[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: spf_threshold always 0

To: "Eugene Crosser" <crosser@rol.ru>
Subject: RE: spf_threshold always 0
From: "Virgil Cui" <vcui@bluecatnetworks.com>
Date: Tue, 2 Aug 2005 13:03:24 -0400
Cc: <zmailer@nic.funet.fi>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
Sender: zmailer-owner@nic.funet.fi
thread-index: AcWXeqxQ5E8eRMUASgir3UdAojGoZwAAKF+g
Thread-Topic: spf_threshold always 0

ConfigParams is a struct define in smtpserver.h.
And in cfgread.c, around line 677-719 (base on CVS code grab on 07/22), it reads the value from smtpserver.conf and assigns.
=====================
    /* SPF related things */
    /* Generate SPF-Received header */
    else if (cistrcmp(name, "spf-received") == 0) {
      CP->use_spf=1;
      CP->spf_received=1;
    }
    /* Reject mail if SPF query result is equal or higher than threshold */
    else if (cistrcmp(name, "spf-threshold") == 0 && param1 /* 1 param */) {
      CP->use_spf=1;
      if (cistrcmp(param1, "fail") == 0) {
	CP->spf_threshold=1;	/* relaxed - they say: fail but we accept */
      } else if (cistrcmp(param1, "softfail") == 0) {
	CP->spf_threshold=2;	/* default - they don't assume real reject */
      } else if (cistrcmp(param1, "none") == 0) {
	CP->spf_threshold=3;	/* stricter - but allow all who don't publish */
      } else if (cistrcmp(param1, "neutral") == 0) {
	CP->spf_threshold=4;	/* draconian - SFP-less won't pass */
      } else if (cistrcmp(param1, "pass") == 0) {
	CP->spf_threshold=5;	/* extreme - allow only explicit 'pass' */
      } else {
	type(NULL,0,NULL, "Cfgfile '%s' line %d param %s has bad arg: '%s'",
		cfgfilename, linenum, name, param1);
	CP->spf_threshold=0;	/* always accept (even 'fail') */
      }
    }
    /* SPF localpolicy setting */
    else if (cistrcmp(name, "spf-localpolicy") == 0 && param1 /* 1 param */) {
        CP->use_spf=1;
        CP->spf_localpolicy=strdup(param1);
    }
    /* SPF localpolicy: whether to include default whitelist or not */
    else if (cistrcmp(name, "spf-whitelist-use-default") == 0 && param1 /* 1 param */) {
	CP->use_spf=1;
        if(cistrcmp(param1,"true") == 0) {
	  CP->spf_whitelist_use_default=1; /* 'include:spf.trusted-forwarder.org' added to localpolicy */
        } else if (cistrcmp(param1,"false") == 0) {
	  CP->spf_whitelist_use_default=0;
        } else {
            type(NULL,0,NULL, "Cfgfile '%s' line %d param %s has bad arg: '%s'",
                    cfgfilename, linenum, name, param1);
            CP->spf_whitelist_use_default=0;
        }
    }
=====================

BTW, I don't think it works properly on 2.99.57-pre3 (I haven't tried with 2.99.57-pre1 and 2.99.57-pre2). I need to manually to modify the config.h to make it compile, #define HAVE_SPF2_SPF_H 1 and #define HAVE_SPF_ALT_SPF_H 1. Hence even after that, it always return me the same result doesn't matter what my inputs,
"Received-SPF: unknown (testbox: error in processing during lookup of domain of ibm.com: Not configured) envelope-from:test@ibm.com;

I have a debian system with both libspf2-1.0.4 library and libspf_alt-0.4.0. But end up use libspf2-1.0.4 library for smtpserver
lrwxrwxrwx    1 root     root           31 Jul 25 15:48 /usr/lib/libspf_alt.so.1 -> /usr/local/lib/libspf2.so.1.0.0
If I use spfquery comes with SPF library, I can get the right result. 

And I found the problem in 2.99.57-pre3 is that no more IP info for SPF while doing query which causes has the same result for all queries.
In policytest.c/_addrtest_ function, it destroies the existing config first and creates it again. And policytestaddr function calls _addrtest_ function, and then do SPF_set_ipv4/SPF_set_ipv6. But later on, check_domain function calls _addrtest_ again w/o doing SPF_set_ipv4/SPF_set_ipv6, and actually at this point, the config doesn't contain any IP info. It works if I change to set IP info after check_domain. And this problem has been solved in CVS's code that grab on 07/22 too. So I am not sure which version you are using.

Thanks,
Virgil 

-----Original Message-----
From: Eugene Crosser [mailto:crosser@rol.ru]
Sent: Tuesday, August 02, 2005 11:56 AM
To: Virgil Cui
Cc: zmailer@nic.funet.fi
Subject: Re: spf_threshold always 0

Virgil Cui wrote:

> I downloaded the code from CVS on July 22. And found a problem in policytest.c, the variable of spf_threshold hasn't been assigned the value properly. It's always 0 though I set it to "PARAM   spf-threshold softfail" in my smtpserver.conf. 
> 
> I just make some changes below at this time:
> extern ConfigParams *CP;
> spf_threshold = CP->spf_threshold;

Hmmm...  I don't see what you are talking about.  What is "ConfigParams"?
Last time I checked spf-threshold worked.  But it was a long time ago.
Actually, I see a lot of SPF rejections in my log, so it probably works
 now as well.

Eugene
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: spf_threshold always 0
  - From: Eugene Crosser <crosser@rol.ru> (Tue, 2 Aug 2005 20:44:37 +0300)
- patch for gettign SPF config from CP structure
  - From: Eugene Crosser <crosser@rol.ru> (Mon, 12 Sep 2005 14:41:37 +0300)

Prev by Date: Re: spf_threshold always 0
Next by Date: Re: spf_threshold always 0
Prev by thread: Re: spf_threshold always 0
Next by thread: Re: spf_threshold always 0
Index(es):
- Date
- Thread