On Tue, 2007-01-02 at 12:43 -0500, Dick St.Peters wrote:
Ramprasad writes:
I am trying to write a C milter for implementing my custom rules
I would also like to integrate SPF checks into the milter. I do not want
to use sid-milter because It does not allow me to reject mails before
DATA
Modifying sid-milter to reject mail before DATA is a lot simpler than
creating your own milter. All it takes is adding an mlfi_envrcpt()
procedure that calls sid_marid_check() with scope SM_SCOPE_SPF.
Currently, sid-milter does not implement the SPF HELO check, but you
could add your own by adding an mlfi_helo() procedure that saves the
HELO name in the privdata and then modifying sid_marid_check() to do
the HELO check using the saved HELO name.
In similar fashion, you can graft all sorts of other checks onto the
sid-milter scaffolding.
Regardless of how you do your custom rules, you should note that
sendmail 8.14 makes some changes in the milter interface.
I am using postfix MTA
<OT>
I havent used a milter with postfix before, but I have used a milter
with sendmail implementing watchdog ids, subject policies for select
users , etc
</OT>
The spf milter I plan to use seems to be pretty simple. Just one
convenience function and a call in mlfi_envrcpt()
I plan to ignore SPF HELO ( I am not sure if that is very important )
Any comments on this code. ( not yet finished .. just request for
comments )
It compiles and works on my machine. But is it good enough for
production ?
------------------
/* Global variables for handles */
SPF_server_t *spf_server = NULL;
SPF_request_t *spf_request = NULL;
/* Convenience function , wrapper around libspf2 methods */
SPF_result_t spfcheck_s(SPF_request_t *spf_request,char* ip, char* helo,
char* sender) {
SPF_response_t *spf_response = NULL;
SPF_request_set_ipv4_str( spf_request, ip );
SPF_request_set_helo_dom( spf_request, helo );
SPF_request_set_env_from( spf_request, sender );
SPF_request_query_mailfrom(spf_request, &spf_response);
return SPF_response_result(spf_response);
}
/* The milter rcpt callback, can do the same in mfrom callback too */
sfsistat mlfi_envrcpt(SMFICTX *ctx, char **rcpt)
{
addlog( /* custom log function */
5,
"Got connection from ",
smfi_getsymval(ctx, "{client_addr}"),
smfi_getsymval(ctx, "{mail_addr}"),
" SPF RESULT: ",
SPF_strresult(spfcheck_s(spf_request,smfi_getsymval(ctx,
"{client_addr}"),"",smfi_getsymval(ctx, "{mail_addr}"))));
/* Currently just log the SPF results */
/* continue processing */
return SMFIS_CONTINUE;
}
main ( ... ) {
......
spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
if (spf_server == NULL) {
fprintf( stderr, "SPF_create_config failed.\n" );
exit(1);
}
spf_request = SPF_request_new(spf_server);
.........
}
------------------------------------------
Thanks
Ram
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735