James Couzens wrote:
If you honestly can't be bothered to join the development list, post
your idea in here anyways, worst case scenario is it gets ignored and
you'll never be rolling around late at night wondering just how the
interweb might be a safer place had you only revealed your idea(s)! ;-)
I look forward to hearing your suggestions.
OK, here's what I posted. It's really a case of tweaks to the milter
implementation rather than the underlying SPF library.
---------------------
Hello,
I am currently using a hacked version of the perl SPF milter and am interested
in moving to the native C version. Whilst there is nothing in the original
perl implementation that I use that is not in the C version, I have added some
features to the perl version that I would like to see in the C version:
1. An option to support compatibility with sendmail's "delay_checks" feature,
so that with FEATURE(`delay_checks', `friend') set in the sendmail.mc, an
entry like these:
Spam:Postmaster FRIEND
Spam:abuse(_at_)my(_dot_)dom FRIEND
in the access.db would whitelist that recipient from all SPF checks, and with
FEATURE(`delay_checks', `hater') set in the sendmail.mc, only recipients with
antries like these:
Spam:me(_at_)my(_dot_)dom HATER
Spam:metoo HATER
would have the SPF checks run.
2. An option to support access.db-based recipient whitelisting. The code I
wrote for the perl version worked like this:
# Per-recipient checks:
# If access.db check for recipient is `OK', treat as `whitelisted'
# Else if access.db check for recipient is `TAG', treat as `tag only'
# Else if delay_checks in `friend' mode and the recipient is a spam friend
# or delay_checks in `hater' mode and the recipient is not a spam hater
# then treat as `tag only'
# access.db whitelisting format (checked in order):
# SPF:[ip(_dot_)add(_dot_)re(_dot_)ss]user(_at_)dom(_dot_)ain OK|TAG
whitelist mail for user(_at_)dom(_dot_)ain
from ip.add.re.ss
# SPF:[ip.add.re.ss]dom.ain OK|TAG whitelist mail for anyone at
dom.ain from ip.add.re.ss
# SPF:user(_at_)dom(_dot_)ain OK|TAG whitelist mail for
user(_at_)dom(_dot_)ain
from anywhere
# SPF:dom.ain OK|TAG whitelist mail for dom.ain from
anywhere
Support for these features would require two big changes. Firstly, the ability
to defer the checking and rejection until the RCPT callback, and secondly
(more difficult I suspect), support for the Berkeley database library to
handle the sendmail access database. In the perl version this was just a case
of using the Sendmail::AccessDB and BerkeleyDB modules but clearly this would
be a much bigger task for a native C implementation.
Other facilities that I would not use myself but others might find useful
would be support for using override and fallback records in the milter (I
understand that the underlying SPF library already supports these features).
Unfortunately I am not enough of a C programmer to be able to implement these
changes myself. However, something I could offer back to the project if wanted
would be to provide Red Hat/Fedora packages for the libraries and the milter
(I'm not sure if these are already available given a quick scan of the libspf2
website).
Regards, Paul.