[PATCH] 3 patches for sender_permitted_from plugin

[Pim van den Berg]

Hi,

Attached are 3 patches for the sender_permitted_from plugin.
Could you review and include them upstream?

Thanks!

-- 
Regards,
Pim

From 0ceb010016ce5130e4e3b8826b176cbf66abc790 Mon Sep 17 00:00:00 2001
From: Pim van den Berg <p...@mediadesign.nl>
Date: Tue, 1 Feb 2011 15:04:33 +0100
Subject: [PATCH 1/3] spf: exit relayclients while loop when client_ip doesnt match

Checking an invalid address kept looping.
---
 plugins/sender_permitted_from |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/sender_permitted_from b/plugins/sender_permitted_from
index a6d833b..661dd91 100644
--- a/plugins/sender_permitted_from
+++ b/plugins/sender_permitted_from
@@ -68,7 +68,7 @@ sub hook_mail {
           if exists $relay_clients{$client_ip};
         return (DECLINED, "SPF - relaying permitted")
           if exists $more_relay_clients->{$client_ip};
-        $client_ip =~ s/\d+\.?$//;    # strip off another 8 bits
+        $client_ip =~ s/\d+\.?$// or last;    # strip off another 8 bits
     }
 
     my $scope = $from ? 'mfrom' : 'helo';
-- 
1.7.1


From 2eb20d936d1ae7246e62b8623af1ba7743977cc5 Mon Sep 17 00:00:00 2001
From: Pim van den Berg <p...@mediadesign.nl>
Date: Tue, 1 Feb 2011 15:05:00 +0100
Subject: [PATCH 2/3] spf: add ipv6 support to relayclients check

---
 plugins/sender_permitted_from |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/sender_permitted_from b/plugins/sender_permitted_from
index 661dd91..94cfc3d 100644
--- a/plugins/sender_permitted_from
+++ b/plugins/sender_permitted_from
@@ -68,7 +68,7 @@ sub hook_mail {
           if exists $relay_clients{$client_ip};
         return (DECLINED, "SPF - relaying permitted")
           if exists $more_relay_clients->{$client_ip};
-        $client_ip =~ s/\d+\.?$// or last;    # strip off another 8 bits
+        $client_ip =~ s/[\da-f]+[.:]?$// or last;    # strip off another 8 bits
     }
 
     my $scope = $from ? 'mfrom' : 'helo';
-- 
1.7.1


From ec1cb2765e82e403b29ed0d976b112f992fe0476 Mon Sep 17 00:00:00 2001
From: Pim van den Berg <p...@mediadesign.nl>
Date: Tue, 1 Feb 2011 16:58:08 +0100
Subject: [PATCH 3/3] spf: remove DENYSOFT on SPF softfail

With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.

This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]
---
 plugins/sender_permitted_from |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/plugins/sender_permitted_from b/plugins/sender_permitted_from
index 94cfc3d..5b8ba1c 100644
--- a/plugins/sender_permitted_from
+++ b/plugins/sender_permitted_from
@@ -19,7 +19,7 @@ In config/plugins, add arguments to the sender_permitted_from line.
 
 =head2 spf_deny
 
-Setting spf_deny to 0 will prevent emails from being rejected, even if they fail SPF checks. sfp_deny 1 is the default, and a reasonable setting. It temporarily defers connections (4xx) that have soft SFP failures and only rejects (5xx) messages when the sending domains policy suggests it. Settings spf_deny to 2 is more aggressive and will cause soft failures to be rejected permanently.
+Setting spf_deny to 0 will prevent emails from being rejected, even if they fail SPF checks. sfp_deny 1 is the default, and a reasonable setting. It prevents soft SFP failures from being rejected and only rejects (5xx) messages when the sending domains policy suggests it. Settings spf_deny to 2 is more aggressive and will cause soft failures to be rejected permanently.
 
 See also http://spf.pobox.com/
 
@@ -119,7 +119,6 @@ sub hook_rcpt {
 
     if ($code eq "softfail") {
         return (DENY, "SPF probable forgery: $why") if $deny > 1;
-        return (DENYSOFT, "SPF probable forgery: $why");
     }
 
     $self->log(LOGDEBUG, "result for $rcpt->address was $code: $why");
-- 
1.7.1

signature.asc
Description: Digital signature