Monday, March 24, 2008

sid-milter and SMTP AUTH

I use sid-milter. It works well enough for what it does, but there is a stumbling block. I have my laptop set up for SMTP AUTH so that if I'm not at home, I can still send e-mail as long as I can reach my home mail server. My home domain has an SPF record that includes a "-all" clause in it so that if someone tries to joe-job me, at least those who look at SPF records won't get misled. The problem is that sid-milter doesn't seem to know to check to see if a message was sent with SMTP authentication. I get the Authentication-Result: header with all failures in it. That tends to look bad, even if a spam filter somewhere doesn't trigger on it and junk my e-mail.

Well, since I am out of town and it's happening to me, I decided to fix it. I got into the source of the sid-milter and added a check nearby the "ignore domain" list code. It checks to see if the message has the {auth_authen} macro set, and if it does, it does the same thing as if the "ignore domain" list check matched - it just accepts the message without doing anything.

Here's the patch:

--- sid-filter.c.orig 2006-07-20 15:28:09.000000000 -0700
+++ sid-filter.c 2008-03-24 15:55:00.000000000 -0700
@@ -1892,6 +1892,13 @@
return (testmode ? SMFIS_ACCEPT : SMFIS_REJECT);

+ char *auth_authen;
+ auth_authen = smfi_getsymval(ctx, "{auth_authen}");
+ if (auth_authen != NULL) {
+ /* User used SMTP auth. No problems */
+ return SMFIS_ACCEPT;
+ }
/* if the responsible domain is one we trust, just accept */
if (domains != NULL)

Oh, note that you must add define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}') to your file.

No comments: