diff --git a/postfix-policyd-spf-perl b/postfix-policyd-spf-perl index 322111e..29d5f3f 100755 --- a/postfix-policyd-spf-perl +++ b/postfix-policyd-spf-perl @@ -348,8 +348,8 @@ sub sender_policy_framework { ); }; - # Prepend header on HELO fail instead of rejecting. - # Use the HELO result and return for null sender. + # Reject on HELO fail. Defer on HELO temperror if message would otherwise + # be accepted. Use the HELO result and return for null sender. if ($helo_result->is_code('fail')) { if ($VERBOSE) { syslog( @@ -358,8 +358,7 @@ sub sender_policy_framework { $attr->{helo_name} || '' ); }; - return "PREPEND $helo_spf_header" - unless $cache->{added_spf_header}++; + return "550 $helo_authority_exp"; } elsif ($helo_result->is_code('temperror')) { if ($VERBOSE) { @@ -369,8 +368,7 @@ sub sender_policy_framework { $attr->{helo_name} || '' ); }; - return "PREPEND $helo_spf_header" - unless $cache->{added_spf_header}++; + return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp"; } elsif ($attr->{sender} eq '') { if ($VERBOSE) { @@ -444,12 +442,10 @@ sub sender_policy_framework { ); }; if ($mfrom_result->is_code('fail')) { - return "PREPEND $mfrom_spf_header" - unless $cache->{added_spf_header}++; + return "550 $mfrom_authority_exp"; } elsif ($mfrom_result->is_code('temperror')) { - return "PREPEND $mfrom_spf_header" - unless $cache->{added_spf_header}++; + return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp"; } else { return "PREPEND $mfrom_spf_header" diff --git a/postfix-policyd-spf-perl.in b/postfix-policyd-spf-perl.in index a626c89..83dbf78 100644 --- a/postfix-policyd-spf-perl.in +++ b/postfix-policyd-spf-perl.in @@ -348,8 +348,8 @@ sub sender_policy_framework { ); }; - # Prepend header on HELO fail instead of rejecting. - # Use the HELO result and return for null sender. + # Reject on HELO fail. Defer on HELO temperror if message would otherwise + # be accepted. Use the HELO result and return for null sender. if ($helo_result->is_code('fail')) { if ($VERBOSE) { syslog( @@ -358,8 +358,7 @@ sub sender_policy_framework { $attr->{helo_name} || '' ); }; - return "PREPEND $helo_spf_header" - unless $cache->{added_spf_header}++; + return "550 $helo_authority_exp"; } elsif ($helo_result->is_code('temperror')) { if ($VERBOSE) { @@ -369,8 +368,7 @@ sub sender_policy_framework { $attr->{helo_name} || '' ); }; - return "PREPEND $helo_spf_header" - unless $cache->{added_spf_header}++; + return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp"; } elsif ($attr->{sender} eq '') { if ($VERBOSE) { @@ -444,12 +442,10 @@ sub sender_policy_framework { ); }; if ($mfrom_result->is_code('fail')) { - return "PREPEND $mfrom_spf_header" - unless $cache->{added_spf_header}++; + return "550 $mfrom_authority_exp"; } elsif ($mfrom_result->is_code('temperror')) { - return "PREPEND $mfrom_spf_header" - unless $cache->{added_spf_header}++; + return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp"; } else { return "PREPEND $mfrom_spf_header"