spf-discuss
[Top] [All Lists]

Re: sendmail-milter question

2004-03-31 21:30:16

I've been talking with Emmanuel Dreyfus about sendmail milters and
SPF.  I mentioned this thread to him, and he asked me to post this
response:



In <1gbhkeo(_dot_)3puyorqf6is9M%manu(_at_)netbsd(_dot_)org> 
manu(_at_)netbsd(_dot_)org (Emmanuel Dreyfus) writes:

See 
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200403/0445.html
and the two immediate followups by Meng.  If you understand can add to
this discussion, please post a reply!  I'm sure there are several
people who would be interested in learning more about how to correctly
do SPF via milters.

I've got the answer, but how can I post? You act as a proxy for me?

Emmanuel:
To subscribe, use either: 
<mailto:subscribe-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>,
<http://v2.listbox.com/subscribe/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>

And, yes, I'm acting as a proxy for Emmanuel here...



All SSL info is available to the milter through sendmail macros. At
mlfi_helo() stage, you can check for the different macros using
smfi_getsymval():
tls_version, cipher, cipher_bits, cert_subject, cert_issuer

If the macros fit your taste, you keep track in your private data (see
mlfi_priv in milter-greylist) that this connexion is okay.

In mlfi_envfrom(), where you normally do the SPF check, you get your
private data, and check your flag. If SSL was okay, you return
immediatly SMFIS_CONTINUE, otherwise you proceed with SPF.

The same idea is used in milter-greylist, at mlfi_envrcpt() stage. If we
discovered that the sender was whitelisted for various reasons, any
other checks are bypassed at the beginning:

        priv = (struct mlfi_priv *) smfi_getpriv(ctx);
        (...)
        if ((priv->priv_whitelist == EXF_ADDR) ||
            (priv->priv_whitelist == EXF_FROM) ||
            (priv->priv_whitelist == EXF_AUTH) ||
            (priv->priv_whitelist == EXF_SPF))
                return SMFIS_CONTINUE;  
 


<Prev in Thread] Current Thread [Next in Thread>