spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ANNOUNCE] Experimental patch for native qmail SPF support

2004-01-29 16:37:32
from [Christophe Saout] [Permanent Link] 
Hi!

So now I've got a working version of my qmail patch that adds native SPF
support (see: http://spf.pobox.com/ ). The patch is an envelope only
checker that runs when qmail-smtpd receives the MAIL FROM:<> command.

The behavior can be controlled using /var/qmail/control/spfbehavior. It
contains an number:
0 - no SPF
1 - only check add and Received-SPF headers, never block
2 - DNS problems cause temporary failures
3 - SPF fail causes qmail-smtpd to reject the message (with explanation)
4 - ultra strict mode: resolution unknown get also rejected

In addition to that you can add a /var/qmail/control/spfrules file in
which you can put a line of additional rules that get checked before the
domains rules would fail (e.g. to allow the local network to always pass
or to add a include a global whitelist domain or something).

There's also an spfquery tool that does an SPF check from the command
line. It takes 3 or 4 arguments: remote IP, helo/ehlo name, envelope
from address and optionally additional local rules.

Why did I write this patch? Mainly for fun. Because I think it's neat
and was interesting to program. And because that damn Mydoom virus is
flooding my mail server and filling the mail queue and blocking
smtpd-remote processes...

And it doesn't stop filling my domain catchall account with forked
addresses. I'll hope that enough people will publish SPF rules for their
domains soon so that forged addresses can be rejected. At least my
domain already has a -all rule at the end. I know my mails only come
from these servers and I hope other mail servers could use this
information. As soon as possible.

The patch is the result of a two days hacking marathon. It passes most
of the tests (all that seem relevant to me?). It's perhaps not the
cleanest but relatively short.

I'm going to test it on my mail server soon, qmail-smtpd has only been
tested from the command line.

Well, here is it. Happy testing:

http://www.saout.de/misc/qmail-spf-beta1.patch


-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ANNOUNCE] Experimental patch for native qmail SPF support, Christophe Saout <=
Previous by Date:  Re: Received-SPF, Guillaume Filion
Next by Date:  Re: Summary: Current state of SPF, Dan Boresjo
Previous by Thread:  patenting SPF, Meng Weng Wong
Next by Thread:  RE: Extensibility (was: [OT] Frozen or slushy?), Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]