Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 109325 Details for
Bug 165604
Ebuild which adds SPF feature to Postfix
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Postfix SPF patch
postfix-2.3.2_libspf2-1.2.x-20060819.patch (text/plain), 24.39 KB, created by
Grzegorz Chwesewicz
on 2007-02-06 12:50:16 UTC
(
hide
)
Description:
Postfix SPF patch
Filename:
MIME Type:
Creator:
Grzegorz Chwesewicz
Created:
2007-02-06 12:50:16 UTC
Size:
24.39 KB
patch
obsolete
>diff -Pur postfix-2.3.2/README_FILES/SPF_README postfix-2.3.2_patched/README_FILES/SPF_README >--- postfix-2.3.2/README_FILES/SPF_README 1970-01-01 01:00:00.000000000 +0100 >+++ postfix-2.3.2_patched/README_FILES/SPF_README 2006-08-19 03:26:21.000000000 +0200 >@@ -0,0 +1,88 @@ >+Postfix SPF readme >+------------------- >+ >+SPF patch for libspf2 >= 1.2.0 by Nigel Kukard, partly based on work >+by Dean Strik's and Jef Poskanzer's spfmilter >+ >+Official site: http://www.linuxrulz.org/nkukard/postfix/ >+License: Secure Mailer License (Postfix License) >+ >+---- >+ >+This document describes how to configure Postfix to use SPF ("Sender >+Policy Framework") validation. It does not describe the function or >+design of SPF itself. Refer to one or more of the websites listed at >+the end of this text for more information. >+ >+The actual SPF validation is offloaded to a special library called >+libspf2. It is therefore necessary that you install libspf2 on your >+system. You can find libspf2 either in your usual package repository or >+at http://www.libspf2.org/. >+ >+To build Postfix, after installing libspf2, use something like: >+ >+ % make tidy >+ % make makefiles CCARGS="-I/usr/local/include -DHAVE_NS_TYPE" \ >+ AUXLIBS="-L/usr/local/lib -lspf2" >+ % make >+ >+-DHAVE_NS_TYPE is only needed if your system complains about ns_type >+conflicting. >+ >+The pathnames here are the default pathnames used by libspf2's >+installation procedure, which is not documented here. >+ >+SPF sender validation is implemented using a standard Postfix >+restriction, called "reject_spf_invalid_sender". This means that you >+can put this restriction in e.g. your smtpd_recipient_restrictions. >+For more information on how to do this, consult your Postfix >+documentation. >+ >+Postfix will by default add a mail header, Received-SPF:, to any mail >+passing the SPF validation. This information can be useful for the >+recipient of the message. You can disable this behaviour by setting >+'spf_received_header = no'. >+ >+By default, Postfix will reject mail with invalid sender credentials. >+You can however choose to prevent this from happening, and let the mail >+pass, by setting 'spf_mark_only = yes'. The Received-SPF: header >+(if enabled, see above) will show that the mail failed the test. >+ >+You can set the numerical SMTP response code when rejecting mails >+due to SPF rule violations by changing the value of the >+'spf_reject_code' variable (default: 550). >+ >+If a site does provide SPF DNS records yet no explanation, a generic >+explanation will be used, with a URL to visit for more information. >+You can override this generic explanation by setting the spf_explanation >+setting, e.g.: >+ >+ spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}" >+ >+See the SPF reference sites for information about the format used. >+ >+It is also possible to set a local policy using the spf_local_policy >+setting. Currently the format is not documented here. >+ >+There exists a global SPF whitelist on trusted-forwarder.org. You can >+enable use of this global whitelist by setting the variable >+'spf_global_whitelist = yes'. >+ >+---- >+ >+Bugs/problems/reports: the author of this patch, Nigel Kukard, can be >+contacted at <nkukard@lbsd.net>. If reporting a problem, please send >+the output of >+ postconf -d spf_patch_version spf_libspf2_version >+with your report. >+ >+Downloads and information with regard to this patch can be found at >+http://www.lbsd.net/~nkukard/postfix/ >+ >+Links: >+ http://www.ipnet6.org/postfix/spf/ - Original patch home >+ http://spf.pobox.com/ - SPF background >+ http://www.libspf2.org/ - LibSPF2 site >+ http://www.trusted-forwarder.org/ - Global whitelist >+ http://www.postfix.org/ - Postfix home page >+ >diff -Pur postfix-2.3.2/conf/postfix-files postfix-2.3.2_patched/conf/postfix-files >--- postfix-2.3.2/conf/postfix-files 2006-07-20 03:01:07.000000000 +0200 >+++ postfix-2.3.2_patched/conf/postfix-files 2006-08-19 03:26:21.000000000 +0200 >@@ -262,6 +262,7 @@ > $readme_directory/SMTPD_ACCESS_README:f:root:-:644 > $readme_directory/SMTPD_POLICY_README:f:root:-:644 > $readme_directory/SMTPD_PROXY_README:f:root:-:644 >+$readme_directory/SPF_README:f:root:-:644 > $readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644 > $readme_directory/TLS_README:f:root:-:644 > $readme_directory/TUNING_README:f:root:-:644 >diff -Pur postfix-2.3.2/src/global/mail_params.h postfix-2.3.2_patched/src/global/mail_params.h >--- postfix-2.3.2/src/global/mail_params.h 2006-07-27 02:59:10.000000000 +0200 >+++ postfix-2.3.2_patched/src/global/mail_params.h 2006-08-19 03:26:21.000000000 +0200 >@@ -2505,6 +2505,39 @@ > #define CHECK_POLICY_SERVICE "check_policy_service" > > /* >+ * SPF support. >+ */ >+#define REJECT_ILL_SPF_SENDER "reject_spf_invalid_sender" >+ >+#define VAR_SPF_REJECT_CODE "spf_reject_code" >+#define DEF_SPF_REJECT_CODE 550 >+extern int var_spf_reject_code; >+ >+#define VAR_SPF_REJECT_DSN "spf_reject_dsn" >+#define DEF_SPF_REJECT_DSN "5.7.1" >+extern char *var_spf_reject_dsn; >+ >+#define VAR_SPF_MARK_ONLY "spf_mark_only" >+#define DEF_SPF_MARK_ONLY 0 >+extern bool var_spf_mark_only; >+ >+#define VAR_SPF_RCVD_HEADER "spf_received_header" >+#define DEF_SPF_RCVD_HEADER 1 >+extern bool var_spf_rcvd_header; >+ >+#define VAR_SPF_LOCAL_POLICY "spf_local_policy" >+#define DEF_SPF_LOCAL_POLICY "" >+extern char *var_spf_local_policy; >+ >+#define VAR_SPF_EXPLANATION "spf_explanation" >+#define DEF_SPF_EXPLANATION "" >+extern char *var_spf_explanation; >+ >+#define VAR_SPF_GLOBAL_WHITELIST "spf_global_whitelist" >+#define DEF_SPF_GLOBAL_WHITELIST 0 >+extern bool var_spf_global_whitelist; >+ >+ /* > * Client rate control. > */ > #define VAR_SMTPD_CRATE_LIMIT "smtpd_client_connection_rate_limit" >diff -Pur postfix-2.3.2/src/global/mail_version.h postfix-2.3.2_patched/src/global/mail_version.h >--- postfix-2.3.2/src/global/mail_version.h 2006-07-27 18:46:58.000000000 +0200 >+++ postfix-2.3.2_patched/src/global/mail_version.h 2006-08-19 03:26:21.000000000 +0200 >@@ -47,6 +47,13 @@ > #define DEF_MAIL_RELEASE MAIL_RELEASE_DATE > extern char *var_mail_release; > >+/* >+ * SPF patch version. >+ */ >+#define VAR_SPF_PVERSION "spf_patch_version" >+#define DEF_SPF_PVERSION "1.0.0" >+extern char *var_spf_version; >+ > /* LICENSE > /* .ad > /* .fi >diff -Pur postfix-2.3.2/src/smtpd/Makefile.in postfix-2.3.2_patched/src/smtpd/Makefile.in >--- postfix-2.3.2/src/smtpd/Makefile.in 2006-07-09 19:45:31.000000000 +0200 >+++ postfix-2.3.2_patched/src/smtpd/Makefile.in 2006-08-19 03:26:21.000000000 +0200 >@@ -1,12 +1,13 @@ > SHELL = /bin/sh > SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ > smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ >- smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c >+ smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_spf.c > OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ > smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ >- smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o >+ smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_spf.o > HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ >- smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h >+ smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \ >+ smtpd_spf.h > TESTSRC = smtpd_token_test.c > DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) > CFLAGS = $(DEBUG) $(OPT) $(DEFS) >diff -Pur postfix-2.3.2/src/smtpd/smtpd.c postfix-2.3.2_patched/src/smtpd/smtpd.c >--- postfix-2.3.2/src/smtpd/smtpd.c 2006-07-27 02:47:39.000000000 +0200 >+++ postfix-2.3.2_patched/src/smtpd/smtpd.c 2006-08-19 03:27:16.000000000 +0200 >@@ -948,6 +948,7 @@ > #include <smtpd_chat.h> > #include <smtpd_sasl_proto.h> > #include <smtpd_sasl_glue.h> >+#include <smtpd_spf.h> > #include <smtpd_proxy.h> > #include <smtpd_milter.h> > >@@ -1052,6 +1053,15 @@ > char *var_smtpd_ehlo_dis_words; > char *var_smtpd_ehlo_dis_maps; > >+bool var_spf_mark_only; >+int var_spf_reject_code; >+char *var_spf_reject_dsn; >+bool var_spf_rcvd_header; >+ >+char *var_spf_local_policy; >+char *var_spf_explanation; >+bool var_spf_global_whitelist; >+ > char *var_smtpd_tls_level; > bool var_smtpd_use_tls; > bool var_smtpd_enforce_tls; >@@ -2130,6 +2140,7 @@ > #ifdef DELAY_ACTION > state->saved_delay = 0; > #endif >+ smtpd_spf_sess_reset(state); > #ifdef USE_SASL_AUTH > if (var_smtpd_sasl_enable) > smtpd_sasl_mail_reset(state); >@@ -2531,6 +2542,14 @@ > out_fprintf(out_stream, REC_TYPE_NORM, "%s", *cpp); > > /* >+ * Prepend Received-SPF header. The header (name,value) has been >+ * constructed before in the SPF handler (if SPF is enabled). >+ */ >+ if (var_spf_rcvd_header && state->spf_sess_data != NULL >+ && state->spf_header) >+ out_fprintf(out_stream, REC_TYPE_NORM, "%s", state->spf_header); >+ >+ /* > * Suppress our own Received: header in the unlikely case that we are an > * intermediate proxy. > */ >@@ -4415,6 +4434,7 @@ > VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0, > VAR_SMTPD_CRCPT_LIMIT, DEF_SMTPD_CRCPT_LIMIT, &var_smtpd_crcpt_limit, 