Re: [policyd-users] "Add SPF Header" problem

Sun, 16 Oct 2011 09:13:58 -0700 

On 10/10/11 15:07, Nigel Kukard wrote:
> On 10/09/11 16:03, Hieronim Sokolski wrote:
>> Hello all,
> Hi,
>
>> ----- Oryginalna wiadomość -----
>>> Od: "Nigel Kukard" <[email protected]>
>>> Do: [email protected]
>>> Wysłane: wtorek, 6 wrzesień 2011 23:21:27
>>> Temat: Re: [policyd-users] "Add SPF Header" problem
>>> The postfix delegation protocol has 1 return result per message,
>>> checking the code the SPF header is not added if the message passes
>>> SPF
>>> , only if it does not pass.
>> I have similiar problem: if Greylisting and CheckSPF modules are both used 
>> in incoming policy, and SPF is set to add header only, no reject, header is 
>> not set instead of hard SPF fail.
>>
>> This is second try, so the pretender passes greylisting:
>>
>> Oct  9 17:29:47 cbhost postfix/smtpd[3591]: connect from 
>> fakehost[xxx.xxx.xxx.xxx]
>> Oct  9 17:30:14 cbhost cbpolicyd[3498]: module=CheckSPF, action=add_header, 
>> host=xxx.xxx.xxx.xxx, helo=fakehost, from=root@fakedomain, to=me@mydomain, 
>> reason=spf_fail
>> Oct  9 17:30:14 cbhost cbpolicyd[3498]: module=Greylisting, action=pass, 
>> host=xxx.xxx.xxx.xxx, helo=fakehost, from=root@fakedomain, to=me@mydomain, 
>> reason=authenticated
>>
>> received message has no SPF header.
> Only 1 verdict can be returned .... I'll look into if "pass" is maybe
> overwriting "add_header".
>
> Maybe better behavior would be that add_header supersedes pass as a
> verdict, but any failure or anything else supersedes that... hrmm.
>
>> Then Greylisting check goes disabled:
>>
>> Oct  9 17:31:41 cbhost postfix/smtpd[3591]: connect from 
>> fakehost[xxx.xxx.xxx.xxx]
>> Oct  9 17:32:07 cbhost cbpolicyd[3480]: module=CheckSPF, action=add_header, 
>> host=xxx.xxx.xxx.xxx, helo=fakehost, from=root@fakedomain, to=me@mydomain, 
>> reason=spf_fail
>>
>> and message has Received-SPF: header with full details.
>>
>> Am I doing something wrong, or this is a bug? I have noticed this behaviour 
>> in cbpolicyd 2.0.10 - the one shipped with Zimbra 7 - but today I have 
>> installed the newest version from git and I have exactly the same results.
>>
>> Thanks in advance for explaining what should I do to get greylisting working 
>> and SPF tagging all messages.
>>
> Regards
> Nigel
>
>
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.policyd.org/mailman/listinfo/users

In cbp/protocols/postfix.pm , try change the code along line 132 to look
like this (backup the file first) ...

--
    # Check protocol responses...
    if ($resp == PROTO_PASS) {
        if (!defined($resp) || (defined($resp) && $resp != PROTO_PREPEND)) {
            $response = "DUNNO";
            $response_data = $data;
            return CBP_CONTINUE;
        }

    } elsif ($resp == PROTO_OK) {
--


Let me know if it works.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users

Reply via email to