[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: spf_threshold always 0
ConfigParams is a struct define in smtpserver.h.
And in cfgread.c, around line 677-719 (base on CVS code grab on 07/22), it reads the value from smtpserver.conf and assigns.
=====================
/* SPF related things */
/* Generate SPF-Received header */
else if (cistrcmp(name, "spf-received") == 0) {
CP->use_spf=1;
CP->spf_received=1;
}
/* Reject mail if SPF query result is equal or higher than threshold */
else if (cistrcmp(name, "spf-threshold") == 0 && param1 /* 1 param */) {
CP->use_spf=1;
if (cistrcmp(param1, "fail") == 0) {
CP->spf_threshold=1; /* relaxed - they say: fail but we accept */
} else if (cistrcmp(param1, "softfail") == 0) {
CP->spf_threshold=2; /* default - they don't assume real reject */
} else if (cistrcmp(param1, "none") == 0) {
CP->spf_threshold=3; /* stricter - but allow all who don't publish */
} else if (cistrcmp(param1, "neutral") == 0) {
CP->spf_threshold=4; /* draconian - SFP-less won't pass */
} else if (cistrcmp(param1, "pass") == 0) {
CP->spf_threshold=5; /* extreme - allow only explicit 'pass' */
} else {
type(NULL,0,NULL, "Cfgfile '%s' line %d param %s has bad arg: '%s'",
cfgfilename, linenum, name, param1);
CP->spf_threshold=0; /* always accept (even 'fail') */
}
}
/* SPF localpolicy setting */
else if (cistrcmp(name, "spf-localpolicy") == 0 && param1 /* 1 param */) {
CP->use_spf=1;
CP->spf_localpolicy=strdup(param1);
}
/* SPF localpolicy: whether to include default whitelist or not */
else if (cistrcmp(name, "spf-whitelist-use-default") == 0 && param1 /* 1 param */) {
CP->use_spf=1;
if(cistrcmp(param1,"true") == 0) {
CP->spf_whitelist_use_default=1; /* 'include:spf.trusted-forwarder.org' added to localpolicy */
} else if (cistrcmp(param1,"false") == 0) {
CP->spf_whitelist_use_default=0;
} else {
type(NULL,0,NULL, "Cfgfile '%s' line %d param %s has bad arg: '%s'",
cfgfilename, linenum, name, param1);
CP->spf_whitelist_use_default=0;
}
}
=====================
BTW, I don't think it works properly on 2.99.57-pre3 (I haven't tried with 2.99.57-pre1 and 2.99.57-pre2). I need to manually to modify the config.h to make it compile, #define HAVE_SPF2_SPF_H 1 and #define HAVE_SPF_ALT_SPF_H 1. Hence even after that, it always return me the same result doesn't matter what my inputs,
"Received-SPF: unknown (testbox: error in processing during lookup of domain of ibm.com: Not configured) envelope-from:test@ibm.com;
I have a debian system with both libspf2-1.0.4 library and libspf_alt-0.4.0. But end up use libspf2-1.0.4 library for smtpserver
lrwxrwxrwx 1 root root 31 Jul 25 15:48 /usr/lib/libspf_alt.so.1 -> /usr/local/lib/libspf2.so.1.0.0
If I use spfquery comes with SPF library, I can get the right result.
And I found the problem in 2.99.57-pre3 is that no more IP info for SPF while doing query which causes has the same result for all queries.
In policytest.c/_addrtest_ function, it destroies the existing config first and creates it again. And policytestaddr function calls _addrtest_ function, and then do SPF_set_ipv4/SPF_set_ipv6. But later on, check_domain function calls _addrtest_ again w/o doing SPF_set_ipv4/SPF_set_ipv6, and actually at this point, the config doesn't contain any IP info. It works if I change to set IP info after check_domain. And this problem has been solved in CVS's code that grab on 07/22 too. So I am not sure which version you are using.
Thanks,
Virgil
-----Original Message-----
From: Eugene Crosser [mailto:crosser@rol.ru]
Sent: Tuesday, August 02, 2005 11:56 AM
To: Virgil Cui
Cc: zmailer@nic.funet.fi
Subject: Re: spf_threshold always 0
Virgil Cui wrote:
> I downloaded the code from CVS on July 22. And found a problem in policytest.c, the variable of spf_threshold hasn't been assigned the value properly. It's always 0 though I set it to "PARAM spf-threshold softfail" in my smtpserver.conf.
>
> I just make some changes below at this time:
> extern ConfigParams *CP;
> spf_threshold = CP->spf_threshold;
Hmmm... I don't see what you are talking about. What is "ConfigParams"?
Last time I checked spf-threshold worked. But it was a long time ago.
Actually, I see a lot of SPF rejections in my log, so it probably works
now as well.
Eugene
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi