On Thu, Sep 09, 2004 at 10:37:51PM -0400, Meng Weng Wong wrote:
|
| # if none of the identities passed the policy test, reject with a friendly
message.
| my @policy_passed_identities = grep {
$identity_results{$_}->{policy_result} eq "PASS" } @IDENTITIES;
| if (not @policy_passed_identities) {
| return "REJECT agupimail recognized your @policy_passed_identities, but
was unable to authenticate you because your mail was not transmitted over an
authenticated channel. Please consider publishing an SPF record for those
identities.";
| # TODO: in the future, defer this rejection until we've had a chance to
examine the message body for a crypto sig.
| }
sorry, that should be if (@policy_passed_identities)
other bugs may lurk, eyeballs welcome.
anyway, here's what shows up in my syslog:
Attribute: client_address=204.74.68.55
Attribute: client_name=zorac.sf-bay.org
Attribute: extra_arg=
Attribute: helo_name=shell.sf-bay.org
Attribute: instance=004b33.0041411510.000000
Attribute: protocol_name=ESMTP
Attribute: protocol_state=RCPT
Attribute: queue_id=
Attribute: recipient=mengwong(_at_)spf(_dot_)pobox(_dot_)com
Attribute: request=smtpd_access_policy
Attribute: sender=mengwong(_at_)zorac(_dot_)sf-bay(_dot_)org
Attribute: size=0
testing: stripped sender=mengwong(_at_)zorac(_dot_)sf-bay(_dot_)org, stripped
rcpt=mengwong(_at_)spf(_dot_)pobox(_dot_)com
karma_query(ptr:zorac.sf-bay.org): querying
zorac.sf-bay.org.rating.cloudmark.com...
karma_query(ptr:zorac.sf-bay.org): querying
zorac.sf-bay.org.wl.trusted-forwarder.org...
karma_query(ptr:zorac.sf-bay.org): querying
zorac.sf-bay.org.dnswl.mengwong.com...
agupimail policy_status for ptr identity zorac.sf-bay.org returned PASS:
zorac.sf-bay.org found in dnswl.mengwong.com
agupimail now going to look for auth_status...
ptr_status: testing zorac.sf-bay.org
pass: spf/PTR smtp_comment=Please see
http://spf.pobox.com/why.html?sender=zorac.sf-bay.org&ip=204.74.68.55&receiver=dumbo.pobox.com:
zorac.sf-bay.org A 204.74.68.55, header_comment=dumbo.pobox.com: domain of
zorac.sf-bay.org designates 204.74.68.55 as permitted sender
agupimail auth_result for ptr identity zorac.sf-bay.org is PASS
agupimail overall: decided action=PREPEND X-SPF: agupimail approved of
authenticated sender (dumbo.pobox.com: domain of zorac.sf-bay.org designates
204.74.68.55 as permitted sender; zorac.sf-bay.org found in dnswl.mengwong.com)
so it looks like it's working as designed.
now i wait for spam to try to get in to
mengwong(_at_)spf(_dot_)pobox(_dot_)com ...