Sendmail v8.13.0 + libSPF v1.0-RC2 HOWTO
by James Couzens <jcouzens@6o4.ca>
Date:
June 30, 2004
james@code3 $ cd libspf-1_0_0
james@code3
$ make
make[1]: Entering directory
`/home/james/code/libspf-1_0_0/src/libspf'
gcc -Wall -ggdb
-D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -fPIC -c -o shared/main.o
main.c
gcc -Wall -ggdb -D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -fPIC -c
-o shared/dns.o dns.c
gcc -Wall -ggdb -D_BSD_SOURCE -DDEBUG
-D_SPF_DEBUG -fPIC -c -o shared/util.o util.c
gcc -Wall -ggdb
-D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -fPIC -c -o shared/macro.o
macro.c
gcc -Wall -ggdb -D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG
-lresolv -shared -lresolv -Wl,-soname,libspf.so.1 -o libspf.so.1.0.0
shared/main.o shared/dns.o shared/util.o shared/macro.o
gcc -Wall
-ggdb -D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -c -o static/main.o
main.c
gcc -Wall -ggdb -D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -c -o
static/dns.o dns.c
gcc -Wall -ggdb -D_BSD_SOURCE -DDEBUG
-D_SPF_DEBUG -c -o static/util.o util.c
gcc -Wall -ggdb
-D_BSD_SOURCE -DDEBUG -D_SPF_DEBUG -c -o static/macro.o macro.c
ar
r libspf.a /usr/lib/libc.so /usr/lib/libresolv.a static/main.o
static/dns.o static/util.o static/macro.o
ar: creating libspf.a
mv
./libspf.a ../../lib
mv ./libspf.so* ../../lib
make[1]: Leaving
directory `/home/james/code/libspf-1_0_0/src/libspf'
cd
src/spfquery && make all
make[1]: Entering directory
`/home/james/code/libspf-1_0_0/src/spfquery'
gcc -Wall -ggdb3
-D_GNU_SOURCE -D_BSD_SOURCE -DDEBUG -c -o spfquery.o spfquery.c
gcc
-Wall -ggdb3 -D_GNU_SOURCE -D_BSD_SOURCE -DDEBUG -lspf -o
../../bin/spfquery-static spfquery.o /usr/local/lib/libspf.a
gcc
-Wall -ggdb3 -D_GNU_SOURCE -D_BSD_SOURCE -DDEBUG -o
../../bin/spfquery-shared spfquery.o -lspf
make[1]: Leaving
directory `/home/james/code/libspf-1_0_0/src/spfquery'
sh
./src/tellemhoss.sh
================================================================================
libspf
[1.0-RC2]
================================================================================
libraries
can be found in ./lib libspf developer forums:
binaries can be
found in ./bin http://forums.6o4.ca
MTA
patches can be found in ./patches
Active libspf developers:
PLEASE
READ THE HOWTO DOCS for MTA
IMPLEMENTATION James Couzens
<jcouzens@6o4.ca>
Teddy <teddy@teddy.ch>
Currently
supporting: Travis Anderson <travis@anthrax.ca>
Qmail -
http://qmail.org
Forward BUG reports to James
Sendmail -
http://sendmail.org
Courier
- http://courier-mta.org
Website/API & more @
http://libspf.org
================================================================================
james@code3
# make install
cp ./lib/libspf.a
/usr/local/lib/libspf.a
cp ./lib/libspf.so.1.0.0
/usr/local/lib/libspf.so
cp ./src/libspf/spf.h
/usr/local/include
james@code3 # ldconfig
james@code3 #
ldconfig -p | grep spf
libspf.so.1 (libc6) =>
/usr/local/lib/libspf.so.1
james@code3 $ cd
../sendmail-8.13.0
james@code3 $ patch -p0 <
../libspf-1_0_0/patches/sendmail/sendmail-8.13.0-libspf-1.0-RC3.diff
patching
file sendmail/readcf.c
patching file sendmail/Makefile.m4
patching
file sendmail/sendmail.h
patching file cf/feature/spf.m4
patching
file cf/m4/proto.m4
patching file sendmail/srvrsmtp.c
james@code3
$ cd cf/cf
james@code3 $ cp generic-linux.mc
sendmail.mc
james@code3 $ vi sendmail.mc
I appended the
following line:
FEATURE(spf)dnl
DO NOT DO THE
FOLLOWING (even tho the HOWTO included says you can, its wrong,
because its broken):
FEATURE(spf, `SPFAction',
`SPFHeaderState', `SPFBestGuessState', `SPFTrustedForwarderState',
`SPFExplainState', `SPFBestGuess', `SPFTrustedForwarder',
`SPFExplain')dnl
Although the idea is GREAT it doesn't
work, so don't do it until Teddy has a chance (or someone else who
can understand m4) to fix it, just apply the single feature.
For
the record I tried a few variations for example by putting each
FEATURE on its own line with actual arguments and I almost had it
working properly, but not quite, so this is why I say don't do it.
Try if you are feel dangerous, and submit any positive
results.
james@code3 $ cat sendmail.mc
divert(-1)
#
#
Copyright © 1998, 1999 Sendmail, Inc. and its suppliers.
#
All rights reserved.
# Copyright © 1983 Eric P. Allman. All
rights reserved.
# Copyright © 1988, 1993
# The Regents of
the University of California. All rights reserved.
#
# By using
this file, you agree to the terms and conditions set
# forth in
the LICENSE file which can be found at the top level of
# the
sendmail distribution.
#
#
#
# This is a generic
configuration file for Linux.
# It has support for local and SMTP
mail only. If you want to
# customize it, copy it to a name
appropriate for your environment
# and do the modifications
there.
#
divert(0)dnl
VERSIONID(`$Id: generic-linux.mc,v
8.1 1999/09/24 22:48:05 gshapiro Exp
$')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
FEATURE(spf)dnl
james@code3
$ sh Build sendmail.cf
Using M4=/usr/bin/m4
rm -f
sendmail.cf
/usr/bin/m4 ../m4/cf.m4 sendmail.mc > sendmail.cf
|| ( rm -f sendmail.cf && exit 1 )
*** ERROR: FEATURE()
should be before MAILER()
echo "### sendmail.mc ###"
>>sendmail.cf
sed -e 's/^/# /' sendmail.mc
>>sendmail.cf
chmod 444
sendmail.cf
../../devtools/bin/install.sh -c -o root -g bin -m
0444 sendmail.cf /etc/mail/sendmail.cf
rm -f submit.cf
/usr/bin/m4
../m4/cf.m4 submit.mc > submit.cf || ( rm -f submit.cf &&
exit 1 )
echo "### submit.mc ###" >>submit.cf
sed
-e 's/^/# /' submit.mc >>submit.cf
chmod 444
submit.cf
../../devtools/bin/install.sh -c -o root -g bin -m 0444
submit.cf /etc/mail/submit.cf
james@code3 # sh Build
install-cf
Configuration: pfx=, os=Linux, rel=2.6.5,
rbase=2, rroot=2.6, arch=i686, sfx=, variant=optimized
Using
M4=/usr/bin/m4
Creating
/home/james/code/sendmail-8.13.0/obj.Linux.2.6.5.i686/sendmail using
/home/james/code/sendmail-8.13.0/devtools/OS/Linux
Making
dependencies in
/home/james/code/sendmail-8.13.0/obj.Linux.2.6.5.i686/sendmail
rm
-f sm_os.h
ln -f -s ../../include/sm/os/sm_os_linux.h sm_os.h
cc
-M -I. -I../../include -DNEWDB -DLIBSPF main.c alias.c arpadate.c
bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c
domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c
mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c
savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c
stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c
version.c >> Makefile
Making in
/home/james/code/sendmail-8.13.0/obj.Linux.2.6.5.i686/sendmail
if
[ ! -d /etc/mail ]; then mkdir -p /etc/mail; else :; fi
install -c
-o bin -g bin -m 444 helpfile /etc/mail/helpfile
cp /dev/null
statistics
if [ ! -d /etc/mail ]; then mkdir -p /etc/mail; else :;
fi
install -c -o root -g bin -m 0600 statistics
/etc/mail/statistics
cc -O2 -I. -I../../include -DNEWDB -DLIBSPF
-c -o main.o main.c
cc -O2 -I. -I../../include -DNEWDB -DLIBSPF -c
-o alias.o alias.c
cc -O2 -I. -I../../include -DNEWDB -DLIBSPF -c
-o arpadate.o arpadate.c
cc -O2 -I. -I../../include -DNEWDB
-DLIBSPF -c -o bf.o bf.c
cc -O2 -I. -I../../include -DNEWDB
-DLIBSPF -c -o collect.o collect.c
cc -O2 -I. -I../../include
-DNEWDB -DLIBSPF -c -o conf.o conf.c
cc -O2 -I. -I../../include
-DNEWDB -DLIBSPF -c -o control.o control.c
- snip
!
james@code3 $ vi /etc/mail/sendmail.cf
Looking
at line 517 I can see the newly added SPF directives:
#
SPFAction
O SPFAction=1
# SPFHeaderState
O
SPFHeaderState=True
# SPFBestGuessState
O
SPFBestGuessState=0
# SPFTrustedForwarderState
O
SPFTrustedForwarderState=0
# SPFExplainState
O
SPFExplainState=True
# SPFBestGuess
O SPFBestGuess=v=spf1
a/24 mx/24 ptr
# SPFTrustedForwarder
O
SPFTrustedForwarder=v=spf1 include:spf.trusted-forwarder.org
#
SPFExplain
O SPFExplain=See
http://spf.pobox.com/why.html?sender=%{S}&...&receiver=%{xR}
This
is what you see if you DON'T listen to my advice as listed up
above:
# SPFAction
O SPFAction=SPFAction
#
SPFHeaderState
O SPFHeaderState=SPFHeaderState
#
SPFBestGuessState
O SPFBestGuessState=SPFBestGuessState
#
SPFTrustedForwarderState
O
SPFTrustedForwarderState=SPFTrustedForwarderState
#
SPFExplainState
O SPFExplainState=SPFExplainState
#
SPFBestGuess
O SPFBestGuess=SPFBestGuess
#
SPFTrustedForwarder
O SPFTrustedForwarder=SPFTrustedForwarder
#
SPFExplain
O SPFExplain=SPFExplain
Down at line 590 you see
the new header:
H?P?Return-Path: <$g>
HReceived-SPF:
${spfheader}
HReceived: $?sfrom $s $.$?_($?s$|from
$.$_)
$.$?{auth_type}(authenticated$?{auth_ssf}
bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id
$i$?{tls_version}
(version=${tls_version} cipher=${cipher}
bits=${cipher_bits} verify=${verify})$.$?u
for $u;
$|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From:
$?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name:
$x
# HPosted-Date: $a
# H?l?Received-Date:
$b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id:
<$t.$i@$j>
Moving on down to line 1023:
# Checks
the SPF records of sending domain
R$* $: $1 $|
<?>$&{spfreject}<?>
R$* $| <?>1<?>
$#error $@ 5.7.1 $: "550 Mail from [" $&{client_addr}
"] Rejected. " $&{spfexplain}
R$* $| <?>$* $:
$1
# Checks the SPF records of sending domain
R$* $: $1 $|
<?>$&{spfreject}<?>
R$* $| <?>1<?>
$#error $@ 5.7.1 $: "550 Mail from [" $&{client_addr}
"] Rejected. " $&{spfexplain}
R$* $| <?>$* $:
$1
james@code3 $ cd ../../sendmail
james@code3 # sh
Build install
james@code3 # /etc/init.d/sendmail start
james@code3
$ telnet localhost 25
Trying 127.0.0.1...
Connected to
localhost.
Escape character is '^]'.
220 code3.6o4.ca ESMTP
Sendmail 8.13.0/8.13.0-SPF; Wed, 30 Jun 2004 05:35:15 -0700
MAIL
FROM: james@widgets.org
250 2.1.0 james@widgets.org... Sender
ok
RCPT TO: jcouzens@6o4.ca
250 2.1.5 jcouzens@6o4.ca...
Recipient ok
DATA
354 Enter mail, end with "." on a
line by itself
From: James Couzens
To: James Couzens
Subject:
Sendmail Test
Date: June 30, 2004
testing
.
250
2.0.0 i5UCZFSV017746 Message accepted for delivery
quit
221
2.0.0 code3.6o4.ca closing connection
Connection closed by foreign
host.
I then check my mail...
Return-Path:
<james@widgets.org>
Delivered-To:
6o4.ca-jcouzens@6o4.ca
Received: (qmail 27438 invoked by uid
1006); 30 Jun 2004 12:35:43 -0000
Received: from unknown (HELO
code3.6o4.ca) (24.81.185.71) by data.6o4.ca with SMTP; 30 Jun 2004
12:35:43 -0000
Received-SPF: neutral (data.6o4.ca: domain of
james@widgets.org is neutral about designating 24.81.185.71 as
permitted sender)
Received-SPF: pass (code3.6o4.ca: domain of
james@widgets.org designates 127.0.0.1 as permitted sender)
receiver=code3.6o4.ca; client_ip=127.0.0.1;
envelope-from=james@widgets.org;
Received: from localhost
(localhost [127.0.0.1]) by code3.6o4.ca (8.13.0/8.13.0-SPF) with SMTP
id i5UCZFSV017746 for jcouzens@6o4.ca; Wed, 30 Jun 2004 05:35:54
-0700
Message-Id:
<200406301235.i5UCZFSV017746@code3.6o4.ca>
X-Authentication-Warning:
code3.6o4.ca: localhost [127.0.0.1] didn't use HELO protocol
From:
James.Couzens@code3.6o4.ca
To: James@code3.6o4.ca,
Couzens@code3.6o4.ca
Subject: Sendmail Test
Date: June 30,
2004
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.62
(2004-01-11) on data.6o4.ca
X-Spam-Report: * 0.3 NO_REAL_NAME
From: does not include a real name * 0.3 MY_HELO Sender did not HELO
* 1.1 NO_DNS_FOR_FROM Domain in From header has no MX or A DNS
records * 2.0 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS *
[24.81.185.71 listed in dnsbl.sorbs.net] * 2.5 RCVD_IN_DYNABLOCK RBL:
Sent directly from dynamic IP address * [24.81.185.71 listed in
dnsbl.sorbs.net]
X-Spam-Status: Yes, hits=6.2 required=4.5
tests=MY_HELO,NO_DNS_FOR_FROM,
NO_REAL_NAME,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no
version=2.62
X-Spam-Level: ******
X-Evolution-Source:
pop://jcouzens%406o4.ca@mail.uhfco.net/
Mime-Version: 1.0