Chris Lewis wrote:
The rabid belief by some that RFC2142 mandated addresses MUST NOT be
filtered under any circumstances. Including people who misinterpret SPF
records ;-) [We publish ~all, some people interpret email .forwarded
thru something not in the SPF record to be forged and bounce it.]
On that subject, here's an old plugin that selectively rejects SPF soft
failures. I use it for paypal, ebay, banks, etc.. Basically, domains that I
wish would publish hard -all SPF records. Feedback welcome.
I need to clean up another plugin that does header checks for senders who have a
valid SPF record, but the message header 'From' is one of the above domains.
#!/usr/bin/perl -Tw
sub hook_rcpt {
my ($self, $transaction, $rcpt, %param) = @_;
# special addresses don't get SPF-tested.
return (DECLINED) if $self->qp->connection->relay_client();
return DECLINED if $rcpt and $rcpt->user and $rcpt->user =~
/^(?:postmaster|abuse|mailer-daemon|root)$/i;
my $sender = $transaction->sender;
return (DECLINED) unless ($sender->format ne "<>");
my @domains = $self->qp->config('forged_domains');
my %forged_domains = map { $_ => 1 } @domains;
my $host = '';
my $fqdn = $sender->host;
my @host = split /\./, $fqdn;
while (@host >= 2) {
$host = join '.', @host;
if (defined($forged_domains{lc($host)})) {
$host = $fqdn;
last;
}
$host = '';
shift(@host);
}
return (DECLINED) unless $host;
my $result = $transaction->notes('spfresult');
return (DECLINED) unless $result;
if ($result eq "error") {
return (DECLINED);
}
my $from = join '@', $sender->user, $sender->host;
if ($result eq "softfail") {
return (DENY, "I don't think you are allowed to send mail as '$from'. Are
you phishing?");
}
# if ($result eq "fail" and $self->{_args}{spf_deny}) {
# return (DENY, "SPF forgery: $smtp_comment");
# }
# if ($result eq 'fail' or $result eq 'softfail') {
# $self->log(LOGDEBUG, "result for $rcpt->address was $result: $comment");
# }
return DECLINED;
}
