On Wed, 22 Feb 2006 09:14:52 -0500, "Dick St.Peters"
<stpeters(_at_)NetHeaven(_dot_)com> wrote:
Disabling the PRA check is a trivial code change.
I see.
However, turning off the PRA check would still leave sid-milter doing
a Sender-ID-style SPF check, which currently differs from that done by
spf-milter (no ehlo/ehlo check, for example).
Is that bad? I don't know.
Anyway, I made a patch which ignores the result of the PRA check,
provided you run sid-milter at reject level 2.
I also made an exception for users who authenticate with smtp-auth;
they are not subjected to the SPF checks.
I like sid-milter, it's clean enough that even I can understand it,
more or less. Here's the patch in case anyone is interested.
--- sid-filter.c 2005-12-08 16:47:15.000000000 -0500
+++ sid-filter.c 2006-02-23 02:48:34.000000000 -0500
@@ -1569,6 +1569,7 @@
int err;
char *user;
char *domain;
+ char *auth_authen;
Context sic;
#ifndef DEBUG
@@ -1586,6 +1587,13 @@
sid_msgcleanup(ctx);
/*
+ ** Accept auth users.
+ */
+
+ if (auth_authen = smfi_getsymval(ctx, "{auth_authen}"))
+ return SMFIS_ACCEPT;
+
+ /*
** Don't fail on the RFC2821 bounce address.
*/
@@ -1969,7 +1977,7 @@
break;
case 2: /* need both !FAIL */
- if (sid_result == SM_MARID_FAIL || spf_result == SM_MARID_FAIL)
+ if (spf_result == SM_MARID_FAIL)
ret = SMFIS_REJECT;
break;
@@ -2004,7 +2012,7 @@
snprintf(errmsg, sizeof errmsg,
"Rejected due to %s policy for sender %s",
- (sid_result == SM_MARID_FAIL ? "Sender-ID" : "SPF"),
+ (sid_result == SM_MARID_FAIL ? "SPF" : "SPF"),
badaddr);
if (smfi_setreply(ctx, "550", "5.7.1", errmsg) != MI_SUCCESS &&
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com