Server IP : 103.119.228.120 / Your IP : 3.16.137.229 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/ssl/local/ssl/local/ssl/local/ssl/local/ssl/local/ssl/local/bin/ |
Upload File : |
#!/usr/bin/perl # # spfquery: Command-line tool for performing SPF queries # # (C) 2005-2012 Julian Mehnle <julian@mehnle.net> # 2004 Wayne Schlitt <wayne@schlitt.net> # $Id: spfquery 138 2006-01-22 18:00:34Z julian $ # ############################################################################## =head1 NAME spfquery - (Mail::SPF) - Checks if a given set of e-mail parameters matches a domain's SPF policy =head1 VERSION 2.501 =head1 SYNOPSIS =over =item B<Preferred usage:> B<spfquery> [B<--versions>|B<-v> B<1>|B<2>|B<1,2>] [B<--scope>|B<-s> B<helo>|B<mfrom>|B<pra>] B<--identity>|B<--id> I<identity> B<--ip-address>|B<--ip> I<ip-address> [B<--helo-identity>|B<--helo-id> I<helo-identity>] [I<OPTIONS>] B<spfquery> [B<--versions>|B<-v> B<1>|B<2>|B<1,2>] [B<--scope>|B<-s> B<helo>|B<mfrom>|B<pra>] B<--file>|B<-f> I<filename>|B<-> [I<OPTIONS>] =item B<Legacy usage:> B<spfquery> B<--helo> I<helo-identity> B<--ip-address>|B<--ip> I<ip-address> [I<OPTIONS>] B<spfquery> B<--mfrom> I<mfrom-identity> B<--ip-address>|B<--ip> I<ip-address> [B<--helo> I<helo-identity>] [I<OPTIONS>] B<spfquery> B<--pra> I<pra-identity> B<--ip-address>|B<--ip> I<ip-address> [I<OPTIONS>] =item B<Other usage:> B<spfquery> B<--version>|B<-V> B<spfquery> B<--help> =back =head1 DESCRIPTION B<spfquery> checks if a given set of e-mail parameters (e.g., the SMTP sender's IP address) matches the responsible domain's Sender Policy Framework (SPF) policy. For more information on SPF see L<http://www.openspf.org>. =head2 Preferred Usage The following usage forms are preferred over the L<legacy forms|/Legacy usage> used by older B<spfquery> versions: The B<--identity> form checks if the given I<ip-address> is an authorized SMTP sender for the given C<helo> hostname, C<mfrom> envelope sender e-mail address, or C<pra> (so-called purported resonsible address) e-mail address, depending on the value of the B<--scope> option (which defaults to B<mfrom> if omitted). The B<--file> form reads "I<ip-address> I<identity> [I<helo-identity>]" tuples from the file with the specified I<filename>, or from standard input if I<filename> is B<->, and checks them against the specified scope (B<mfrom> by default). Both forms support an optional B<--versions> option, which specifies a comma-separated list of the SPF version numbers of SPF records that may be used. B<1> means that C<v=spf1> records should be used. B<2> means that C<spf2.0> records should be used. Defaults to B<1,2>, i.e., uses any SPF records that are available. Records of a higher version are preferred. =head2 Legacy Usage B<spfquery> versions before 2.500 featured the following usage forms, which are discouraged but still supported for L<backwards compatibility|/COMPATIBILITY>: The B<--helo> form checks if the given I<ip-address> is an authorized SMTP sender for the C<HELO> hostname given as the I<identity> (so-called C<HELO> check). The B<--mfrom> form checks if the given I<ip-address> is an authorized SMTP sender for the envelope sender email-address (or domain) given as the I<identity> (so-called C<MAIL FROM> check). If a domain is given instead of an e-mail address, C<postmaster> will be substituted for the localpart. The B<--pra> form checks if the given I<ip-address> is an authorized SMTP sender for the PRA (Purported Responsible Address) e-mail address given as the identity. =head2 Other Usage The B<--version> form prints version information of spfquery. The B<--help> form prints usage information for spfquery. =head1 OPTIONS =head2 Standard Options The preferred and legacy forms optionally take any of the following I<OPTIONS>: =over =item B<--default-explanation> I<string> =item B<--def-exp> I<string> Use the specified I<string> as the default explanation if the authority domain does not specify an explanation string of its own. =item B<--hostname> I<hostname> Use I<hostname> as the host name of the