$attr{queue_id});
|
||||
return "REJECT smtpd-policy blocking $attr{recipient}";
|
||||
}
|
||||
else {
|
||||
syslog(info=>"%s: testing: stripped sender=%s, stripped rcpt=%s",
|
||||
$attr{queue_id},
|
||||
address_stripped($attr{sender}),
|
||||
address_stripped($attr{recipient}),
|
||||
);
|
||||
$attr{queue_id},
|
||||
address_stripped($attr{sender}),
|
||||
address_stripped($attr{recipient}),
|
||||
);
|
||||
|
||||
}
|
||||
return "DUNNO";
|
||||
|
|
@ -242,4 +237,3 @@ sub address_stripped {
|
|||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue