From cff5a7b49c4151fdc55e085b150385259d0dc781 Mon Sep 17 00:00:00 2001
From: John Denker <jsd@av8n.com>
Date: Tue, 31 Jul 2012 18:48:21 -0700
Subject: might actually have a working SPF check
---
tools/sepofra.c | 10 ++++++++--
tools/sepofra.h | 1 +
tools/skrewt.c | 39 +++++++++++++++++++++++++++++++--------
3 files changed, 40 insertions(+), 10 deletions(-)
diff --git a/tools/sepofra.c b/tools/sepofra.c
index a0b9294..d41e5ad 100644
--- a/tools/sepofra.c
+++ b/tools/sepofra.c
@@ -2,12 +2,16 @@
#include <sstream>
#include "sepofra.h"
-
+#include "utils.h"
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX 255
#endif
+///// Important reference:
+///// http://www.ietf.org/rfc/rfc4408.txt
+/////
+
using namespace std;
string domain_part(const string ema){
@@ -58,7 +62,8 @@ void sepofra::check(
SPF_server_t* spf_server = NULL;
sepofra rslt;
ip = opt_ip;
- mailfrom = opt_mailfrom;
+ helo = opt_helo;
+ mailfrom = trim(opt_mailfrom, " \t\r\n<>");
string mailfrom_domain = domain_part(opt_mailfrom);
do {
@@ -139,6 +144,7 @@ string sepofra::explain() const {
/* ( */ build << ")";
build << " client-ip=" << ip << ";";
build << " envelope-from=" << mailfrom << ";";
+ build << " helo=" << helo;
return build.str();
}
diff --git a/tools/sepofra.h b/tools/sepofra.h
index 89719fb..2e4b831 100644
--- a/tools/sepofra.h
+++ b/tools/sepofra.h
@@ -21,6 +21,7 @@ public:
std::list<std::string> authorities;
std::string ip;
std::string mailfrom;
+ std::string helo;
SPF_request_t* spf_request;
SPF_response_t* spf_response;
diff --git a/tools/skrewt.c b/tools/skrewt.c
index a7e144f..bcbfb16 100644
--- a/tools/skrewt.c
+++ b/tools/skrewt.c
@@ -39,6 +39,7 @@ void usage(const int sts){
#include "qq_exit_codes.h"
#include "utils.h"
+#include "sepofra.h"
/////////////////////////////////////////////////////////
// Case insensitive comparison of strings
@@ -224,8 +225,15 @@ Received: from ip68-231-191-153.tc.ph.cox.net (HELO asclepias.av8n.net) (smtp@68
#endif
#if 0 /* good for testing */
+// random mail from FAA
/home/jsd/Maildir/cur/1343769926.24228.cloud\:2\,
+// has a good SPF result buried inside, at an earlier hop:
+/home/jsd/Maildir/cur/1342372942.24810.cloud:2,
+
+// has a good SPF as delivered to us:
+/home/jsd/Maildir/cur/1343671179.10420.cloud:2,
+
// The following msg has no message-id, but does have an
// authorized submitter:
/home/jsd/Maildir/cur/1342363199.24320.cloud:2,
@@ -352,14 +360,29 @@ int skrewt::interstage(){
if (saw_blank_line) {/* ignore */}
// Note that the headers are in reverse-chronological order:
cerr << progid <<" Return-path: " << return_path <<endl;
- cerr << " Received: " << received_from <<endl;
- int rslt = krunch_rfrom();
- if (rslt) return rslt;
- cerr << " rDNS: " << proximta_rDNS << endl;
- cerr << " HELO: " << proximta_HELO << endl;
- cerr << " IP: " << proximta_IP << endl;
- cerr << " AuthUser: " << proximta_AuthUser << endl;
- cerr << " Mid '" << message_id << "'" << endl;
+
+ { // parse the 'Received: from' line:
+ cerr << " Received: " << received_from <<endl;
+ int rslt = krunch_rfrom();
+ if (rslt) return rslt;
+ cerr << " rDNS: " << proximta_rDNS << endl;
+ cerr << " HELO: " << proximta_HELO << endl;
+ cerr << " IP: " << proximta_IP << endl;
+ cerr << " AuthUser: " << proximta_AuthUser << endl;
+ cerr << " Mid '" << message_id << "'" << endl;
+ }
+
+ sepofra my_spf;
+ try {
+ my_spf.check(proximta_IP,
+ proximta_HELO,
+ return_path,
+ "junk", 0/* verbosity */);
+ cerr << "*** " << my_spf.explain() << endl;
+ } catch (bad_thing foo) {
+ cerr << "Caught bad thing: " << foo.what() << endl;
+ return ex_syserr;
+ }
// The logic here is: In order:
// 1) If whitelisted, accept. No greylisting, no spam-checking.
--
cgit v1.2.3