diff --git a/CHANGES b/CHANGES index 33f5fff..cd9e420 100644 --- a/CHANGES +++ b/CHANGES @@ -4,13 +4,14 @@ # ! = Changed something significant, or removed a feature # * = Fixed a bug, or made a minor improvement ---- UNRELEASED (2007-04-30 19:03) +--- 2.005 (2007-12-14 23:29 -0500) * Decreased timeout for DNS queries via UDP to 10s from Net::DNS::Resolver's default of 40s (by doing only 1 retransmission rather than 3 after a query fails). Until Mail::SPF provides an explicit option for this, we just create our own resolver object and make Mail::SPF use that. * Adjust master.cf recommendations in INSTALL for new recommendations from Wietse Venema (postfix-users mailing list). + * Other minor documentation cleanup --- 2.004 (2007-04-18 15:36) * Fix header text to work with Postfix (access 5 requirements). diff --git a/INSTALL b/INSTALL index c334fd0..e1277ac 100644 --- a/INSTALL +++ b/INSTALL @@ -30,5 +30,7 @@ Installing NOTE: Specify check_policy_service AFTER reject_unauth_destination or else your system can become an open relay. - 4. Restart Postfix. + 4. Add "policy_time_limit = 3600" to main.cf + + 5. Restart Postfix. diff --git a/README b/README index 568c1cb..c6f11e5 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ -postfix-policyd-spf-perl 2.003 +postfix-policyd-spf-perl 2.005 A Postfix SMTPd policy server for SPF checking -(C) 2007 Scott Kitterman and Julian Mehnle +(C) 2007 Scott Kitterman and Julian Mehnle (C) 2003-2004 Meng Weng Wong Thanks for contributions by various members of the SPF project @@ -10,31 +10,31 @@ Thanks for contributions by various members of the SPF project postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking. It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC, -RFC 4408. It shares no code with the older Mail::SPF::Query that was the -original SPF development implementation. If you are upgrading from on older +RFC 4408. It shares no code with the older Mail::SPF::Query that was the +original SPF development implementation. If you are upgrading from on older version of this policy server you will need to install Mail::SPF. -This version of the policy server always checks HELO before Mail From (older -versions just checked HELO if Mail From was null). It will reject mail that -fails either Mail From or HELO SPF checks. It will defer mail if there is a +This version of the policy server always checks HELO before Mail From (older +versions just checked HELO if Mail From was null). It will reject mail that +fails either Mail From or HELO SPF checks. It will defer mail if there is a temporary SPF error and the message would othersise be permitted (DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From will not be checked. -If the message is not rejected or deferred, the policy server will PREPEND the +If the message is not rejected or deferred, the policy server will PREPEND the appropriate SPF Received header. If Mail From is anything other than completely empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail From None even if HELO is Pass). The policy server skips SPF checks for connections from the localhost (127.) and -instead prepends and logs 'SPF skipped - localhost is always allowed.' If you -have relays that you want to skip SPF checks for, you can add them to +instead prepends and logs 'SPF skipped - localhost is always allowed.' If you +have relays that you want to skip SPF checks for, you can add them to relay_addresses on line 78 using standard CIDR notation in a space separated list. For these addresses, 'X-Comment: SPF skipped for whitelisted relay' is prepended and logged. -Error conditions within the policy server (that don't result in a crash) or from -Mail::SPF will return DUNNO. +Error conditions within the policy server (that don't result in a crash) or from +Mail::SPF will return DUNNO. See INSTALL for installation instructions. diff --git a/test_cases b/test_cases index 9a1442e..ccd0553 100644 --- a/test_cases +++ b/test_cases @@ -19,7 +19,7 @@ instance=2 #no HELO and mfrom pass request=smtpd_access_policy client_address=72.81.252.18 -helo_name=mailout03.controlledmail.com +helo_name=72.81.252.18 sender=scott@kitterman.com recipient=bogus@kitterman.org queue_id=q1234 @@ -127,8 +127,21 @@ instance=15 # Permerror reject request=smtpd_access_policy client_address=72.81.252.18 -helo_name=mailout00.yahoo.com +helo_name=elvey.com sender=scott@elvey.com recipient=bogus2@kitterman.org queue_id=q1234 instance=16 + +# None and None +request=smtpd_access_policy +client_address=71.17.127.27 +helo_name=71-17-127-27.estv.hsdb.sasknet.sk.ca +sender=dalbecbhoj@accessamericatransport.com +recipient=hostmaster@jamux.com + +request=smtpd_access_policy +client_address=200.120.31.84 +helo_name=autohaus-knabe.de +sender=daniel.hahnomjy@autohaus-knabe.de +recipient=jam@jamux.com \ No newline at end of file