0, 0, > VAR_SMTPD_CNTLS_LIMIT, DEF_SMTPD_CNTLS_LIMIT, &var_smtpd_cntls_limit, 0, 0, >+ VAR_SPF_REJECT_CODE, DEF_SPF_REJECT_CODE, &var_spf_reject_code, 0, 0, > #ifdef USE_TLS > VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0, > VAR_SMTPD_TLS_LOGLEVEL, DEF_SMTPD_TLS_LOGLEVEL, &var_smtpd_tls_loglevel, 0, 0, >@@ -4454,6 +4474,9 @@ > VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls, > VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls, > VAR_SMTPD_TLS_WRAPPER, DEF_SMTPD_TLS_WRAPPER, &var_smtpd_tls_wrappermode, >+ VAR_SPF_MARK_ONLY, DEF_SPF_MARK_ONLY, &var_spf_mark_only, >+ VAR_SPF_RCVD_HEADER, DEF_SPF_RCVD_HEADER, &var_spf_rcvd_header, >+ VAR_SPF_GLOBAL_WHITELIST, DEF_SPF_GLOBAL_WHITELIST, &var_spf_global_whitelist, > #ifdef USE_TLS > VAR_SMTPD_TLS_AUTH_ONLY, DEF_SMTPD_TLS_AUTH_ONLY, &var_smtpd_tls_auth_only, > VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert, >@@ -4507,6 +4530,9 @@ > VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients, 0, 0, > VAR_SMTPD_EHLO_DIS_WORDS, DEF_SMTPD_EHLO_DIS_WORDS, &var_smtpd_ehlo_dis_words, 0, 0, > VAR_SMTPD_EHLO_DIS_MAPS, DEF_SMTPD_EHLO_DIS_MAPS, &var_smtpd_ehlo_dis_maps, 0, 0, >+ VAR_SPF_LOCAL_POLICY, DEF_SPF_LOCAL_POLICY, &var_spf_local_policy, 0, 0, >+ VAR_SPF_EXPLANATION, DEF_SPF_EXPLANATION, &var_spf_explanation, 0, 0, >+ VAR_SPF_REJECT_DSN, DEF_SPF_REJECT_DSN, &var_spf_reject_dsn, 0, 0, > #ifdef USE_TLS > VAR_RELAY_CCERTS, DEF_RELAY_CCERTS, &var_smtpd_relay_ccerts, 0, 0, > VAR_SMTPD_SASL_TLS_OPTS, DEF_SMTPD_SASL_TLS_OPTS, &var_smtpd_sasl_tls_opts, 0, 0, >diff -Pur postfix-2.3.2/src/smtpd/smtpd.h postfix-2.3.2_patched/src/smtpd/smtpd.h >--- postfix-2.3.2/src/smtpd/smtpd.h 2006-07-22 02:47:28.000000000 +0200 >+++ postfix-2.3.2_patched/src/smtpd/smtpd.h 2006-08-19 03:26:21.000000000 +0200 >@@ -13,6 +13,10 @@ > */ > #include <sys/time.h> > #include <unistd.h> >+#include <arpa/nameser.h> /* for spf2/spf.h */ >+#include <sys/socket.h> /* for spf2/spf.h */ >+#include <netinet/in.h> /* for spf2/spf.h */ >+#include <spf2/spf.h> > > /* > * Utility library. >@@ -148,6 +152,12 @@ > VSTRING *dsn_orcpt_buf; /* scratch space for ORCPT parsing */ > > /* >+ * SPF. >+ */ >+ SPF_request_t *spf_sess_data; /* session specific SPF data */ >+ char *spf_header; /* SPF header to insert */ >+ >+ /* > * Pass-through proxy client. > */ > VSTREAM *proxy; /* proxy handle */ >diff -Pur postfix-2.3.2/src/smtpd/smtpd_check.c postfix-2.3.2_patched/src/smtpd/smtpd_check.c >--- postfix-2.3.2/src/smtpd/smtpd_check.c 2006-07-07 22:32:43.000000000 +0200 >+++ postfix-2.3.2_patched/src/smtpd/smtpd_check.c 2006-08-19 03:26:21.000000000 +0200 >@@ -244,6 +244,7 @@ > #include "smtpd_sasl_glue.h" > #include "smtpd_check.h" > #include "smtpd_dsn_fix.h" >+#include "smtpd_spf.h" > > #define RESTRICTION_SEPARATORS ", \t\r\n" > >@@ -1725,6 +1726,67 @@ > return (stat); > } > >+/* reject_spf_invalid_sender - check sender validity using SPF records */ >+ >+static int reject_spf_invalid_sender(SMTPD_STATE *state, const char *addr, >+ const char *reply_name, const char *reply_class) >+{ >+ char *myname = "reject_spf_invalid_sender"; >+ char *comment; >+ int action, stat; >+ >+ /* >+ * Currently, this is the only place where SPF routines are used. >+ * It therefore makes little sense to initialize the SPF data >+ * before now. >+ */ >+ smtpd_spf_sess_init(state); >+ smtpd_spf_set_helo(state, state->helo_name); >+ smtpd_spf_set_from(state, state->sender); >+ >+ /* >+ * Obtain SPF result. >+ */ >+ comment = NULL; >+ action = smtpd_spf_result(state, >+ (var_spf_rcvd_header ? &state->spf_header : NULL), >+ &comment); >+ >+ /* >+ * Perform actions. >+ */ >+ stat = SMTPD_CHECK_DUNNO; >+ switch (action) { >+ case SPF_ACTION_REJECT: >+ stat = smtpd_check_reject(state, MAIL_ERROR_POLICY, >+ var_spf_reject_code, var_spf_reject_dsn, >+ "<%s>: %s rejected: %s", >+ reply_name, reply_class, >+ (comment ? comment : "SPF policy violation")); >+ break; >+ >+ case SPF_ACTION_TEMPFAIL: >+ /* XXX log error? */ >+ DEFER_IF_REJECT2(state, MAIL_ERROR_POLICY, >+ 450, "4.7.1", >+ "<%s>: %s rejected: Unable to look up SPF information", >+ reply_name, reply_class); >+ break; >+ >+ default: >+ break; >+ } >+ >+ >+ /* >+ * Cleanup. >+ */ >+ if (comment != NULL) >+ myfree(comment); >+ >+ return (stat); >+} >+ > /* reject_unknown_address - fail if address does not resolve */ > > static int reject_unknown_address(SMTPD_STATE *state, const char *addr, >@@ -3670,6 +3732,10 @@ > if (state->sender && *state->sender) > status = reject_non_fqdn_address(state, state->sender, > state->sender, SMTPD_NAME_SENDER); >+ } else if (strcasecmp(name, REJECT_ILL_SPF_SENDER) == 0) { >+ if (state->sender && *state->sender) >+ status = reject_spf_invalid_sender(state, state->sender, >+ state->sender, SMTPD_NAME_SENDER); > } else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) { > #ifdef USE_SASL_AUTH > if (var_smtpd_sasl_enable) { >diff -Pur postfix-2.3.2/src/smtpd/smtpd_spf.c postfix-2.3.2_patched/src/smtpd/smtpd_spf.c >--- postfix-2.3.2/src/smtpd/smtpd_spf.c 1970-01-01 01:00:00.000000000 +0100 >+++ postfix-2.3.2_patched/src/smtpd/smtpd_spf.c 2006-08-19 03:26:21.000000000 +0200 >@@ -0,0 +1,332 @@ >+/*++ >+/* NAME >+/* smtpd_spf 3 >+/* SUMMARY >+/* SMTP server SPF support >+/* SYNOPSIS >+/* #include <smtpd.h> >+/* #include <smtpd_spf.h> >+/* >+/* void smtpd_spf_init(state) >+/* SMTPD_STATE *state; >+/* >+/* int smtpd_spf_sess_init(state) >+/* SMTPD_STATE *state; >+/* >+/* void smtpd_spf_sess_reset(state) >+/* SMTPD_STATE *state; >+/* >+/* int smtpd_spf_set_helo(state, name) >+/* SMTPD_STATE *state; >+/* char *name; >+/* >+/* int smtpd_spf_set_from(state, name) >+/* SMTPD_STATE *state; >+/* char *name; >+/* >+/* int smtpd_spf_result(state, *header, *comment) >+/* SMTPD_STATE *state; >+/* char **header; >+/* char **comment; >+/* >+/* DESCRIPTION >+/* This modules provides SPF state management functions, >+/* making the other SMTP components independent on the >+/* actual SPF routines used. >+/* >+/* smtpd_spf_init() initializes global SPF context. >+/* >+/* smtpd_spf_sess_init() initializes SPF session context. >+/* >+/* smtpd_spf_sess_reset() cleans up SPF session context. >+/* >+/* smtpd_spf_set_helo() passes the client HELO name to >+/* the underlying libspf2 context. >+/* >+/* smtpd_spf_set_from() passes the SMTP envelope sender >+/* to the underlying libspf2 context. >+/* >+/* smtpd_spf_result() performs (via libspf2) the SPF lookups >+/* and handling, and creates a Received-SPF header. >+/* >+/* Arguments: >+/* .IP state >+/* Session context. >+/* .IP name >+/* The value to set in the low-level SPF context. >+/* DIAGNOSTICS >+/* Panic: interface violations. Fatal errors: out of memory. >+/* internal protocol errors. >+/* LICENSE >+/* .ad >+/* .fi >+/* The Secure Mailer license must be distributed with this software. >+/* AUTHOR(S) >+/* Nigel Kukard >+/* E-mail: <nkukard@lbsd.net> >+/* >+/* Dean C. Strik >+/* Department ICT >+/* Eindhoven University of Technology >+/* P.O. Box 513 >+/* 5600 MB Eindhoven, Netherlands >+/* E-mail: <dean@ipnet6.org> >+/*--*/ >+ >+ >+/* System library. */ >+#include <sys_defs.h> >+#include <sys/socket.h> >+#include <netinet/in.h> >+#include <arpa/inet.h> >+#include <arpa/nameser.h> >+#include <errno.h> >+#include <netdb.h> >+#include <string.h> >+#include <spf2/spf.h> >+#include <spf2/spf_dns_resolv.h> >+#include <spf2/spf_dns_cache.h> >+ >+/* Global library */ >+#include <mail_params.h> >+#include <msg.h> >+#include <mymalloc.h> >+ >+/* Application library */ >+#include "smtpd.h" >+#include "smtpd_spf.h" >+ >+#define SPF_DNS_CACHE_BITS 8 >+ >+//static SPF_config_t spf_global_data; /* common SPF configuration data */ >+//static SPF_dns_config_t spf_resolv_data; /* SPF DNS resolver data */ >+//static SPF_dns_config_t spf_resolv_cache; /* SPF DNS resolver cache */ >+//static SPF_c_results_t spf_local_policy; /* compiled local policy */ >+//static SPF_c_results_t spf_explanation; /* custom explanation */ >+ >+static SPF_server_t *spf_global_server; >+ >+ >+/* Initialize global SPF context */ >+void smtpd_spf_init(SMTPD_STATE *state) >+{ >+ char *myname = "smtpd_spf_global_init"; >+ SPF_response_t *spf_response; >+ int res; >+ >+ >+ /* >+ * Initialize libspf2 server >+ */ >+ spf_global_server = SPF_server_new(SPF_DNS_CACHE, 0); >+ if (spf_global_server == NULL) >+ msg_fatal("%s: unable to create SPF server", myname); >+ >+ if (SPF_server_set_rec_dom(spf_global_server, var_myhostname) != 0) >+ msg_fatal("%s: can't set SPF hostname", myname); >+ >+ if (var_spf_explanation != NULL && *var_spf_explanation != 0) >+ { >+ res = SPF_server_set_explanation(spf_global_server, var_spf_explanation, >+ &spf_response); >+ SPF_response_free(spf_response); >+ if (res != 0) >+ { >+ msg_fatal("%s: can't set SPF explanation", myname); >+ } >+ } >+ >+ if (var_spf_local_policy != NULL && *var_spf_local_policy != 0) >+ { >+ res = SPF_server_set_localpolicy(spf_global_server, var_spf_local_policy, 0, >+ &spf_response); >+ SPF_response_free(spf_response); >+ if (res != 0) >+ { >+ msg_fatal("%s: can't set SPF local policy", myname); >+ } >+ } >+ >+ /* >+ * Clear session-specific data (session init is on-demand) >+ */ >+ state->spf_sess_data = NULL; >+ state->spf_header = NULL; >+} >+ >+ >+/* Initialize session dependent SPF context */ >+int smtpd_spf_sess_init(SMTPD_STATE *state) >+{ >+ char *myname = "smtpd_spf_init_sess_data"; >+ >+ >+ /* >+ * Sanity checks. >+ */ >+ if (state->addr == 0) >+ msg_panic("%s: client address not initialized", myname); >+ if (spf_global_server == NULL) >+ msg_panic("%s: spf_global_server not initialized", myname); >+ >+ /* >+ * This code is recipient-independent. SPF session data is >+ * already initialized if there have been earlier RCPT TO >+ * commands in this transaction, and we're done. >+ * XXX: make the code recipient-dependent (restriction classes) >+ */ >+ if (state->spf_sess_data != NULL) >+ return 0; >+ >+ /* >+ * Initialize session-specific SPF data. >+ */ >+ state->spf_sess_data = SPF_request_new(spf_global_server); >+ if (state->spf_sess_data == NULL) >+ msg_fatal("%s: failed to create SPF session data structure", >+ myname); >+ >+ state->spf_header = NULL; >+ >+ /* >+ * Pass client address to libspf2. >+ */ >+ if (SPF_request_set_ipv4_str(state->spf_sess_data, state->addr) != 0) >+ msg_fatal("%s: SPF_request_set_ipv4 failure", myname); >+ >+ >+ return 0; >+} >+ >+ >+/* Cleanup after disconnect */ >+void smtpd_spf_sess_reset(SMTPD_STATE *state) >+{ >+ char *myname = "smtpd_spf_sess_reset"; >+ >+ /* >+ * Sanity checks. >+ */ >+ if (spf_global_server == NULL) >+ msg_panic("%s: no global SPF data initialized", myname); >+ >+ if (state->spf_sess_data == NULL) >+ return; /* initialisation is only on demand */ >+ >+ /* >+ * Cleanup SPF session data. >+ */ >+ if (state->spf_header != NULL) >+ myfree(state->spf_header); >+ >+ state->spf_header = NULL; >+ >+ SPF_request_free(state->spf_sess_data); >+ >+ state->spf_sess_data = NULL; >+} >+ >+ >+/* Pass HELO/EHLO name to libspf2 */ >+int smtpd_spf_set_helo(SMTPD_STATE *state, const char *name) >+{ >+ char *myname = "smtpd_spf_set_helo"; >+ >+ /* >+ * Sanity checks. >+ * >+ * 'name' may be NULL, to unset registered HELO. This may >+ * even happen when SPF is not initialized yet (SPF init >+ * is only on demand). >+ */ >+ if (state->spf_sess_data == NULL && name == NULL) >+ return 0; >+ >+ if (state->spf_sess_data == NULL) >+ msg_panic("%s: setting SPF HELO with null session", >+ myname); >+ >+ /* >+ * Pass the HELO name to libspf2. >+ */ >+ if (SPF_request_set_helo_dom(state->spf_sess_data, name) != 0) >+ msg_fatal("%s: error in SPF_request_set_helo_dom", myname); >+ >+ >+ return 0; >+} >+ >+ >+/* Pass sender (env.from) name to libspf2 */ >+int smtpd_spf_set_from(SMTPD_STATE *state, const char *name) >+{ >+ char *myname = "smtpd_spf_set_from"; >+ >+ /* >+ * Pass the envelope sender to libspf2. >+ */ >+ if (SPF_request_set_env_from(state->spf_sess_data, state->sender) != 0) >+ msg_fatal("%s: error in SPF_request_set_env_from", myname); >+ >+ return 0; >+} >+ >+ >+/* Obtain SPF result */ >+int smtpd_spf_result(SMTPD_STATE *state, char **headerp, char **commentp) >+{ >+ char *myname = "smtpd_spf_result"; >+ int action = SPF_ACTION_UNKNOWN; >+ SPF_response_t *spf_response = NULL; >+ int res; >+ char *res_received_spf; >+ char *res_smtp_comment; >+ >+ /* >+ * Obtain SPF result. >+ */ >+ res = SPF_request_query_mailfrom(state->spf_sess_data, &spf_response); >+ if (res != 0) >+ goto clean_end; >+ >+ res = SPF_response_result(spf_response); >+ switch (res) { >+ case SPF_RESULT_PASS: >+ case SPF_RESULT_SOFTFAIL: >+ case