local system instead of auto-detecting it. =item B<--keep-comments> =item B<--no-keep-comments> Do (not) print any comments found when reading from a file or from standard input. =item B<--sanitize> (currently ignored) =item B<--no-sanitize> (currently ignored) Do (not) sanitize the output by condensing consecutive white-space into a single space and replacing non-printable characters with question marks. Enabled by default. =item B<--debug> (currently ignored) Print out debug information. =back =head2 Black Magic Options Several options that were supported by earlier versions of B<spfquery> are considered black magic (i.e. potentially dangerous for the innocent user) and are thus disabled by default. If the L<B<Mail::SPF::BlackMagic>> Perl module is installed, they may be enabled by specifying B<--enable-black-magic>. =over =item B<--max-dns-interactive-terms> I<n> Evaluate a maximum of I<n> DNS-interactive mechanisms and modifiers per SPF check. Defaults to B<10>. Do I<not> override the default unless you know what you are doing! =item B<--max-name-lookups-per-term> I<n> Perform a maximum of I<n> DNS name look-ups per mechanism or modifier. Defaults to B<10>. Do I<not> override the default unless you know what you are doing! =item B<--authorize-mxes-for> I<email-address>|I<domain>B<,>... Consider all the MXes of the comma-separated list of I<email-address>es and I<domain>s as inherently authorized. =item B<--tfwl> Perform C<trusted-forwarder.org> accreditation checking. =item B<--guess> I<spf-terms> Use I<spf-terms> as a default record if no SPF record is found. =item B<--local> I<spf-terms> Process I<spf-terms> as local policy before resorting to a default result (the implicit or explicit C<all> mechanism at the end of the domain's SPF record). For example, this could be used for white-listing one's secondary MXes: C<mx:mydomain.example.org>. =item B<--override> I<domain>B<=>I<spf-record> =item B<--fallback> I<domain>B<=>I<spf-record> Set overrides and fallbacks. Each option can be specified multiple times. For example: --override example.org='v=spf1 -all' --override '*.example.net'='v=spf1 a mx -all' --fallback example.com='v=spf1 -all' =back =head1 RESULT CODES =over 12 =item B<pass> The specified IP address is an authorized SMTP sender for the identity. =item B<fail> The specified IP address is not an authorized SMTP sender for the identity. =item B<softfail> The specified IP address is not an authorized SMTP sender for the identity, however the authority domain is still testing out its SPF policy. =item B<neutral> The identity's authority domain makes no assertion about the status of the IP address. =item B<permerror> A permanent error occurred while evaluating the authority domain's policy (e.g., a syntax error in the SPF record). Manual intervention is required from the authority domain. =item B<temperror> A temporary error occurred while evaluating the authority domain's policy (e.g., a DNS error). Try again later. =item B<none> There is no applicable SPF policy for the identity domain. =back =head1 EXIT CODES Result | Exit code -----------+----------- pass | 0 fail | 1 softfail | 2 neutral | 3 permerror | 4 temperror | 5 none | 6 =head1 EXAMPLES spfquery --scope mfrom --id user@example.com --ip 1.2.3.4 spfquery --file test_data echo "127.0.0.1 user@example.com helohost.example.com" | spfquery -f - =head1 COMPATIBILITY B<spfquery> has undergone the following interface changes compared to earlier versions: =over =item B<2.500> =over =item * A new preferred usage style for performing individual SPF checks has been introduced. The new style accepts a unified B<--identity> option and an optional B<--scope> option that specifies the type (scope) of the identity. In contrast, the legacy usage style requires a separate usage form for every supported scope. See L</Preferred usage> and L</Legacy usage> for details. =item * The former C<unknown> and C<error> result codes have been renamed to C<permerror> and C<temperror>, respectively, in order to comply with RFC 4408 terminology. =item * SPF checks with an empty identity are no longer supported. In the case of an empty C<MAIL FROM> SMTP transaction parameter, perform a check with the C<helo> scope directly. =item * The B<--debug> and B<--(no-)sanitize> options are currently ignored by this version of B<spfquery>. They will again be supported in the future. =item * Several features that were supported by earlier versions of B<spfquery> are considered black magic and thus are now disabled by default. See L</Black Magic Options>. =item * Several option names have been deprecated. This is a list of them and their preferred synonyms: Deprecated options | Preferred options ---------------------+----------------------------- --sender, -s | --mfrom --ipv4, -i | --ip-address, --ip --name | --hostname --max-lookup-count, | --max-dns-interactive-terms --max-lookup | --rcpt-to, -r | --authorize-mxes-for --trusted | --tfwl =back =back =head1 SEE ALSO L<Mail::SPF>, L<spfd(8)> L<http://tools.ietf.org/html/rfc4408> =head1 AUTHORS This version of B<spfquery> is a complete rewrite by Julian Mehnle <julian@mehnle.net>, based on an earlier version written by Meng Weng Wong <mengwong+spf@pobox.com> and Wayne Schlitt <wayne@schlitt.net>. =cut our $VERSION = '2.501'; use warnings; use strict; use IO::File; use Getopt::Long qw(:config gnu_compat no_ignore_case); use Error ':try'; use Mail::SPF; use constant TRUE => (0 == 0); use constant FALSE => not TRUE; use constant exit_codes_by_result_code => { pass => 0, fail => 1, softfail => 2, neutral => 3, permerror => 4, temperror => 5, none => 6 }; # Helper Functions ############################################################################## sub usage { STDERR->printf(<<'EOT'); Preferred Usage: spfquery [--versions|-v 1|2|1,2] [--scope|-s helo|mfrom|pra] --identity|--id <identity> --ip-address|--ip <ip-address> [--helo-identity|--helo-id <helo-identity>] [OPTIONS] spfquery [--versions|-v 1|2|1,2] [--scope|-s helo|mfrom|pra] --file|-f <filename>|- [OPTIONS] Legacy Usage: spfquery --helo <helo-identity> --ip-address|--ip <ip-address> [OPTIONS] spfquery --mfrom <mfrom-identity> --ip-address|--ip <ip-address> [--helo <helo-identity>] [OPTIONS] spfquery --pra <pra-identity> --ip-address|--ip <ip-address> [OPTIONS] Other Usage: spfquery --version|-V See `spfquery --help` for more information. EOT return; } sub help { print(<<'EOT'); Preferred Usage: spfquery [--versions|-v 1|2|1,2] [--scope|-s helo|mfrom|pra] --identity|--id <identity> --ip-address|--ip <ip-address> [--helo-identity|--helo-id <helo-identity>] [OPTIONS] spfquery [--versions|-v 1|2|1,2] [--scope|-s helo|mfrom|pra] --file|-f <filename>|- [OPTIONS] Legacy Usage: spfquery --helo <helo-identity> --ip-address|--ip <ip-address> [OPTIONS] spfquery --mfrom <mfrom-identity> --ip-address|--ip <ip-address> [--helo <helo-identity>] [OPTIONS] spfquery --pra <pra-identity> --ip-address|--ip <ip-address> [OPTIONS] Other Usage: spfquery --version|-V spfquery performs SPF checks based on the command-line arguments or data given in a file or on standard input. Only the preferred and other usage forms are explained here. See the spfquery(1) man-page for an explanation of the legacy usage forms. The "--identity" form checks if the given <ip-address> is an authorized SMTP sender for the given "helo" hostname, "mfrom" envelope sender e-mail address, or "pra" (purported resonsible address) e-mail address, depending on the value of the "--scope" option (which defaults to "mfrom" if omitted). The "--file" form reads "<ip-address> <identity> [<helo-identity>]" tuples from the file with the specified <filename>, or from standard input if <filename> is "-", and checks them against the specified scope ("mfrom" by default). The "--version" form prints version information of spfquery. Valid OPTIONS (and their defaults) are: --default-explanation <string> Default explanation string to use (sensible default). --hostname <hostname> The name of the system doing the SPF checking (local system's configured hostname). --keep-comments Print comments found when reading from a file. --no-sanitize Do not clean up invalid characters in output. --debug Output debugging information. Black-magic OPTIONS are: --max-dns-interactive-terms <n> Maximum number of DNS-interactive mechanisms and modifiers (10). --max-name-lookups-per-term <n> Maximum number of DNS name look-ups per mechanism or modifier (10). --authorize-mxes-for <email-address>|<domain>,... A comma-separated list of e-mail addresses and domains whose MXes will be considered inherently authorized. --tfwl Check trusted-forwarder.org white-list. --guess <spf-terms> Default checks if no SPF record is found. --local <spf-terms> Local policy to process before default result. --override <domain>=<spf-record> --fallback <domain>=<spf-record> Set override and fallback SPF records for domains. Examples: spfquery --scope mfrom --id user@example.com --ip 1.2.3.4 spfquery --file test_data echo "127.0.0.1 user@example.com helohost.example.com" | spfquery -f - EOT return; } sub deprecated_option { my ($old_option, $new_option, $options) = @_; return FALSE if not exists($options->{$old_option}); STDERR->print( "Warning: '$old_option' option is deprecated" . ($new_option ? "; use '$new_option' instead" : '') . ".\n" ); $options->{$new_option} = delete($options->{$old_option}); return TRUE; } sub unsupported_option { my ($option_name, $options) = @_; return FALSE if not exists($options->{$option_name}); STDERR->print("Error: '$option_name' option is no longer supported.\n"); return TRUE; } sub black_magic_option { my ($option_name, $options) = @_; return FALSE if not exists($options->{$option_name}); STDERR->print("Error: '$option_name' option is black magic! Do not use it!\n"); return TRUE; } # Command-line Option Handling ############################################################################## my $options = {}; my $getopt_result = GetOptions( $options, 'file|f=s', 'versions|v=s', 'scope=s', 's=s', # Special handling for ambiguous 's' option (formerly a synonym # for 'sender', now preferredly a synonym for 'scope'). 'identity|id=s', 'ip-address|ip=s', 'helo-identity|helo-id=s', # Legacy/shortcut options: 'mfrom|mail-from|m=s', 'helo|h=s', 'default-explanation|def-exp=s', 'hostname=s', 'keep-comments!', 'debug!', # TODO Implement! 'sanitize!', # TODO Implement! # Black Magic options: 'enable-black-magic!', 'max-dns-interactive-terms=i', 'max-name-lookups-per-term=i', 'authorize-mxes-for=s', # TODO implement! 'tfwl!', # TODO Implement! 'guess=s', # TODO Implement! 'local=s', # TODO Implement! 'override=s%', # TODO Implement! 'fallback=s%', # TODO Implement! # Meta actions: 'version|V!', 'help!', # Deprecated options: 'sender=s', # Now 'scope'/'identity' or 'mfrom' 'ipv4=s', # Now 'ip-address' 'i=s', # Now 'ip-address' 'name=s', # Now 'hostname' 'max-lookup-count=i', 'max-lookup=i', # Now 'max-dns-interactive-terms' 'rcpt-to=s', # Now 'authorize-mxes-for' 'r=s', # Now 'authorize-mxes-for' 'trusted!' # Now 'tfwl' ); if (not $getopt_result) { usage(); exit(255); } if ($options->{help}) { help(); exit(0); } if ($options->{version}) { print("spfquery version $VERSION (using Mail::SPF)\n"); exit(0); } deprecated_option('sender', 'mfrom', $options); deprecated_option('ipv4', 'ip-address', $options); deprecated_option('i', 'ip-address', $options); deprecated_option('name', 'hostname', $options); deprecated_option('max-lookup-count', 'max-dns-interactive-terms', $options); deprecated_option('max-lookup', 'max-dns-interactive-terms', $options); deprecated_option('rcpt-to', 'authorize-mxes-for', $options); deprecated_option('r', 'authorize-mxes-for', $options); deprecated_option('trusted', 'tfwl', $options); if ($options->{'enable-black-magic'}) { if (not defined(eval('require Mail::SPF::BlackMagic'))) { STDERR->print("Error: Cannot enable black magic. Unable to load Mail::SPF::BlackMagic.\n"); exit(255); } # else: Black magic enabled! } elsif ( black_magic_option('max-dns-interactive-terms', $options) or black_magic_option('max-name-lookups-per-term', $options) or black_magic_option('rcpt-to', $options) or black_magic_option('trusted', $options) or black_magic_option('guess', $options) or black_magic_option('local', $options) or black_magic_option('override', $options) or black_magic_option('fallback', $options) ) { exit(255); } my @versions = split(',', $options->{versions} || ''); my $scope = $options->{scope}; my $identity = $options->{identity}; my $ip_address = $options->{'ip-address'}; my $helo_identity = $options->{'helo-identity'}; # Heuristic for distinguishing between 's(cope)' and 's(ender)': if (defined(my $s = $options->{s})) { if ( not defined($scope) and # No explicit 'scope' option has been specified, and $s !~ /[@.]/ # 's' option contains neither an '@' nor a dot, # so it cannot be an e-mail address or a domain. ) { # Thus it must be meant as the 'scope' option: $scope = $s; } else { # Else, it must be meant as the deprecated 'sender' option: $options->{mfrom} = $s; } } # Heuristic for when explicit 'scope'/'s(cope)' option is absent: if (not defined($scope)) { if (defined($identity) or defined($options->{file})) { # Identity has been specified, or input will be read from file: # apply the 'scope' option default: $scope = 'mfrom'; } elsif (defined($options->{helo})) { $scope = 'helo'; $identity = $options->{helo}; } elsif (defined($options->{mfrom})) { $scope = 'mfrom'; $identity = $options->{mfrom}; $helo_identity ||= $options->{helo}; } elsif (defined($options->{pra})) { $scope = 'pra'; $identity = $options->{pra}; } } my $default_explanation = $options->{'default-explanation'}; my $hostname = $options->{hostname}; if ( not defined($scope) or not (defined($identity) xor defined($options->{file})) ) { usage(); exit(255); } if (defined($identity) and $identity eq '') { STDERR->print("Error: Empty identities are not supported. See spfquery(1).\n"); exit(255); } # Process the SPF Request(s) ############################################################################## try { my $spf_server = Mail::SPF::Server->new( default_authority_explanation => $default_explanation, hostname => $hostname, # debug => $options->{debug}, # sanitize => $options->{sanitize}, # Black Magic: ( exists($options->{'max-dns-interactive-terms'}) ? (max_dns_interactive_terms => $options->{'max-dns-interactive-terms'} || undef) : () ), ( exists($options->{'max-name-lookups-per-term'}) ? (max_name_lookups_per_term => $options->{'max-name-lookups-per-term'} || undef) : () ) # rcpt_to => $options->{'rcpt-to'}, # trusted => $options->{trusted}, # guess => $options->{guess}, # local => $options->{local}, # override => $options->{override}, # fallback => $options->{fallback}, ); my $exit_code; if (not defined($options->{file})) { # Single request: my $result_code = do_process( $spf_server, versions => @versions ? [@versions] : undef, scope => $scope, identity => $identity, ip_address => $ip_address, helo_identity => $helo_identity ); $exit_code = exit_codes_by_result_code->{$result_code}; } else { # File request: my $file = $options->{file} eq '-' ? \*STDIN : IO::File->new($options->{file}) or die("Could not open: $options->{file}\n"); while (<$file>) { chomp; s/^\s*//; next if /^$/; if (/^#/) { print("$_\n") if $options->{'keep-comments'}; next; } ($ip_address, $identity, $helo_identity) = split; my $result_code = do_process( $spf_server, versions => @versions ? [@versions] : undef, scope => $scope, identity => $identity, ip_address => $ip_address, helo_identity => $helo_identity ); $exit_code ||= exit_codes_by_result_code->{$result_code}; } } exit($exit_code); } catch Mail::SPF::Exception with { my ($e) = @_; STDERR->printf("Error: %s.\n", $e->text); exit(255); }; # Helper Function ############################################################################## sub do_process { my ($spf_server, %request_options) = @_; my $request = Mail::SPF::Request->new(%request_options); my $result = $spf_server->process($request); printf( "%s\n%s\n%s\n%s\n", $result->code, ( $result->can('authority_explanation') ? $result->authority_explanation : $result->local_explanation ), $result->local_explanation, $result->received_spf_header ); return $result->code; }