svn commit: r331692 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm

[do...@apache.org]

Author: dos
Date: Mon Nov  7 21:38:37 2005
New Revision: 331692

URL: http://svn.apache.org/viewcvs?rev=331692&view=rev
Log:
bug 4661: SPF checks should be done against trusted, but external relays

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm?rev=331692&r1=331691&r2=331692&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm Mon Nov  7 21:38:37 2005
@@ -234,6 +234,30 @@
     return;
   }
 
+  # make sure we're checking against the relay that passsed the mail to the internal network
+  my $lasttrusted = $scanner->{relays_trusted}->[-1];
+  if (defined $lasttrusted && $scanner->{conf}->{internal_networks}->get_num_nets() > 0 && !$lasttrusted->{internal}) {
+    dbg("spf: last trusted relay was marked as non-internal, cannot use first untrusted relay for spf checks");
+
+    # look for the relay that passed the message to the trusted & internal
+    # network from the trusted & external network
+    my $found = 0;
+    my $i = scalar @{$scanner->{relays_trusted}}; # - 1;
+    for (; $i > 0 && !$found; $i--) {
+      if ($scanner->{relays_trusted}->[$i-1]->{internal}) {
+	$lasthop = $scanner->{relays_trusted}->[$i];
+	$found = 1;
+      }
+    }
+
+    if ($found) {
+      dbg("spf: using first trusted, but non-internal, relay for spf checks");
+    } else {
+      dbg("spf: could not determine a suitable relay to do spf checks against");
+      return;
+    }
+  }
+
   my $ip = $lasthop->{ip};
   my $helo = $lasthop->{helo};
   $scanner->{sender} = '' unless $scanner->{sender_got};