SPF_RESULT_NEUTRAL: >+ case SPF_RESULT_NONE: >+ action = SPF_ACTION_MARK; >+ break; >+ >+ case SPF_RESULT_FAIL: >+ action = var_spf_mark_only ? SPF_ACTION_MARK : SPF_ACTION_REJECT; >+ break; >+ >+ default: >+ msg_warn("%s: unknown SPF result %d (%s)", myname, res, >+ SPF_strresult(res)); >+ action = SPF_ACTION_ACCEPT; >+ break; >+ } >+ >+ /* >+ * Save the output header/comment. >+ */ >+ res_received_spf = SPF_response_get_received_spf(spf_response); >+ res_smtp_comment = SPF_response_get_smtp_comment(spf_response); >+ >+ if (headerp != NULL && res_received_spf != NULL) >+ *headerp = mystrdup(res_received_spf); >+ >+ if (commentp != NULL && res_smtp_comment != NULL) >+ *commentp = mystrdup(res_smtp_comment); >+ >+ /* >+ * Cleanup. >+ */ >+clean_end: >+ SPF_response_free(spf_response); >+ >+ return (action); >+} >+ >diff -Pur postfix-2.3.2/src/smtpd/smtpd_spf.h postfix-2.3.2_patched/src/smtpd/smtpd_spf.h >--- postfix-2.3.2/src/smtpd/smtpd_spf.h 1970-01-01 01:00:00.000000000 +0100 >+++ postfix-2.3.2_patched/src/smtpd/smtpd_spf.h 2006-08-19 03:26:21.000000000 +0200 >@@ -0,0 +1,43 @@ >+/*++ >+/* NAME >+/* smtpd_spf 3h >+/* SUMMARY >+/* SMTP server SPF support >+/* SYNOPSIS >+/* #include <smtpd.h> >+/* #include <smtpd_spf.h> >+/* DESCRIPTION >+/* .nf >+ >+ /* >+ * External interface. >+ */ >+extern void smtpd_spf_init(SMTPD_STATE *); >+extern int smtpd_spf_sess_init(SMTPD_STATE *); >+extern void smtpd_spf_sess_reset(SMTPD_STATE *); >+extern int smtpd_spf_set_helo(SMTPD_STATE *, const char *); >+extern int smtpd_spf_set_from(SMTPD_STATE *, const char *); >+extern int smtpd_spf_result(SMTPD_STATE *, char **, char **); >+ >+#define SPF_ACTION_UNKNOWN 0 >+#define SPF_ACTION_ACCEPT 1 >+#define SPF_ACTION_REJECT 2 >+#define SPF_ACTION_MARK 3 >+#define SPF_ACTION_TEMPFAIL 4 >+ >+/* LICENSE >+/* .ad >+/* .fi >+/* The Secure Mailer license must be distributed with this software. >+/* AUTHOR(S) >+/* Nigel Kukard >+/* E-mail: <nkukard@lbsd.net> >+/* >+/* Dean C. Strik >+/* Department ICT >+/* Eindhoven University of Technology >+/* P.O. Box 513 >+/* 5600 MB Eindhoven, Netherlands >+/* E-mail: <dean@ipnet6.org> >+/*--*/ >+ >diff -Pur postfix-2.3.2/src/smtpd/smtpd_state.c postfix-2.3.2_patched/src/smtpd/smtpd_state.c >--- postfix-2.3.2/src/smtpd/smtpd_state.c 2006-07-22 03:50:42.000000000 +0200 >+++ postfix-2.3.2_patched/src/smtpd/smtpd_state.c 2006-08-19 03:26:21.000000000 +0200 >@@ -67,6 +67,7 @@ > #include "smtpd.h" > #include "smtpd_chat.h" > #include "smtpd_sasl_glue.h" >+#include "smtpd_spf.h" > > /* smtpd_state_init - initialize after connection establishment */ > >@@ -161,6 +162,11 @@ > smtpd_peer_init(state); > > /* >+ * Initialize SPF connection-specific information. >+ */ >+ smtpd_spf_init(state); >+ >+ /* > * Initialize xforward information. > */ > smtpd_xforward_init(state); >@@ -192,6 +198,7 @@ > if (state->protocol) > myfree(state->protocol); > smtpd_peer_reset(state); >+ smtpd_spf_sess_reset(state); > > /* > * Buffers that are created on the fly and that may be shared among mail
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=109325">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 165604
: 109325 |
109327
