You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jq...@apache.org on 2015/01/30 15:34:02 UTC
svn commit: r1656028 - in /spamassassin/trunk:
lib/Mail/SpamAssassin/Plugin/SPF.pm rules/25_spf.cf
Author: jquinn
Date: Fri Jan 30 14:34:01 2015
New Revision: 1656028
URL: http://svn.apache.org/r1656028
Log:
Added test rules to detect SPF queries that produce error results
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
spamassassin/trunk/rules/25_spf.cf
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm?rev=1656028&r1=1656027&r2=1656028&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm Fri Jan 30 14:34:01 2015
@@ -59,11 +59,15 @@ sub new {
$self->register_eval_rule ("check_for_spf_none");
$self->register_eval_rule ("check_for_spf_fail");
$self->register_eval_rule ("check_for_spf_softfail");
+ $self->register_eval_rule ("check_for_spf_permerror");
+ $self->register_eval_rule ("check_for_spf_temperror");
$self->register_eval_rule ("check_for_spf_helo_pass");
$self->register_eval_rule ("check_for_spf_helo_neutral");
$self->register_eval_rule ("check_for_spf_helo_none");
$self->register_eval_rule ("check_for_spf_helo_fail");
$self->register_eval_rule ("check_for_spf_helo_softfail");
+ $self->register_eval_rule ("check_for_spf_helo_permerror");
+ $self->register_eval_rule ("check_for_spf_helo_temperror");
$self->register_eval_rule ("check_for_spf_whitelist_from");
$self->register_eval_rule ("check_for_def_spf_whitelist_from");
@@ -258,6 +262,18 @@ sub check_for_spf_softfail {
$scanner->{spf_softfail};
}
+sub check_for_spf_permerror {
+ my ($self, $scanner) = @_;
+ $self->_check_spf ($scanner, 0) unless $scanner->{spf_checked};
+ $scanner->{spf_permerror};
+}
+
+sub check_for_spf_temperror {
+ my ($self, $scanner) = @_;
+ $self->_check_spf ($scanner, 0) unless $scanner->{spf_checked};
+ $scanner->{spf_temperror};
+}
+
sub check_for_spf_helo_pass {
my ($self, $scanner) = @_;
$self->_check_spf ($scanner, 1) unless $scanner->{spf_helo_checked};
@@ -291,6 +307,18 @@ sub check_for_spf_helo_softfail {
$scanner->{spf_helo_softfail};
}
+sub check_for_spf_helo_permerror {
+ my ($self, $scanner) = @_;
+ $self->_check_spf ($scanner, 1) unless $scanner->{spf_helo_checked};
+ $scanner->{spf_helo_permerror};
+}
+
+sub check_for_spf_helo_temperror {
+ my ($self, $scanner) = @_;
+ $self->_check_spf ($scanner, 1) unless $scanner->{spf_helo_checked};
+ $scanner->{spf_helo_temperror};
+}
+
sub check_for_spf_whitelist_from {
my ($self, $scanner) = @_;
$self->_check_spf_whitelist($scanner) unless $scanner->{spf_whitelist_from_checked};
@@ -524,6 +552,8 @@ sub _check_spf {
$scanner->{spf_helo_none} = 0;
$scanner->{spf_helo_fail} = 0;
$scanner->{spf_helo_softfail} = 0;
+ $scanner->{spf_helo_permerror} = 0;
+ $scanner->{spf_helo_temperror} = 0;
$scanner->{spf_helo_failure_comment} = undef;
} else {
# SPF on envelope sender (where possible)
@@ -533,6 +563,8 @@ sub _check_spf {
$scanner->{spf_none} = 0;
$scanner->{spf_fail} = 0;
$scanner->{spf_softfail} = 0;
+ $scanner->{spf_permerror} = 0;
+ $scanner->{spf_temperror} = 0;
$scanner->{spf_failure_comment} = undef;
}
@@ -679,6 +711,9 @@ sub _check_spf {
elsif ($result eq 'none') { $scanner->{spf_helo_none} = 1; }
elsif ($result eq 'fail') { $scanner->{spf_helo_fail} = 1; }
elsif ($result eq 'softfail') { $scanner->{spf_helo_softfail} = 1; }
+ elsif ($result eq 'permerror') { $scanner->{spf_helo_permerror} = 1; }
+ elsif ($result eq 'temperror') { $scanner->{spf_helo_temperror} = 1; }
+ elsif ($result eq 'error') { $scanner->{spf_helo_temperror} = 1; }
if ($result eq 'fail') { # RFC 4408 6.2
$scanner->{spf_helo_failure_comment} = "SPF failed: $comment";
@@ -689,6 +724,8 @@ sub _check_spf {
elsif ($result eq 'none') { $scanner->{spf_none} = 1; }
elsif ($result eq 'fail') { $scanner->{spf_fail} = 1; }
elsif ($result eq 'softfail') { $scanner->{spf_softfail} = 1; }
+ elsif ($result eq 'temperror') { $scanner->{spf_temperror} = 1; }
+ elsif ($result eq 'error') { $scanner->{spf_temperror} = 1; }
if ($result eq 'fail') { # RCF 4408 6.2
$scanner->{spf_failure_comment} = "SPF failed: $comment";
Modified: spamassassin/trunk/rules/25_spf.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/25_spf.cf?rev=1656028&r1=1656027&r2=1656028&view=diff
==============================================================================
--- spamassassin/trunk/rules/25_spf.cf (original)
+++ spamassassin/trunk/rules/25_spf.cf Fri Jan 30 14:34:01 2015
@@ -32,12 +32,15 @@ ifplugin Mail::SpamAssassin::Plugin::SPF
# "neutral" is somewhat bad
# "fail" is bad
# "softfail" is bad, but not as bad as "fail"
+# "permerror" is very bad, and means the domain doesn't have a valid spf record
# These are more trustworthy results than the SPF_HELO rules.
header SPF_PASS eval:check_for_spf_pass()
header SPF_NEUTRAL eval:check_for_spf_neutral()
header SPF_FAIL eval:check_for_spf_fail()
header SPF_SOFTFAIL eval:check_for_spf_softfail()
+header T_SPF_PERMERROR eval:check_for_spf_permerror()
+header T_SPF_TEMPERROR eval:check_for_spf_temperror()
# NOTE: SPF_HELO_PASS is not incredibly hard to fake, so shouldn't
# provide much in the way of points compared to SPF_PASS et al.
@@ -47,15 +50,21 @@ header SPF_HELO_PASS eval:check_for_spf
header SPF_HELO_NEUTRAL eval:check_for_spf_helo_neutral()
header SPF_HELO_FAIL eval:check_for_spf_helo_fail()
header SPF_HELO_SOFTFAIL eval:check_for_spf_helo_softfail()
+header T_SPF_HELO_PERMERROR eval:check_for_spf_helo_permerror()
+header T_SPF_HELO_TEMPERROR eval:check_for_spf_helo_temperror()
describe SPF_PASS SPF: sender matches SPF record
describe SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
describe SPF_FAIL SPF: sender does not match SPF record (fail)
describe SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
+describe T_SPF_PERMERROR SPF: test of record failed (permerror)
+describe T_SPF_TEMPERROR SPF: test of record failed (temperror)
describe SPF_HELO_PASS SPF: HELO matches SPF record
describe SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
describe SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
describe SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
+describe T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)
+describe T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
# these are "userconf" so that scores are set by hand
tflags SPF_PASS nice userconf net
@@ -63,9 +72,13 @@ tflags SPF_HELO_PASS nice userconf net
tflags SPF_NEUTRAL net
tflags SPF_FAIL net
tflags SPF_SOFTFAIL net
+tflags T_SPF_PERMERROR net
+tflags T_SPF_TEMPERROR net
tflags SPF_HELO_NEUTRAL net
tflags SPF_HELO_FAIL net
tflags SPF_HELO_SOFTFAIL net
+tflags T_SPF_HELO_PERMERROR net
+tflags T_SPF_HELO_TEMPERROR net
# rules from earlier than current release that can be reused
reuse SPF_PASS
@@ -76,6 +89,10 @@ reuse SPF_HELO_FAIL
reuse SPF_HELO_SOFTFAIL
reuse SPF_NEUTRAL
reuse SPF_HELO_NEUTRAL
+reuse T_SPF_PERMERROR
+reuse T_SPF_TEMPERROR
+reuse T_SPF_HELO_PERMERROR
+reuse T_SPF_HELO_TEMPERROR
# Implementing the Sender Check for No SPF REcord defaulting to disabled so Admins can override
header SPF_NONE eval:check_for_spf_none()