[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
spf localpolicy patch
The following patch for 2.99.57.pre3 version does:
1. adds spf local policy parameter passing from smtpserver.conf to libspf2
2. adds spf use_default_whitelist parameter passing (same direction)
3. prevents libspf2 handle to be recreated on each message
4. changes smtpserver config parser to be able to parse strings with spaces (quoted parameters)
5. improves work with HAVE_LIBSPF like definitions
6. fixes some bug(s?)
--- ../source.cvs/configure.in Wed Jul 14 14:34:22 2004
+++ configure.in Sat Jul 24 14:44:57 2004
@@ -2450,6 +2450,7 @@
if test "$ac_cv_lib_spf2" = yes; then
AC_MSG_RESULT([SPF2 libs available at $spfloc: -lspf2 !]);
AC_DEFINE(HAVE_SPF_H,1,[SPF2 libs available at $spfloc: -lspf2 !])
+ AC_DEFINE(HAVE_SPF2_SPF_H,1)
else
AC_MSG_RESULT([No spf2 libs available at system default locations ?])
LIBSPF=""
@@ -2468,6 +2469,7 @@
if test "$ac_cv_lib_spf" = yes; then
AC_MSG_RESULT([SPF libs available at $spfloc: -lspf_alt !]);
AC_DEFINE(HAVE_SPF_H,1,[SPF libs available at $spfloc: -lspf_alt !])
+ AC_DEFINE(HAVE_SPF_ALT_SPF_H,1)
else
AC_MSG_RESULT([No spf libs available at system default locations ?])
LIBSPF=""
@@ -2480,12 +2482,15 @@
if test -f "$withval"/lib/libspf2.a ; then
LIBSPF="-L$withval/lib -lspf2"
AC_MSG_RESULT([Using spf libs at directory: $withval/lib]);
+ AC_DEFINE(HAVE_SPF2_SPF_H,1)
elif test -f "$withval"/lib/libspf_alt.a ; then
LIBSPF="-L$withval/lib -lspf_alt"
AC_MSG_RESULT([Using spf libs at directory: $withval/lib]);
+ AC_DEFINE(HAVE_SPF_ALT_SPF_H,1)
else
LIBSPF="-L$withval -lspf_alt"
AC_MSG_RESULT([Using spf libs at directory: $withval]);
+ AC_DEFINE(HAVE_SPF_ALT_SPF_H,1)
fi
if test -f "$withval"/include/spf2/spf.h ; then
INCLSPF="-I$withval/include"
--- ../source.cvs/proto/smtpserver.conf.in Fri May 7 04:26:16 2004
+++ proto/smtpserver.conf.in Sat Jul 24 18:00:48 2004
@@ -35,6 +35,12 @@
# # 'pass' - accept only 'pass' and
# # DNS errors.
#
+#PARAM spf-localpolicy "ip4:1.2.3.4/24 ?exists:%{ir}.trusted-forwarders.domain.com"
+ # SPF localpolicy (see libspf2 documentation)
+#PARAM spf-whitelist-use-default false
+ # use (true) or not use (false) default whitelist
+ # (see libspf2 documentation)
+#
#PARAM BindPort 25 # Binding port
#PARAM BindAddress [0.0.0.0] # Binding address - for multihomers..
#PARAM BindAddress [IPv6.0::0] # and here is for IPv6 - NO SPACES!
@@ -208,19 +214,6 @@
# # the smtp TA's LMTP mode.
#
-#PARAM spf-received # Create Received-SPF header if SPF check is
-# # done and data is available.
-#PARAM spf-threshold keyword
-# Accept incoming messages with level equal or higher than
-# specified threshold. Levels are sorted as follows:
-# fail: 1
-# softfail: 2
-# none: 3
-# neutral: 4
-# pass: 5
-# See http://spf.pobox.com/ for explanation of SPF.
-#
-
#
#PARAM report-auth-file ${MAILSHARE}/scheduler.auth
# Defines where ACL/AUTH data for "Z-REPORT" SMTP verb
--- ../source.cvs/smtpserver/cfgread.c Tue Jul 13 12:28:54 2004
+++ smtpserver/cfgread.c Sat Jul 24 16:58:31 2004
@@ -14,7 +14,13 @@
#include "smtpserver.h"
#define SKIPSPACE(Y) while (*Y == ' ' || *Y == '\t') ++Y
-#define SKIPTEXT(Y) while (*Y && *Y != ' ' && *Y != '\t') ++Y
+#define SKIPTEXT(Y) if(*Y == '\"') { \
+ ++Y; while(*Y && *Y != '\"') ++Y; \
+ } else if(*Y == '\'') { \
+ ++Y; while(*Y && *Y != '\'') ++Y; \
+ } else { \
+ while (*Y && *Y != ' ' && *Y != '\t') ++Y; \
+ }
#define SKIPDIGIT(Y) while ('0' <= *Y && *Y <= '9') ++Y
static int called_getbindaddr = 0;
@@ -204,16 +210,19 @@
param1 = *str ? str : NULL;
SKIPTEXT (str);
+ if(param1 && (*param1=='\"' || *param1=='\'')) ++param1;
if (*str != 0)
*str++ = 0;
SKIPSPACE(str);
param2 = *str ? str : NULL;
SKIPTEXT (str);
+ if(param2 && (*param2=='\"' || *param2=='\'')) ++param2;
if (*str != 0)
*str++ = 0;
SKIPSPACE(str);
param3 = *str ? str : NULL;
SKIPTEXT (str);
+ if(param3 && (*param3=='\"' || *param3=='\'')) ++param3;
if (*str != 0)
*str++ = 0;
@@ -549,6 +558,24 @@
spf_threshold=0; /* always accept (even 'fail') */
}
}
+ /* SPF localpolicy setting */
+ else if (cistrcmp(name, "spf-localpolicy") == 0 && param1 /* 1 param */) {
+ use_spf=1;
+ spf_localpolicy=strdup(param1);
+ }
+ /* SPF localpolicy: whether to include default whitelist or not */
+ else if (cistrcmp(name, "spf-whitelist-use-default") == 0 && param1 /* 1 param */) {
+ use_spf=1;
+ if(cistrcmp(param1,"true") == 0) {
+ spf_whitelist_use_default=1; /* 'include:spf.trusted-forwarder.org' added to localpolicy */
+ } else if (cistrcmp(param1,"false") == 0) {
+ spf_whitelist_use_default=0;
+ } else {
+ type(NULL,0,NULL, "Cfgfile '%s' line %d param %s has bad arg: '%s'",
+ cfgfilename, linenum, name, param1);
+ spf_whitelist_use_default=0;
+ }
+ }
else {
/* XX: report error for unrecognized PARAM keyword ?? */
--- ../source.cvs/smtpserver/policytest.c Wed Jul 14 13:23:21 2004
+++ smtpserver/policytest.c Sat Jul 24 17:00:09 2004
@@ -43,9 +43,11 @@
state->message = state->messages[(attrib)]; \
state->messages[(attrib)] = NULL
-int use_spf;
-int spf_received;
-int spf_threshold;
+int use_spf=0;
+int spf_received=0;
+int spf_threshold=0;
+char *spf_localpolicy=NULL;
+int spf_whitelist_use_default=0;
static int resolveattributes __((struct policytest *, int, struct policystate *, const char *, int));
static int check_domain __((struct policystate *, const char *, int));
@@ -832,13 +834,47 @@
}
state->whoson_result = whosonrc;
#endif
-#ifdef Z_CHECK_SPF_DATA
- state->check_spf=0;
-#endif
state->maxsameiplimit = -1;
return 0;
}
+#ifdef Z_CHECK_SPF_DATA
+void initialize_spf(state)
+ struct policystate *state;
+{
+ if(state->spf_passed) return;
+ state->spf_passed=1;
+
+ state->check_spf=1;
+
+ if((state->spfcid=SPF_create_config()) == NULL) {
+ type(NULL,0,NULL," SPF_create_config() failed");
+ state->check_spf=0;
+ return;
+ }
+
+ if ((state->spfdcid=SPF_dns_create_config_resolv(NULL, 0)) == NULL) {
+ type(NULL,0,NULL," SPF_dns_create_config() failed");
+ state->check_spf=0;
+ return;
+ }
+
+ SPF_init_c_results(&state->local_policy);
+ if(SPF_compile_local_policy(state->spfcid,spf_localpolicy,spf_whitelist_use_default,
+ &state->local_policy)) {
+ type(NULL,0,NULL," SPF_compile_local_policy() failed: %s",
+ state->local_policy.err_msg);
+ free(spf_localpolicy);
+ state->check_spf=0;
+ return;
+ }
+ if(debug)
+ type(NULL,0,NULL," SPF local_policy: %s",spf_localpolicy);
+ free(spf_localpolicy);
+
+ SPF_set_local_policy(state->spfcid,state->local_policy);
+}
+#endif
static int _addrtest_ __((struct policystate *state, const char *pbuf, int sourceaddr));
@@ -1043,27 +1079,7 @@
#ifdef Z_CHECK_SPF_DATA
if (debug)
type(NULL,0,NULL," policytestaddr: 'spf +' found");
- state->check_spf=1;
-/* must be in the policystate destructor
- SPF_destroy_default_config();
-*/
- if (state->spfcid) SPF_destroy_config(state->spfcid);
- if ((state->spfcid=SPF_create_config()) == NULL) {
- type(NULL,0,NULL," SPF_create_config() failed");
- state->check_spf=0;
- }
- if (state->spfdcid) SPF_dns_destroy_config_resolv(state->spfdcid);
- if ((state->spfdcid=SPF_dns_create_config_resolv(NULL, 0)) == NULL) {
- type(NULL,0,NULL," SPF_dns_create_config() failed");
- state->check_spf=0;
- }
- /* SPF_free_c_results(&state->local_policy); */
- SPF_init_c_results(&state->local_policy);
- if (SPF_compile_local_policy(state->spfcid,NULL,0,&state->local_policy)) {
- type(NULL,0,NULL," SPF_compile_local_policy() failed: %s",
- state->local_policy.err_msg);
- state->check_spf=0;
- }
+ initialize_spf(state);
#else
type(NULL,0,NULL," compiled without SPF support, 'spf +' ignored");
#endif
@@ -1220,7 +1236,7 @@
rc = _addrtest_(state, pbuf, 1);
-#ifdef HAVE_SPF_ALT_SPF_H
+#if defined(HAVE_SPF_ALT_SPF_H) || defined(HAVE_SPF2_SPF_H)
if (state->check_spf) {
if (debug) {
char aaa[32];
@@ -1242,7 +1258,7 @@
}
}
}
-#endif /* HAVE_SPF_ALT_SPF_H */
+#endif /* HAVE_SPF_ALT_SPF_H || HAVE_SPF2_SPF_H */
@@ -1803,11 +1819,13 @@
if (sscanf(state->ratelimitmsgsvalue, "%d", &limitval) == 1) {
/* Valid numeric value had.. */
+ int rc;
+
if (state->authuser)
limitval *= 10; /* raise the limit considerably for
authenticated user. */
- int rc = call_rate_counter(state, 0, POLICY_MAILFROM,
+ rc = call_rate_counter(state, 0, POLICY_MAILFROM,
&count);
/* Non-zero value means that counter was not reachable, or
@@ -1891,14 +1909,15 @@
rc=0;
if (state->check_spf) {
int spf_level;
- SPF_output_t spf_output = SPF_result(state->spfcid,state->spfdcid);
+ SPF_output_t spf_output=SPF_result(state->spfcid,state->spfdcid);
if (debug) {
- type(NULL,0,NULL," SPF_result=%d (%s) reason=%d (%s) error=%d",
+ type(NULL,0,NULL," SPF_result=%d (%s) reason=%d (%s) error=%d (%s)",
spf_output.result,
SPF_strresult(spf_output.result),
spf_output.reason,
SPF_strreason(spf_output.reason),
- spf_output.err);
+ spf_output.err,
+ SPF_strerror(spf_output.err));
type(NULL,0,NULL,"%s",( spf_output.smtp_comment ?
spf_output.smtp_comment : "<null>") );
}
--- ../source.cvs/smtpserver/policytest.h Fri Jul 9 01:50:25 2004
+++ smtpserver/policytest.h Fri Jul 23 17:58:53 2004
@@ -70,6 +70,7 @@
SPF_config_t spfcid;
SPF_dns_config_t spfdcid;
SPF_c_results_t local_policy;
+ int spf_passed;
#endif
};
--- ../source.cvs/smtpserver/smtpserver.h Wed Jul 14 03:25:57 2004
+++ smtpserver/smtpserver.h Fri Jul 23 15:02:27 2004
@@ -459,7 +459,8 @@
extern int detect_incorrect_tls_use;
extern int force_rcpt_notify_never;
-extern int use_spf, spf_received, spf_threshold;
+extern int use_spf, spf_received, spf_threshold, spf_whitelist_use_default;
+extern char *spf_localpolicy;
extern int bindaddr_set, bindport_set, testaddr_set;
extern u_short bindport;
--- ../source.cvs/configure Wed Jul 14 18:05:26 2004
+++ configure Sat Jul 24 14:45:42 2004
@@ -21417,6 +21417,10 @@
#define HAVE_SPF_H 1
_ACEOF
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPF2_SPF_H 1
+_ACEOF
+
else
echo "$as_me:$LINENO: result: No spf2 libs available at system default locations ?" >&5
echo "${ECHO_T}No spf2 libs available at system default locations ?" >&6
@@ -21488,6 +21492,10 @@
#define HAVE_SPF_H 1
_ACEOF
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPF_ALT_SPF_H 1
+_ACEOF
+
else
echo "$as_me:$LINENO: result: No spf libs available at system default locations ?" >&5
echo "${ECHO_T}No spf libs available at system default locations ?" >&6
@@ -21502,14 +21510,26 @@
LIBSPF="-L$withval/lib -lspf2"
echo "$as_me:$LINENO: result: Using spf libs at directory: $withval/lib" >&5
echo "${ECHO_T}Using spf libs at directory: $withval/lib" >&6;
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPF2_SPF_H 1
+_ACEOF
+
elif test -f "$withval"/lib/libspf_alt.a ; then
LIBSPF="-L$withval/lib -lspf_alt"
echo "$as_me:$LINENO: result: Using spf libs at directory: $withval/lib" >&5
echo "${ECHO_T}Using spf libs at directory: $withval/lib" >&6;
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPF_ALT_SPF_H 1
+_ACEOF
+
else
LIBSPF="-L$withval -lspf_alt"
echo "$as_me:$LINENO: result: Using spf libs at directory: $withval" >&5
echo "${ECHO_T}Using spf libs at directory: $withval" >&6;
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_SPF_ALT_SPF_H 1
+_ACEOF
+
fi
if test -f "$withval"/include/spf2/spf.h ; then
INCLSPF="-I$withval/include"
--
virtan / software developer / virtan@yandex-team.ru // BSrLblbG
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi