postfix-policyd-spf-perl/trunk/postfix-policyd-spf
* Version 1.06.
This commit is contained in:
Julian Mehnle
parent
2cba66720b
commit
5e0cd7d9a0
1 changed files with 27 additions and 33 deletions
|
|
@ -1,26 +1,25 @@
|
||||||
#!/usr/bin/perl
|
#!/usr/bin/perl
|
||||||
|
|
||||||
# mengwong@pobox.com
|
|
||||||
# Wed Dec 10 03:52:04 EST 2003
|
|
||||||
# postfix-policyd-spf
|
# postfix-policyd-spf
|
||||||
# version 1.05
|
# http://www.openspf.org
|
||||||
# see http://spf.pobox.com/
|
# version 1.06
|
||||||
|
# $Id$
|
||||||
|
|
||||||
use Fcntl;
|
use Fcntl;
|
||||||
use Sys::Syslog qw(:DEFAULT setlogsock);
|
use Sys::Syslog qw(:DEFAULT setlogsock);
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# configuration
|
# configuration
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
|
|
||||||
# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://spf.pobox.com/downloads.html
|
# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://www.openspf.org/downloads.html
|
||||||
|
|
||||||
my @HANDLERS;
|
my @HANDLERS;
|
||||||
push @HANDLERS, "testing";
|
push @HANDLERS, "testing";
|
||||||
push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
|
push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
|
||||||
|
|
||||||
my $VERBOSE = 1;
|
my $VERBOSE = 0;
|
||||||
|
|
||||||
my $DEFAULT_RESPONSE = "DUNNO";
|
my $DEFAULT_RESPONSE = "DUNNO";
|
||||||
|
|
||||||
|
|
@ -37,7 +36,7 @@ my $syslog_priority = "info";
|
||||||
my $syslog_ident = "postfix/policy-spf";
|
my $syslog_ident = "postfix/policy-spf";
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# minimal documentation
|
# minimal documentation
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
@ -70,10 +69,10 @@ my $syslog_ident = "postfix/policy-spf";
|
||||||
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
|
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
|
||||||
#
|
#
|
||||||
# smtpd_recipient_restrictions =
|
# smtpd_recipient_restrictions =
|
||||||
# ...
|
# ...
|
||||||
# reject_unauth_destination
|
# reject_unauth_destination
|
||||||
# check_policy_service unix:private/policy
|
# check_policy_service unix:private/policy
|
||||||
# ...
|
# ...
|
||||||
#
|
#
|
||||||
# NOTE: specify check_policy_service AFTER reject_unauth_destination
|
# NOTE: specify check_policy_service AFTER reject_unauth_destination
|
||||||
# or else your system can become an open relay.
|
# or else your system can become an open relay.
|
||||||
|
|
@ -114,7 +113,7 @@ my $syslog_ident = "postfix/policy-spf";
|
||||||
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
|
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# initialization
|
# initialization
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
@ -140,7 +139,7 @@ setlogsock $syslog_socktype;
|
||||||
openlog $syslog_ident, $syslog_options, $syslog_facility;
|
openlog $syslog_ident, $syslog_options, $syslog_facility;
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# main
|
# main
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
@ -179,36 +178,32 @@ while (<STDIN>) {
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# plugin: SPF
|
# plugin: SPF
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
sub sender_permitted_from {
|
sub sender_permitted_from {
|
||||||
local %_ = @_;
|
local %_ = @_;
|
||||||
my %attr = %{ $_{attr} };
|
my %attr = %{ $_{attr} };
|
||||||
|
|
||||||
my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
|
my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
|
||||||
sender=>$attr{sender},
|
sender=>$attr{sender},
|
||||||
helo =>$attr{helo_name}) };
|
helo =>$attr{helo_name}) };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
syslog(info=>"%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
|
syslog(info=>"%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
|
||||||
$attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
|
$attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
|
||||||
return "DUNNO";
|
return "DUNNO";
|
||||||
}
|
}
|
||||||
my ($result, $smtp_comment, $header_comment) = $query->result();
|
my ($result, $smtp_comment, $header_comment) = $query->result();
|
||||||
|
|
||||||
syslog(info=>"%s: SPF %s: smtp_comment=%s, header_comment=%s",
|
syslog(info=>"%s: SPF %s: smtp_comment=%s, header_comment=%s",
|
||||||
$attr{queue_id}, $result, $smtp_comment, $header_comment);
|
$attr{queue_id}, $result, $smtp_comment, $header_comment);
|
||||||
|
|
||||||
if ($result eq "pass") { return "DUNNO"; }
|
if ($result eq "fail") { return "REJECT $smtp_comment"; }
|
||||||
elsif ($result eq "fail") { return "REJECT " . ($smtp_comment || $header_comment); }
|
elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; }
|
||||||
elsif ($result eq "error") { return "450 temporary failure: $smtp_comment"; }
|
else { return "PREPEND Received-SPF: $result ($header_comment)"; }
|
||||||
else { return "DUNNO"; }
|
|
||||||
# unknown, softfail, neutral and none all return DUNNO
|
|
||||||
|
|
||||||
# TODO XXX: prepend Received-SPF header. Wietse says he will add that functionality soon.
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
# plugin: testing
|
# plugin: testing
|
||||||
# ----------------------------------------------------------
|
# ----------------------------------------------------------
|
||||||
sub testing {
|
sub testing {
|
||||||
local %_ = @_;
|
local %_ = @_;
|
||||||
|
|
@ -220,15 +215,15 @@ sub testing {
|
||||||
$attr{recipient} =~ /policyblock/) {
|
$attr{recipient} =~ /policyblock/) {
|
||||||
|
|
||||||
syslog(info=>"%s: testing: will block as requested",
|
syslog(info=>"%s: testing: will block as requested",
|
||||||
$attr{queue_id});
|
$attr{queue_id});
|
||||||
return "REJECT smtpd-policy blocking $attr{recipient}";
|
return "REJECT smtpd-policy blocking $attr{recipient}";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
syslog(info=>"%s: testing: stripped sender=%s, stripped rcpt=%s",
|
syslog(info=>"%s: testing: stripped sender=%s, stripped rcpt=%s",
|
||||||
$attr{queue_id},
|
$attr{queue_id},
|
||||||
address_stripped($attr{sender}),
|
address_stripped($attr{sender}),
|
||||||
address_stripped($attr{recipient}),
|
address_stripped($attr{recipient}),
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
return "DUNNO";
|
return "DUNNO";
|
||||||
|
|
@ -242,4 +237,3 @@ sub address_stripped {
|
||||||
}
|
}
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue