Mail-SPF-3.20250505000755001750001750 015006014343 13324 5ustar00adavisadavis000000000000TODO100644001750001750 153715006014343 14103 0ustar00adavisadavis000000000000Mail-SPF-3.20250505# Legend: # --- = A new release # + = Add a feature (in a backwards compatible way) # ! = Change something significant, or remove a feature # * = Fix a bug, or make a minor improvement --- ? Mail::SPF: + Implement "policy source" concept in mechanisms. Make the policy source accessible from Mail::SPF::Result. * Implement DNS cache? If so, revert changes to the Mail::SPF::Server's "DESCRIPTION" POD section in r36. * Remove or conditionalize debug output generation. Add more debug code? ! Resolve remaining XXXs, FIXMEs, and TODOs: grep -rn 'XXX\|TODO\|FIXME' lib | grep -v '\.svn' | less spfquery: + Enable/implement 'debug' option. + Implement black magic options. spfd: + Implement black magic options. Please DO report documentation bugs! # $Id: TODO 57 2012-01-30 08:15:31Z julian $ # vim:tw=79 sts=2 sw=2 README100644001750001750 560415006014343 14272 0ustar00adavisadavis000000000000Mail-SPF-3.20250505Mail::SPF 3.20240617 -- A Perl implementation of the Sender Policy Framework (C) 2005-2013 Julian Mehnle 2005 Shevek ============================================================================== Mail::SPF is an object-oriented Perl implementation of the Sender Policy Framework (SPF) e-mail sender authentication system. See for more information about SPF. This release of Mail::SPF fully conforms to RFC 4408 and passes the 2009.10 release of the official test-suite . The Mail::SPF source package includes the following additional tools: * spfquery: A command-line tool for performing SPF checks. * spfd: A daemon for services that perform SPF checks frequently. Mail::SPF is not your mother! ----------------------------- Unlike other SPF implementations, Mail::SPF will not do your homework for you. In particular, in evaluating SPF policies it will not make any exceptions for your localhost or loopback addresses (127.0.0.*, ::1, etc.). There is no way for Mail::SPF to know exactly which sending IP addresses you would like to treat as trusted relays and which not. If you don't want messages from certain addresses to be subject to SPF processing, then don't invoke Mail::SPF on such messages -- it's that simple. Other libraries have chosen to be more accommodating, but that has usually led to consumers getting spoiled and implementations becoming fraught with feature creep. Also, parameter parsing is generally very strict. For example, no whitespace or '<>' characters will be removed from e-mail address or IP address parameters passed to Mail::SPF. If you pass in unsanitized values and it doesn't work, don't be surprised. You may call me a purist. Sub-Classing ------------ You can easily sub-class Mail::SPF::Server and the Mail::SPF::Result class collection in order to extend or modify their behavior. The hypothetical Mail::SPF::BlackMagic package was once supposed to make use of this. In your Mail::SPF::Server sub-class simply override the result_base_class() constant, specifying your custom Mail::SPF::Result base sub-class. Then have your result base class specify its associated concrete sub-classes by overriding Mail::SPF::Result's result_classes() constant. For this to work, any code throwing Mail::SPF::Result(::*) objects directly needs to stop doing so as of Mail::SPF 2.006 and use Mail::SPF::Server:: throw_result() instead. Reporting Bugs -------------- Please report bugs in Mail::SPF and its documentation to the CPAN bug tracker: License ------- Mail::SPF is free software. You may use, modify, and distribute it under the terms of the BSD license. See LICENSE for the BSD license text. # $Id: README 61 2013-07-22 03:45:15Z julian $ # vim:tw=79 Changes100644001750001750 2715515006014343 14732 0ustar00adavisadavis000000000000Mail-SPF-3.202505053.20250505 2025-05-05 Australia/Sydney ** Thanks to Giovanni for these changes: - avoid a 'Attempt to reload Mail/SPF/Mech.pm aborted.' error - remove empty record structure in order to stringify it correctly ** Thanks to Keith for these changes, based on Debian patches: - Redirecting all references to openspf.org to open-spf.org - fix pod test errors 3.20240923 2024-09-23 Australia/Melbourne - Fix issue where certain DNS results would cause an exception to be thrown 3.20240827 2024-08-27 Australia/Melbourne ** Thanks to Giovanni for the changes in this release. - Do not try to parse an IPv4 address unnecessarily - Import RFC7208 Tests - referencing the same TXT record through multiple CNAME aliases is not permitted by RFC7208 - Make it clear that BlackMagic module is not available - Fix checks for IPv4-mapped IPv6 connections - Cache DNS results - Misc dzil/build/ci improvements - SPF explanation text is restricted to 7-bit ascii 3.20240617 2024-06-17 Australia/Melbourne - Update INSTALL file for Dist::Zilla changes Thanks to Giovanni - Fix memory leak in Mail::SPF::Server when cacheing a Mail::SPF::MacroString Thanks to Giovanni and Felipe Gasper - When mfrom is empty, create a synthetic mfrom (postmaster@helo) and check that identity using the mfrom scope as specified in RFC7208 Thanks to Giovanni - Fix missing declare in Mail::SPF::Server Thanks to Giovanni - require Mail::SPF::Mech when needed Thanks to Giovanni - correctly handle empty labels Thanks to Giovanni - use "try" instead of "eval" Thanks to Giovanni - error out if the lookup fails Thanks to Giovanni 3.20240206 2024-02-06 UTC - Remove signature file from distribution 3.20240205 2024-02-05 UTC - Fix pod in Mail::SPF::Util (RT#93241) Thanks to rwfranks@acm.org and GBECHIS@cpan.org - Fixes char_str_list is not a valid sub in new Net::DNS (RT#149825) Reworked from patch supplied with thanks by GBECHIS@cpan.org - BREAKING CHANGE: spfd is now installed in /bin instead of /sbin As a result Mail::SPF now respects an install prefix and may be more easily installed in a non root and/or local lib environment. --- 2.009 (2013-07-21 03:30) Mail::SPF: * Default to querying only TXT type RRs (query_rr_types = Mail::SPF::Server-> query_rr_type_txt). Experience has shown that querying SPF type RRs is impractical. --- 2.008 (2012-01-30 08:15) Mail::SPF: * Sanitize result local_explanation (as well as result object string representation) by replacing all non-printable or non-ascii characters with their hex-escaped representation (e.g., "\x00"). (Addresses: bugs.launchpad.net #806926) Miscellaneous: * Change openspf.org URLs to openspf.net because openspf.org is unreachable indefinitely. * Change URLs to . * META.yml: configure_requires: Module::Build 0.2805 * META.yml: requires: Net::DNS 0.62 (was: 0.52) (Closes: rt.cpan.org #28545) * META.yml: Revert to flat version numbers for perl and Net::DNS::Resolver:: Programmable build requirements to avoid Module::Build::Compat/Makefile.PL incompatibilities. (Closes: rt.cpan.org #53231) * Attempt to prevent a cascading failure in t/00.03-class-result.t that seems to happen under rare, unknown circumstances. (Closes: rt.cpan.org #39099) Debian: * Declare Debian source package format as 3.0. * Standards-Version: 3.9.2 (was: 3.8.3) * Bump debhelper compatibility level to 7 (was: 5) and simplify debian/rules using debhelper 7 features. * debian/control: Simplify depdendencies under the assumption that package will be installed on Debian Lenny (oldstable at the time of writing) or later (or the Ubuntu equivalent). * debian/watch: Use dist-based URL. --- 2.007 (2009-10-31 21:00) Mail::SPF: * Macro expansion: * Distinguish between split and join delimiters; they are not necessarily the same. * Support multiple split delimiters rather than at most one. Miscellaneous: * We ship and pass the 2009.10 release of the official RFC 4408 test suite. * Give advice in INSTALL on how to install without root privileges. Debian: * Standards-Version: 3.8.3 (was: 3.8.0) * Build-Depends-Indep: perl-modules (>= 5.10.0) | libmodule-build-perl (>= 0.26) (was: libmodule-build-perl (>= 0.26)) --- 2.006 (2008-08-17 22:00) Mail::SPF: + Added result object factory facility to Mail::SPF::Server in order to support the sub-classing of Mail::SPF::Server and Mail::SPF::Result. See README for details. Any code throwing Mail::SPF::Result(::*) objects directly should stop doing so and use Mail::SPF::Server::throw_result() instead. + Added a "query_rr_types" option to Mail::SPF::Server's constructor as a way to disable the retrieval of either "SPF" or "TXT" type RRs. I wouldn't make use of it if I was you! ! Changed the "max_void_dns_lookups" option's default value from undef (i.e., no limit) to a limit of 2. This should not cause any problems in practice, however see the "max_void_dns_lookups" option's description for specifics on what this entails. * Match patterns greedily by reversing the order of the regexp alternatives from RFC 4408. Thus TLDs with dashes (e.g., ".xn--wgv71a") are now correctly matched. * In macro strings, expand '%-' to '%20' rather than '-'. Thanks to Frank Ellermann for providing a test case for the RFC 4408 test suite that inadvertently exposed this bug. > Mail::SPF::Result: + Added new received_spf_header_name() constant specifying the "Received- SPF" header field name, which may (and usually should) be overridden by custom result sub-classes; see the documentation. * Generate "identity=mailfrom" rather than "identity=mfrom" in "Received-SPF" header field. * name() now returns a symbolic result name instead of the trailing part of the result class name. This should have no impact on 3rd-party code. * Added new isa_by_name() method as an equivalent to the built-in isa(), taking a result name instead of a class name. Provides a superset of the is_code() method's functionality. * Substituted ";"s for "&" parameter separators in the openspf.org "Why?" page URL in the default authority explanation string. This change is purely cosmetic. * Minor documentation fixes and improvements. Miscellaneous: * We ship and pass the 2008.08 release of the official RFC 4408 test suite. * While officially declaring a build-requirement of Module::Build >= 0.2805 (which, if not satisfied, Module::Build itself will warn about, but not abort), do not strictly require it. If the META.yml file generated during package building is irrelevant, e.g., if we are being built by a package management/build system such as Debian's, then 0.26 is sufficient. * Recommend NetAddr::IP >= 4.007, as it has all $& and $` removed for better performance; see . --- 2.005 (2007-05-30 23:00) Mail::SPF: + Added a "max_void_dns_lookups" option to Mail::SPF::Server's constructor, allowing the number of potentially abusive lookups induced by DoS attacks to be limited. See the documentation of the Mail::SPF::Server class. + Added a "precedence" class property to Mail::SPF::GlobalMod and sub-classes that defines the order in which global modifiers are to be processed (0: first, 1: last). See Mail::SPF::Mod. Mail::SPF::Mod::Exp has precedence 0.2, Mail::SPF::Mod::Redirect has 0.8. Also, Mail::SPF::Record::global_mods() now returns modifiers ordered by precedence. + Added support for a non-standard %{_scope} pseudo macro that expands to the request's identity scope. Note: Do NOT use any such non-standard macros in explanation strings published in DNS! ! Mail::SPF::Util::valid_domain_for_ip_address() now requires a Mail::SPF:: Request object to be passed as a new second argument. This is actually consistent with many of Mail::SPF's methods. Please excuse the late API change (but who uses Mail::SPF::Util directly anyway?). * Updated default authority explanation string to include identity scope in the openspf.org "Why?" page URL in order to avoid misleading result explanations. * Truncate labels resulting from macro expansions to 63 bytes. This is not strictly required by RFC 4408, 8.1/27, but is merely meant as a precaution. * Minor documentation fixes and improvements. Miscellaneous: * We ship and pass the 2007.05 release of the official RFC 4408 test suite (no changes were required). ! Build-require Module::Build >= 0.2805 (was: >= 0.26), hopefully fixing a version.pm/CPAN.pm compatibility issue (closes: rt.cpan.org #26784). (Debian packaging is not affected because it does not rely on META.yml.) Debian: * Conflicts: spfquery (<< 1.2.5.dfsg-1) (was unversioned) --- 2.004 (2007-01-20 02:00) Mail::SPF: * Correctly fall back to default authority explanation if the authority domain does specify an explanation string but it cannot be expanded (e.g. due to syntax errors). * In Mail::SPF::Result::received_spf_header(), gracefully fall back to a hostname of "unknown" if a fully qualified hostname can not be determined. Some (misconfigured) systems simply will not reveal one. * Minor documentation improvements and fixes. Miscellaneous: * Note in the README file that we pass the 2006.11 release of the official RFC 4408 test-suite. Tests: * Do not test Mail::SPF::Util::hostname(), as some (misconfigured) systems simply will not reveal a fully qualified hostname (see CPANTS tests for 2.003). * Minor code clean-up. --- 2.003 (2007-01-10 00:00) Mail::SPF: * Fixed two Perl 5.6 incompatibilities: * Added `use utf8` statements in several modules to keep Perl 5.6 from whining about /[\p{}]/. * Do not use the `use constant { a=>1, b=>2 }` multiple-constants idiom, as it was introduced only in constant 1.03 (Perl 5.7.2). * Fixed a very minor bug where a "TempError" result would incorrectly be returned in the very rare case when the SPF-type look-up succeeded but returned 0 records, and the following TXT-type look-up errored or timed out. Now a "None" result is correctly returned in that case as demanded by RFC 4408. spfquery: * Minor documentation fixes. --- 2.002 (2006-12-14 00:00) Mail::SPF: * Updated default authority explanation string to the SPF website's new "Why?" page URL parameters scheme: spfquery: * Updated the '--help' text and man-page with regard to the black magic options (which require the yet unreleased Mail::SPF::BlackMagic module). --- 2.001 (gold release) (2006-12-09 20:00) Gold Release! Major overhaul: ! Major code refactoring, achieving full RFC 4408/4406 compliance, and breaking API compatibility with 2.000. ! Switched from ExtUtils::MakeMaker to Module::Build. + Added complete rewrites of spfquery (2.500) and spfd (2.000). + Added complete documentation. + Added unit tests and the RFC 4408 test-suite. + Added Debian package control files. + And more... (closes: rt.cpan.org #20821, #20822, #21922, #21925) --- 2.000 (initial release) (2005-06-23 00:00) # $Id: CHANGES 61 2013-07-22 03:45:15Z julian $ # vim:syn= tw=79 sts=2 sw=2 INSTALL100644001750001750 113715006014343 14440 0ustar00adavisadavis000000000000Mail-SPF-3.20250505System Requirements ------------------- The following Perl version and packages are required for... ...building Mail::SPF: Perl 5.6 Module-Build 0.2805 Test-More Net-DNS-Resolver-Programmable 0.003 (plus all the run-time requirements) ...running Mail::SPF: Perl 5.6 version Error NetAddr-IP 4 Net-DNS 0.62 URI 1.13 Building and Installing ----------------------- You can build and install Mail::SPF automatically using the CPAN shell, or manually with the following commands: dzil build dzil test dzil install # $Id: INSTALL 61 2013-07-22 03:45:15Z julian $ # vim:tw=79 LICENSE100644001750001750 265315006014343 14420 0ustar00adavisadavis000000000000Mail-SPF-3.20250505(C) 2005-2012 Julian Mehnle 2005 Shevek All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. bin000755001750001750 015006014343 14015 5ustar00adavisadavis000000000000Mail-SPF-3.20250505spfd100755001750001750 4362315006014343 15067 0ustar00adavisadavis000000000000Mail-SPF-3.20250505/bin#!/usr/bin/perl # # spfd: Simple forking SPF query service daemon # # (C) 2005-2012 Julian Mehnle # 2003-2004 Meng Weng Wong # $Id: spfd 148 2006-06-17 21:50:57Z Julian Mehnle $ # ############################################################################## =head1 NAME spfd - (Mail::SPF) - Simple forking daemon to provide SPF query services =head1 VERSION version 3.20250505 =head1 SYNOPSIS B B<--port>|B<-p> I [B<--set-user>|B<-u> I|I] [B<--set-group>|B<-g> I|I] [I] B B<--socket>|B<-s> I [B<--socket-user> I|I] [B<--socket-group> I|I] [B<--socket-perms> I] [B<--set-user>|B<-u> I|I] [B<--set-group>|B<-g> I|I] [I] B B<--version|-V> B B<--help> =head1 DESCRIPTION B is a simple forking Sender Policy Framework (SPF) query server. spfd receives and answers SPF requests on a TCP/IP or UNIX domain socket. For more information on SPF see L. The B<--port> form listens on a TCP/IP socket on the specified I. The default port is B<5970>. The B<--socket> form listens on a UNIX domain socket that is created with the specified I. The socket can be assigned specific user and group ownership with the B<--socket-user> and B<--socket-group> options, and specific filesystem permissions with the B<--socket-perms> option. Generally, spfd can be instructed with the B<--set-user> and B<--set-group> options to drop root privileges and change to another user and group before it starts listening for requests. The B<--version> form prints version information of spfd. The B<--help> form prints usage information for spfd. =head1 OPTIONS spfd takes any of the following I: =over =item B<--default-explanation> I =item B<--def-exp> I Use the specified I as the default explanation if the authority domain does not specify an explanation string of its own. =item B<--hostname> I Use I as the host name of the local system instead of auto-detecting it. =item B<--debug> Print out debug information about spfd's operation, incoming requests, and the responses sent. =back =head1 REQUEST A request consists of a series of lines delimited by \x0A (LF) characters (or whatever your system considers a newline). Each line must be of the form I