spf-discuss
[Top] [All Lists]

Re: Spf Problem with DRAC?

2004-03-30 21:38:28
Joshue wrote:

El 20:37 30/03/2004, Paul Howarth escribió:

On Tue, 2004-03-30 at 19:28, Joshue wrote:

         I'm testing SPF with an existing Sendmail and DRAC (a
pop-before-smtp solution). The Sendmail+DRAC had been working for
three years in our servers with dynamic clients (IPs), now I have
added the SPF functionality.

Which sendmail SPF solution are you using? The milter supports
authentication using SMTP AUTH and TLS but may need tweaking to
support a different mechanism. How is DRAC integrated into your
sendmail setup? Is there a macro set when the client
is authenticated?

I am well familiar with DRAC, and still use it myself (you know, that pesky
thing where you keep telling your users, for years, to start using SMTP
AUTH, but where they scream red at the chance of DRAC ever be removed, so
you keep it hanging around in perpetuity).

Kdrac btree /etc/mail/dracd
.....
SLocal_check_rcpt
R$*     $: $&{client_addr}
R$+     $: $(drac $1 $: ? $)
R?      $@ ?
R$+     $@ $#OK

You just quoted part the problem: a DRAC authentication result is not
persistently available (basically just at check_mail; which is
SLocal_check_rcpt here). To integrate it, spf-milter, for starters, would
always have to run in "mx" mode (where SPF checks are delayed until
envrcpt_callback).

Furthermore, for this to work even, a DRAC macro will need to be exported.
In your "local info", define this 'storage' map:

Kstorage macro

Now insert a line into SLocal_check_rcpt, to store the DRAC result:

R$*   $: $&{client_addr}
R$+   $: $(drac $1 $: ? $)
R$+   $: $(storage {DRAC_auth} $@ $1 $) $1
R?    $@ ?
R$+   $@ $#OK

Finally, export the macro:

O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}, {DRAC_auth}

That, in principle, provides the basic key to using DRAC in a Milter. If
people are interested in it, I could integrate it into spf-milter.

Cheers,

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx


<Prev in Thread] Current Thread [Next in Thread>