Hi all, It's a problem not to know when an email is rejected by SPF, this patch resolvs this issue.
Applied cleanly after toaster 0.7.2-patch, running in production. Regards, Eduardo Cortés.
--- qmail-smtpd.c.sin-spf-log 2005-05-03 16:25:00.000000000 +0200 +++ qmail-smtpd.c 2005-05-09 17:32:44.000000000 +0200 @@ -493,6 +493,38 @@ seenmail = 0; out("250 flushed\r\n"); } + +void spf_log (char *sender, char *rcpt, char *title, char *description) { + + stralloc str_log = {0}; + + if (!stralloc_copys (&str_log, "SPF ")) die_nomem(); + if (!stralloc_cats (&str_log, title)) die_nomem(); + if (!stralloc_cats (&str_log, ": from <")) die_nomem(); + if (!stralloc_cats (&str_log, sender)) die_nomem(); + if (!stralloc_cats (&str_log, ":")) die_nomem(); + if (remoteinfo) + { + if (!stralloc_cats (&str_log, remoteinfo)) die_nomem(); + } + if (!stralloc_cats (&str_log, "> remote <")) die_nomem(); + if (fakehelo) + { + if (!stralloc_cats (&str_log, fakehelo)) die_nomem(); + } + if (!stralloc_cats (&str_log, ":")) die_nomem(); + if (remoteip) + { + if (!stralloc_cats (&str_log, remoteip)) die_nomem(); + } + if (!stralloc_cats (&str_log, "> rcpt <")) die_nomem(); + if (!stralloc_cats (&str_log, rcpt)) die_nomem(); + if (!stralloc_cats (&str_log, "> : ")) die_nomem(); + if (!stralloc_cats (&str_log, description)) die_nomem(); + if (!stralloc_0(&str_log)) die_nomem(); + strerr_warn1(str_log.s,0); +} + void smtp_mail(arg) char *arg; { int r; @@ -524,6 +556,7 @@ case SPF_ERROR: if (spfbehavior < 2) break; out("451 SPF lookup failure (#4.3.0)\r\n"); + spf_log(mailfrom.s, addr.s, "SPF lookup failure", "error"); return; case SPF_NONE: case SPF_UNKNOWN: @@ -567,6 +600,7 @@ } } } + void smtp_rcpt(arg) char *arg; { if (!seenmail) { err_wantmail(); return; } @@ -590,7 +624,11 @@ err_bmt(); return; } - if (flagbarfspf) { err_spf(); return; } + if (flagbarfspf) { + err_spf(); + spf_log(mailfrom.s, addr.s, "rejected", env_get("SPFRESULT")); + return; + } switch (chkuser_realrcpt (&mailfrom, &addr)) { case CHKUSER_KO: @@ -1205,6 +1243,7 @@ dohelo(remotehost); } + # undef SERVERCERT # undef CLIENTCA