[Followup to spf-help, please.]
On Wed, Nov 24, 2004 at 05:24:03PM +1100,
Rolf <rolf(_at_)ses(_dot_)tas(_dot_)gov(_dot_)au> wrote
a message of 44 lines which said:
The problem is that all the mail is not delivered to the local mail
server from the originating mail server, it goes via an ISP.
This is clearly a bad thing, as long as SPF is concerned. You have
three solutions, two clean and one hack:
1) Change your architecture to no longer go through the ISP,
2) Convince the ISP to do the SPF check
3) [This is the hack] Test yourself on the proper Received header . A
bit tricky because you have to be sure of the number of Received
headers before the "real" one and you have to parse Received headers
that are far from being standard.
Does anyone know what if anything I can adjust to make SPF match the
right header info,
Here is the code I use on machines like yours. Warning: I said it is a
hack.
In the .procmailrc :
:0fwh
# If the message is from the outside
* ^Received:.*from mx([0-9]+)\.nic.fr
| formail -A "Received-SPF: on `hostname`:
SPF-`/usr/local/bin/spf-for-procmail`"
In /usr/local/bin/spf-for-procmail (you will need the Perl module
Mail::SPF::Query) :
#!/bin/sh
# Most recent trusted Received header. The value is 2 by default (1
# for fetchmail and one for the ISP) but it can be more if there is a
# complicated mail setup with several servers.
TRUSTED_RECEIVED=2
HEADERS_FILE=`mktemp`
cat - > $HEADERS_FILE
LAST_RECEIVED=`cat $HEADERS_FILE | formail -c -x Received |
head -$TRUSTED_RECEIVED | tail -1`
# The regexp depends on the
SMTP
# server
# vvvvvvvvvvvvvvvvvvv
LAST_SMTP_SENDER=`echo $LAST_RECEIVED | perl -ne 'm/\[([0-9\.]+)\]\) +by/;
print $1'`
HELO_HOST=`echo $LAST_RECEIVED | perl -ne 'm/^ *from +([a-zA-Z0-9\.\-]+)/;
print $1'`
SENDER=`cat $HEADERS_FILE | formail -c -x Return-Path`
rm $HEADERS_FILE
RESULT=`echo "$LAST_SMTP_SENDER $SENDER $HELO_HOST" | spfquery -f -`
echo $RESULT