happyDomain/postfix-policyd-spf-perl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Change reject reply to 550 for RFC 2821 complianse.

Browse source 
* Clarified wording for some verbose logging.
  * Added more information about HELO checking to README
This commit is contained in:
Scott Kitterman 2007-02-06 18:18:42 +00:00
commit f876c707b9
4 changed files with 60 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -5,13 +5,16 @@
# * = Fixed a bug, or made a minor improvement # * = Fixed a bug, or made a minor improvement
--- 2.000 (2007-02-06 16:00) --- 2.000 (2007-02-06 16:00)
* Updated version for final release. * Change reject reply to 550 for RFC 2821 complianse.
* Clarified wording for some verbose logging.
* Added more information about HELO checking to README.
--- 1.990 (2007-02-03 16:00) --- 1.990 (2007-02-03 16:00)
postfix-policyd-spf-perl: postfix-policyd-spf-perl:
! Changed from Mail::SPF::Query to Mail::SPF for RFC 4408 compliance ! Changed from Mail::SPF::Query to Mail::SPF for RFC 4408 compliance
! Removed Testing handler (usage was undocumented). ! Removed Testing handler (usage was undocumented).
! Removed debian/ dir from release tarball (still provided via SVN).
* Simplified logging. Policy server is less chatty. Logs are clearer. * Simplified logging. Policy server is less chatty. Logs are clearer.
--- 1.08.1 (2007-01-10 21:00) --- 1.08.1 (2007-01-10 21:00)

37
README
View file

@ -1,8 +1,8 @@
postfix-policyd-spf-perl 1.990 postfix-policyd-spf-perl 2.000
A Postfix SMTPd policy server for SPF checking A Postfix SMTPd policy server for SPF checking
(C) 2007 Scott Kitterman <scott@kitterman.com> (C) 2007 Scott Kitterman <scott@kitterman.com>
2003-2004 Meng Weng Wong <mengwong@pobox.com> 2003-2004 Meng Weng Wong <mengwong@pobox.com>
Contributions by various members of the SPF project Thanks for contributions by various members of the SPF project
<http://www.openspf.org/Software#postfix-policyd-spf-perl> <http://www.openspf.org/Software#postfix-policyd-spf-perl>
============================================================================== ==============================================================================
@ -13,15 +13,23 @@ RFC 4408. It shares no code with the older Mail::SPF::Query that was the
original SPF development implementation. If you are upgrading from on older original SPF development implementation. If you are upgrading from on older
version of this policy server you will need to install Mail::SPF. version of this policy server you will need to install Mail::SPF.
This version of the policy server will reject mail that fails either Mail From This version of the policy server always checks HELO before Mail From (older
or HELO SPF checks. It always checks HELO (older versions just checked HELO if versions just checked HELO if Mail From was null). It will reject mail that
Mail From was null). It will defer mail if there is a temporary SPF error and fails either Mail From or HELO SPF checks. It will defer mail if there is a
the message would othersise be permitted (DEFER_IF_PERMIT). Otherwise, it will temporary SPF error and the message would othersise be permitted
PREPEND the appropriate SPF Received header. In the case of multi-recipient (DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
mail, multiple headers will get appended. Error conditions within the policy will not be checked.
server (that don't result in a crash) or from Mail::SPF will return DUNNO.
See INSTALL or README.Debian for installation instructions. If the message is not rejected or deferred, the policy server will PREPEND the
appropriate SPF Received header. In the case of multi-recipient mail, multiple
headers will get appended. If Mail From is anything other than completely empty
(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail
From None even if HELO is Pass).
Error conditions within the policy server (that don't result in a crash) or from
Mail::SPF will return DUNNO.
See INSTALL for installation instructions.
Usage: Usage:
policyd-spf-perl [-v] policyd-spf-perl [-v]
@ -66,7 +74,14 @@ uses only a few of all the attributes shown below:
The policy daemon will answer in the same style, with an attribute list The policy daemon will answer in the same style, with an attribute list
followed by a empty line: followed by a empty line:
action=dunno action=550 Please see http://www.openspf.org/Why?id=foo@bar.tld&ip=1.2.3.4&
receiver=bar@foo.tld
[empty line]
To test HELO checking sender should be empty:
sender=
... More attributes...
[empty line] [empty line]
If you want more detail in the system logs change $VERBOSE to 1. If you want more detail in the system logs change $VERBOSE to 1.

35
debian/postfix-policyd-spf-perl.8 vendored
View file

@ -152,15 +152,24 @@ postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking.
It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that
Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC, Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC,
RFC 4408. It shares no code with the older Mail::SPF::Query that was the RFC 4408. It shares no code with the older Mail::SPF::Query that was the
original SPF development implementation. original SPF development implementation. If you are upgrading from on older
version of this policy server you will need to install Mail::SPF.
This version of the policy server will reject mail that fails either Mail From This version of the policy server always checks HELO before Mail From (older
or HELO SPF checks. It always checks HELO (older versions just checked HELO if versions just checked HELO if Mail From was null). It will reject mail that
Mail From was null). It will defer mail if there is a temporary SPF error and fails either Mail From or HELO SPF checks. It will defer mail if there is a
the message would othersise be permitted (DEFER_IF_PERMIT). Otherwise, it will temporary SPF error and the message would othersise be permitted
PREPEND the appropriate SPF Received header. In the case of multi-recipient (DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
mail, multiple headers will get appended. Error conditions within the policy will not be checked.
server (that don't result in a crash) or from Mail::SPF will return DUNNO.
If the message is not rejected or deferred, the policy server will PREPEND the
appropriate SPF Received header. In the case of multi-recipient mail, multiple
headers will get appended. If Mail From is anything other than completely empty
(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail
From None even if HELO is Pass).
Error conditions within the policy server (that don't result in a crash) or from
Mail::SPF will return DUNNO.
.SH "DESCRIPTION" .SH "DESCRIPTION"
.IX Header "DESCRIPTION" .IX Header "DESCRIPTION"
@ -203,7 +212,14 @@ uses only a few of all the attributes shown below:
The policy daemon will answer in the same style, with an attribute list The policy daemon will answer in the same style, with an attribute list
followed by a empty line: followed by a empty line:
action=dunno action=550 Please see http://www.openspf.org/Why?id=foo@bar.tld&ip=1.2.3.4&
receiver=bar@foo.tld
[empty line]
To test HELO checking sender should be empty:
sender=
... More attributes...
[empty line] [empty line]
If you want more detail in the system logs change $VERBOSE to 1. If you want more detail in the system logs change $VERBOSE to 1.
@ -228,7 +244,6 @@ If you want more detail in the system logs change $VERBOSE to 1.
NOTE: Specify check_policy_service AFTER reject_unauth_destination or NOTE: Specify check_policy_service AFTER reject_unauth_destination or
else your system can become an open relay. else your system can become an open relay.
3. Restart Postfix. 3. Restart Postfix.
.SH "SEE ALSO" .SH "SEE ALSO"

10
postfix-policyd-spf-perl
View file

@ -43,7 +43,7 @@ my @HANDLERS = (
} }
); );
my $VERBOSE = 0; my $VERBOSE = 1;
my $DEFAULT_RESPONSE = 'DUNNO'; my $DEFAULT_RESPONSE = 'DUNNO';
@ -159,7 +159,7 @@ sub sender_policy_framework {
my $errmsg = $@; my $errmsg = $@;
$errmsg = $errmsg->text if UNIVERSAL::isa($@, 'Mail::SPF::Exception'); $errmsg = $errmsg->text if UNIVERSAL::isa($@, 'Mail::SPF::Exception');
syslog( syslog(
info => "%s: Mail::SPF->new(%s, %s, %s) failed: %s", info => "%s:HELO check failed - Mail::SPF->new(%s, %s, %s) failed: %s",
$attr->{queue_id}, $attr->{client_address}, $attr->{sender}, $attr->{helo_name}, $errmsg $attr->{queue_id}, $attr->{client_address}, $attr->{sender}, $attr->{helo_name}, $errmsg
); );
return "DUNNO"; return "DUNNO";
@ -183,7 +183,7 @@ sub sender_policy_framework {
# Reject on HELO fail. Defer on HELO temperror if message would otherwise # Reject on HELO fail. Defer on HELO temperror if message would otherwise
# be accepted. Use the HELO result and return for null sender. # be accepted. Use the HELO result and return for null sender.
if ($helo_result->is_code('fail')) { if ($helo_result->is_code('fail')) {
return "REJECT $helo_authority_exp"; return "550 $helo_authority_exp";
} }
elsif ($helo_result->is_code('temperror')) { elsif ($helo_result->is_code('temperror')) {
return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp"; return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
@ -207,7 +207,7 @@ sub sender_policy_framework {
my $errmsg = $@; my $errmsg = $@;
$errmsg = $errmsg->text if UNIVERSAL::isa($@, 'Mail::SPF::Exception'); $errmsg = $errmsg->text if UNIVERSAL::isa($@, 'Mail::SPF::Exception');
syslog( syslog(
info => "%s: Mail::SPF->new(%s, %s, %s) failed: %s", info => "%s: Mail From (sender) check failed - Mail::SPF->new(%s, %s, %s) failed: %s",
$attr->{queue_id}, $attr->{client_address}, $attr->{sender}, $attr->{helo_name}, $errmsg $attr->{queue_id}, $attr->{client_address}, $attr->{sender}, $attr->{helo_name}, $errmsg
); );
return "DUNNO"; return "DUNNO";
@ -231,7 +231,7 @@ sub sender_policy_framework {
# Same approach as HELO.... # Same approach as HELO....
if ($mfrom_result->is_code('fail')) { if ($mfrom_result->is_code('fail')) {
return "REJECT $mfrom_authority_exp"; return "550 $mfrom_authority_exp";
} }
elsif ($mfrom_result->is_code('temperror')) { elsif ($mfrom_result->is_code('temperror')) {
return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp"; return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp";