######################################################################
# SPF Query
######################################################################
# Purpose:
# Create SPF headers for inbound messages, primarily to avoid
# sending confirmation messages from the TMDA C/R system in
# response to likely joe-jobs.
# Dependencies:
# This recipe uses spfquery from the libmail-spf-query-perl
# package. It relies on various environment variables exported
# from postfix; it probably doesn't work with anything else as-is.
# Caveats:
# Local injection does not create the needed environment variables
# from postfix, so we skip those messages entirely. Also, we're
# making a very cursory check of the environment variables just to
# make sure that they exist and contain *something* vaguely
# reasonable. In the interests of laziness these regexes are
# fast-and-dirty, and don't do thorough validation; the assumption
# is that bad data in these fields should either raise a red flag
# for SPF anyway, or will get caught by bogofilter later on.
######################################################################
ADDRESS="[-a-zA-Z0-9_.]"
IPCHARS="[0-9.]"
:0
* SENDER ?? $ ^${ADDRESS}+@
* CLIENT_HELO ?? $ ^${ADDRESS}+
* CLIENT_ADDRESS ?? $ ^${IPCHARS}+
{
# Capture the output from spfquery, and split the lines in a
# sensible way for easier reading. This conforms to RFC 822, but may
# cause trouble for any utilities which don't expect the
# Received-SPF header to contain additional spaces, tabs, or
# newlines. Adjust to suit.
SPF=`/usr/bin/spfquery -ipv4=${CLIENT_ADDRESS} -sender=${SENDER} \
-helo=${CLIENT_HELO} | fgrep Received-SPF: |
sed -e 's/(/\n\t&/; s/[);] /&\n\t/g'`
# Add the SPF headers to the message. We want them for future
# reference, and not just for inbound scoring.
:0fW
|formail -i "$SPF"
# Hard failures are either joe-jobs or misconfigured SPF clients, so
# we sideline those messages here before calling TMDA. Anything
# other than a hard failure will be allowed to continue.
:0:
* ^Received-SPF: fail
spam-joejobs
}
--
Unabashedly littering the information superhighway with detritus like
this for over 15 years now.
_____________________________________________
tmda-users mailing list (tmda-users@tmda.net)
http://tmda.net/lists/listinfo/tmda-users
