This commit was manufactured by cvs2svn to create tag 'milter-0_8_7'.

Sprout from master 2007-01-04 18:04:37 UTC Stuart Gathman <stuart@gathman.org> 'Release 0.8.7'
Cherrypick from bmsi 2005-05-31 18:23:49 UTC Stuart Gathman <stuart@gathman.org> 'Development changes since 0.7.2':
    README
    rejects.py
    rhsbl.m4
    sample.py
    test.py
    test/amazon
    test/big5
    test/bounce
    test/bounce1
    test/bound
    test/honey
    test/missingboundary
    test/samp1
    test/spam44
    test/spam7
    test/spam8
    test/test1
    test/test8
    test/virus1
    test/virus13
    test/virus2
    test/virus3
    test/virus4
    test/virus5
    test/virus6
    test/virus7
    testsample.py

CREDITS

@@ -5,8 +5,11 @@ wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
 real, usable Python extension.
 
-Other contributors:
+Other contributors (in random order):
 
+Dave MacQuigg 
+  for noticing that smfi_insheader wasn't supported, and creating
+  a template to help first time pymilter users create their own milter.
 Terence Way
   for providing a Python port of SPF
 Scott Kitterman

ChangeLog

@@ -0,0 +1,214 @@
+# Revision 1.69  2006/11/04 22:09:39  customdesigned
+# Another lame DSN heuristic.  Block PTR cache poisoning attack.
+#
+# Revision 1.68  2006/10/04 03:46:01  customdesigned
+# Fix defaults.
+#
+# Revision 1.67  2006/10/01 01:44:06  customdesigned
+# case_sensitive_localpart option, more delayed bounce heuristics,
+# optional smart_alias section.
+#
+# Revision 1.66  2006/07/26 16:42:26  customdesigned
+# Support CBV timeout
+#
+# Revision 1.65  2006/06/21 22:22:00  customdesigned
+# Handle multi-line headers in delayed dsns.
+#
+# Revision 1.64  2006/06/21 21:12:04  customdesigned
+# More delayed reject token headers.
+# Don't require HELO pass for CBV.
+#
+# Revision 1.63  2006/05/21 03:41:44  customdesigned
+# Fail dsn
+#
+# Revision 1.61  2006/05/17 21:28:07  customdesigned
+# Create GOSSiP record only when connection will procede to DATA.
+#
+# Revision 1.60  2006/05/12 16:14:48  customdesigned
+# Don't require SPF pass for white/black listing mail from trusted relay.
+# Support localpart wildcard for white and black lists.
+#
+# Revision 1.59  2006/04/06 18:14:17  customdesigned
+# Check whitelist/blacklist even when not checking SPF (e.g. trusted relay).
+#
+# Revision 1.58  2006/03/10 20:52:49  customdesigned
+# Use re to recognize failure DSNs.
+#
+# Revision 1.57  2006/03/07 20:50:54  customdesigned
+# Use signed Message-ID in delayed reject to blacklist senders
+#
+# Revision 1.56  2006/02/24 02:12:54  customdesigned
+# Properly report hard PermError (lax mode fails also) by always setting
+# perm_error attribute with PermError exception.  Improve reporting of
+# invalid domain PermError.
+#
+# Revision 1.55  2006/02/17 05:04:29  customdesigned
+# Use SRS sign domain list.
+# Accept but do not use for training whitelisted senders without SPF pass.
+# Immediate rejection of unsigned bounces.
+#
+# Revision 1.54  2006/02/16 02:16:36  customdesigned
+# User specific SPF receiver policy.
+#
+# Revision 1.53  2006/02/12 04:15:01  customdesigned
+# Remove spf dependency for iniplist
+#
+# Revision 1.52  2006/02/12 02:12:08  customdesigned
+# Use CIDR notation for internal connect list.
+#
+# Revision 1.51  2006/02/12 01:13:58  customdesigned
+# Don't check rcpt user list when signed MFROM.
+#
+# Revision 1.50  2006/02/09 20:39:43  customdesigned
+# Use CIDR notation for trusted_relay iplist
+#
+# Revision 1.49  2006/01/30 23:14:48  customdesigned
+# put back eom condition
+#
+# Revision 1.48  2006/01/12 20:31:24  customdesigned
+# Accelerate training via whitelist and blacklist.
+#
+# Revision 1.47  2005/12/29 04:49:10  customdesigned
+# Do not auto-whitelist autoreplys
+#
