The attached patch allows you to give named addresses or domains a
different SPF policy from your system default. As my POD for the
change says,
You can override the default rejection policy for specified addresses
or domains using the whitelist_spf configuration file.
whitelist_spf
whitelist_spf is a list of domains or addresses to which a differ-
ent SPF policy should be applied. Each line in the file contains
a single address or domain name, then a colon, then the spf_deny
level to be used. For example, assuming the plugin's spf_deny
option is set to 1,
[EMAIL PROTECTED]:0
nowhere.mil:2
In this example, mail from [EMAIL PROTECTED] will always be
accepted. Mail from nowhere.mil will be rejected with a 5xx
response for both fail and softfail.
I hope this might be useful enough to include. It certainly is useful if
you run with a default of "spf_deny 2".
I'd be open to the config filename changing from "whitelist_spf" to
something else since it also permits blacklisting :-)
The patch also changes "sender permitted from" to "sender policy
framework" everywhere except in the plugin name itself.
Nick--- /usr/share/qpsmtpd/plugins/sender_permitted_from 2006-06-27 08:07:26.000000000 +0100
+++ sender_permitted_from 2006-09-10 00:34:54.000000000 +0100
@@ -1,7 +1,7 @@
-
+#! /usr/bin/perl -w
=head1 NAME
-SPF - plugin to implement Sender Permitted From
+SPF - plugin to implement Sender Policy Framework
=head1 SYNOPSIS
@@ -22,7 +22,34 @@
include '<spf mechanism list>'
-See also http://spf.pobox.com/
+You can override the default rejection policy for specified addresses or domains using
+the B<whitelist_spf> configuration file.
+
+=over 4
+
+=item whitelist_spf
+
+B<whitelist_spf> is a list of domains or addresses to which a different
+SPF policy should be applied. Each line in the file contains a single
+address or domain name, then a colon, then the B<spf_deny> level to
+be used. For example, assuming the plugin's spf_deny option is set to 1,
+
+ [EMAIL PROTECTED]:0
+ nowhere.mil:2
+
+In this example, mail from [EMAIL PROTECTED] will always be accepted.
+Mail from nowhere.mil will be rejected with a 5xx response for both fail
+and softfail.
+
+=back
+
+=head1 BUGS
+
+This plugin should be renamed sender_policy_framework.
+
+=head1 SEE ALSO
+
+Sender Policy Framework, L<http://www.openspf.org/>
=cut
@@ -47,6 +74,13 @@
my $host = lc $sender->host;
my $from = $sender->user . '@' . $host;
+ my $deny;
+ grep { my $domain;
+ ($domain,$deny) = ($_ =~ /(.*):(\d)$/)
+ and $domain eq $from || $domain eq $host } $self->qp->config("whitelist_spf")
+ or $deny = $self->{_args}{spf_deny};
+ $self->log(LOGDEBUG, "SPF failure policy is $deny");
+
my $ip = $self->qp->connection->remote_ip;
my $helo = $self->qp->connection->hello_host;
