This patch incorporates three changes:
1) bugfix: sender address needs to be $sender->address, not just $sender
2) new feature: pass hello_hostname to Mail::SPF::Query (supported in v1.6)
3) improve RFC2142-compliance by always accepting mail to postmaster, abuse, and root.
Index: plugins/sender_permitted_from
===================================================================
RCS file: /cvs/public/qpsmtpd/plugins/sender_permitted_from,v
retrieving revision 1.4
diff -u -r1.4 sender_permitted_from
--- plugins/sender_permitted_from 8 Jul 2003 03:12:04 -0000 1.4
+++ plugins/sender_permitted_from 25 Jul 2003 16:32:44 -0000
@@ -36,7 +36,8 @@
my $from = $sender->user . '@' . $host;
my $ip = $self->qp->connection->remote_ip;
- my $query = Mail::SPF::Query->new(ip => $ip, sender => $from)
+ my $hello_host = $self->qp->connection->hello_host;
+ my $query = Mail::SPF::Query->new(ip => $ip, sender => $from, helo=>$hello_host)
|| die "Couldn't construct Mail::SPF::Query object";
$transaction->notes('spfquery', $query);
@@ -56,11 +57,14 @@
$self->qp->connection->notes('spf_comment', $comment);
$self->qp->connection->notes('spf_header', "$result ($comment)");
+ # special addresses don't get SPF-tested. RFC2142
+ return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
/^(?:postmaster|abuse|root)$/i;
+
if ($result eq "fail" and $self->{_args}{spf_deny}) {
my $ip = $self->qp->connection->remote_ip;
my $sender = $transaction->sender;
- my $why = "http://spf.pobox.com/why?sender="; . _uri_escape($sender) . "&ip=$ip";
+ my $why = ("http://spf.pobox.com/why?sender="; . _uri_escape($sender->address) .
"&ip=$ip");
return (DENY, "SPF forgery ($comment; see $why)");
}
