diff options
| author | John Denker <jsd@av8n.com> | 2012-07-31 18:48:21 -0700 |
|---|---|---|
| committer | John Denker <jsd@av8n.com> | 2012-07-31 18:48:21 -0700 |
| commit | cff5a7b49c4151fdc55e085b150385259d0dc781 (patch) | |
| tree | 2b454bf555a8422e4bde885967f58cb4240404d3 | |
| parent | ea83c5d01a7e075dc5cd7ddf808e2a275f2dd68b (diff) | |
might actually have a working SPF check
| -rw-r--r-- | tools/sepofra.c | 10 | ||||
| -rw-r--r-- | tools/sepofra.h | 1 | ||||
| -rw-r--r-- | tools/skrewt.c | 39 |
3 files changed, 40 insertions, 10 deletions
diff --git a/tools/sepofra.c b/tools/sepofra.c index a0b9294..d41e5ad 100644 --- a/tools/sepofra.c +++ b/tools/sepofra.c @@ -2,12 +2,16 @@ #include <sstream> #include "sepofra.h" - +#include "utils.h" #ifndef HOST_NAME_MAX #define HOST_NAME_MAX 255 #endif +///// Important reference: +///// http://www.ietf.org/rfc/rfc4408.txt +///// + using namespace std; string domain_part(const string ema){ @@ -58,7 +62,8 @@ void sepofra::check( SPF_server_t* spf_server = NULL; sepofra rslt; ip = opt_ip; - mailfrom = opt_mailfrom; + helo = opt_helo; + mailfrom = trim(opt_mailfrom, " \t\r\n<>"); string mailfrom_domain = domain_part(opt_mailfrom); do { @@ -139,6 +144,7 @@ string sepofra::explain() const { /* ( */ build << ")"; build << " client-ip=" << ip << ";"; build << " envelope-from=" << mailfrom << ";"; + build << " helo=" << helo; return build.str(); } diff --git a/tools/sepofra.h b/tools/sepofra.h index 89719fb..2e4b831 100644 --- a/tools/sepofra.h +++ b/tools/sepofra.h @@ -21,6 +21,7 @@ public: std::list<std::string> authorities; std::string ip; std::string mailfrom; + std::string helo; SPF_request_t* spf_request; SPF_response_t* spf_response; diff --git a/tools/skrewt.c b/tools/skrewt.c index a7e144f..bcbfb16 100644 --- a/tools/skrewt.c +++ b/tools/skrewt.c @@ -39,6 +39,7 @@ void usage(const int sts){ #include "qq_exit_codes.h" #include "utils.h" +#include "sepofra.h" ///////////////////////////////////////////////////////// // Case insensitive comparison of strings @@ -224,8 +225,15 @@ Received: from ip68-231-191-153.tc.ph.cox.net (HELO asclepias.av8n.net) (smtp@68 #endif #if 0 /* good for testing */ +// random mail from FAA /home/jsd/Maildir/cur/1343769926.24228.cloud\:2\, +// has a good SPF result buried inside, at an earlier hop: +/home/jsd/Maildir/cur/1342372942.24810.cloud:2, + +// has a good SPF as delivered to us: +/home/jsd/Maildir/cur/1343671179.10420.cloud:2, + // The following msg has no message-id, but does have an // authorized submitter: /home/jsd/Maildir/cur/1342363199.24320.cloud:2, @@ -352,14 +360,29 @@ int skrewt::interstage(){ if (saw_blank_line) {/* ignore */} // Note that the headers are in reverse-chronological order: cerr << progid <<" Return-path: " << return_path <<endl; - cerr << " Received: " << received_from <<endl; - int rslt = krunch_rfrom(); - if (rslt) return rslt; - cerr << " rDNS: " << proximta_rDNS << endl; - cerr << " HELO: " << proximta_HELO << endl; - cerr << " IP: " << proximta_IP << endl; - cerr << " AuthUser: " << proximta_AuthUser << endl; - cerr << " Mid '" << message_id << "'" << endl; + + { // parse the 'Received: from' line: + cerr << " Received: " << received_from <<endl; + int rslt = krunch_rfrom(); + if (rslt) return rslt; + cerr << " rDNS: " << proximta_rDNS << endl; + cerr << " HELO: " << proximta_HELO << endl; + cerr << " IP: " << proximta_IP << endl; + cerr << " AuthUser: " << proximta_AuthUser << endl; + cerr << " Mid '" << message_id << "'" << endl; + } + + sepofra my_spf; + try { + my_spf.check(proximta_IP, + proximta_HELO, + return_path, + "junk", 0/* verbosity */); + cerr << "*** " << my_spf.explain() << endl; + } catch (bad_thing foo) { + cerr << "Caught bad thing: " << foo.what() << endl; + return ex_syserr; + } // The logic here is: In order: // 1) If whitelisted, accept. No greylisting, no spam-checking. |