[Mimedefang] SPF Check - was Re: md_check_against_smtp_server and md_graphdefang_log
kd6lvw at yahoo.com
kd6lvw at yahoo.com
Tue Mar 26 22:01:13 EDT 2013
--- On Tue, 3/26/13, James Curtis <jameswcurtis at hotmail.com> wrote:
> Thaks for all the info, the pros and cons. Most of them I knew, I'll
> probably be looking for info on how to get MIMEDefang to work with SPF
> later.
Here's what I use:
use Mail::SPF;
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if ($sender =~ /@([^>]+)/) {
my $domain = $1;
my @bogushosts = md_get_bogus_mx_hosts($domain);
my $i = scalar(@bogushosts);
return('REJECT',"Domain $domain has $i bogus MX record" .
(($i < 2)? '' : 's') .': '. join(' ', at bogushosts),'550','5.4.4')
if ($i);
} else {
$sender = "<postmaster\@$helo>" unless ($sender =~ /[^<>]+/);
}
return('CONTINUE',"OK - Localhost [$ip]",'250','2.4.0')
if ($ip =~ /^(::1|127\.0\.0\.1|UNKNOWN)$/i);
read_commands_file();
my $id = ($sender =~ /<(.+)>/) ? $1 : $sender;
my $spfserver = Mail::SPF::Server->new(max_void_dns_lookups => undef,
hostname => $SendmailMacros{'if_name'} );
my $spfrequest = Mail::SPF::Request->new(versions => [1], scope => 'mfrom',
identity => $id, ip_address => $ip, helo_identity => $helo);
my $r = $spfserver->process($spfrequest);
my $spfrec = $spfrequest->record;
my $result = $r->code;
my $text = $r->text;
my $local = $r->local_explanation;
my $auth = ($result eq 'fail') ? $r->authority_explanation : '';
my $label = ($sender eq "<>") ? 'helo' : 'mailfrom';
$result = 'policy' if ($result eq 'pass') &&
(($text =~ /Mechanism \'+?all\' matche[ds]/i) ||
(($text =~ /Mechanism \'.+\/(\d)\' matche[ds]/i) && ($1 < 8)));
$text = 'PTR-RR in same domain as sender mailbox'
if ($result eq 'none') && ($hostname =~ /^(?:[^.]+\.)*$domain$/i);
md_syslog('info',"SPF=$result From=<$id> ($text)");
action_insert_header('Authentication-Results', $SendmailMacros{'if_name'} .
"; SPF=$result smtp.$label=$1 ($local)", 1) if ($id =~ /@([^>]+)/);
return('CONTINUE','OK - Authenicated Client','250','2.7.0')
if ($SendmailMacros{'auth_authen'});
return('REJECT',"SPF Failure: $local. ($auth)",'550','5.7.7')
if ($result =~ /^(hard)?fail$/);
return('REJECT',"SPF Error: $local".($spfrec?" ($spfrec)":''),'550','5.7.8')
if ($result eq 'permerror');
return('REJECT',"Unacceptable SPF Result: $text",'550','5.7.9')
if ($result eq 'policy');
return('TEMPFAIL',"SPF Temp-Error: $local",'451','4.4.3')
if ($result eq 'temperror');
return('CONTINUE',"OK - SPF=$result ($local)");
}
More information about the MIMEDefang
mailing list