+# Revision 1.46  2005/12/28 20:17:29  customdesigned
+# Expire and renew AddrCache entries
+#
+# Revision 1.45  2005/12/23 22:34:46  customdesigned
+# Put guessed result in separate header.
+#
+# Revision 1.44  2005/12/23 21:47:07  customdesigned
+# Move Received-SPF header to top.
+#
+# Revision 1.43  2005/12/09 16:54:01  customdesigned
+# Select neutral DSN template for best_guess
+#
+# Revision 1.42  2005/12/01 22:42:32  customdesigned
+# improve gossip support.
+# Initialize srs_domain from srs.srs config property.  Should probably
+# always block unsigned DSN when signing all.
+#
+# Revision 1.41  2005/12/01 18:59:25  customdesigned
+# Fix neutral policy.  pobox.com -> openspf.org
+#
+# Revision 1.40  2005/11/07 21:22:35  customdesigned
+# GOSSiP support, local database only.
+#
+# Revision 1.39  2005/10/31 00:04:58  customdesigned
+# Simple implementation of trusted_forwarder list.  Inefficient for
+# more than 1 or 2 entries.
+#
+# Revision 1.38  2005/10/28 19:36:54  customdesigned
+# Don't check internal_domains for trusted_relay.
+#
+# Revision 1.37  2005/10/28 09:30:49  customdesigned
+# Do not send quarantine DSN when sender is DSN.
+#
+# Revision 1.36  2005/10/23 16:01:29  customdesigned
+# Consider MAIL FROM a match for supply_sender when a subdomain of From or Sender
+#
+# Revision 1.35  2005/10/20 18:47:27  customdesigned
+# Configure auto_whitelist senders.
+#
+# Revision 1.34  2005/10/19 21:07:49  customdesigned
+# access.db stores keys in lower case
+#
+# Revision 1.33  2005/10/19 19:37:50  customdesigned
+# Train screener on whitelisted messages.
+#
+# Revision 1.32  2005/10/14 16:17:31  customdesigned
+# Auto whitelist refinements.
+#
+# Revision 1.31  2005/10/14 01:14:08  customdesigned
+# Auto whitelist feature.
+#
+# Revision 1.30  2005/10/12 16:36:30  customdesigned
+# Release 0.8.3
+#
+# Revision 1.29  2005/10/11 22:50:07  customdesigned
+# Always check HELO except for SPF pass, temperror.
+#
+# Revision 1.28  2005/10/10 23:50:20  customdesigned
+# Use logging module to make logging threadsafe (avoid splitting log lines)
+#
+# Revision 1.27  2005/10/10 20:15:33  customdesigned
+# Configure SPF policy via sendmail access file.
+#
+# Revision 1.26  2005/10/07 03:23:40  customdesigned
+# Banned users option.  Experimental feature to supply Sender when
+# missing and MFROM domain doesn't match From.  Log cipher bits for
+# SMTP AUTH.  Sketch access file feature.
+#
+# Revision 1.25  2005/09/08 03:55:08  customdesigned
+# Handle perverse MFROM quoting.
+#
+# Revision 1.24  2005/08/18 03:36:54  customdesigned
+# Don't innoculate with SCREENED mail.
+#
+# Revision 1.23  2005/08/17 19:35:27  customdesigned
+# Send DSN before adding message to quarantine.
+#
+# Revision 1.22  2005/08/11 22:17:58  customdesigned
+# Consider SMTP AUTH connections internal.
+#
+# Revision 1.21  2005/08/04 21:21:31  customdesigned
+# Treat fail like softfail for selected (braindead) domains.
+# Treat mail according to extended processing results, but
+# report any PermError that would officially result via DSN.
+#
+# Revision 1.20  2005/08/02 18:04:35  customdesigned
+# Keep screened honeypot mail, but optionally discard honeypot only mail.
+#
+# Revision 1.19  2005/07/20 03:30:04  customdesigned
+# Check pydspam version for honeypot, include latest pyspf changes.
+#
+# Revision 1.18  2005/07/17 01:25:44  customdesigned
+# Log as well as use extended result for best guess.
+#
+# Revision 1.17  2005/07/15 20:25:36  customdesigned
+# Use extended results processing for best_guess.
+#
+# Revision 1.16  2005/07/14 03:23:33  customdesigned
+# Make SES package optional.  Initial honeypot support.
+#
+# Revision 1.15  2005/07/06 04:05:40  customdesigned
+# Initial SES integration.
+#
+# Revision 1.14  2005/07/02 23:27:31  customdesigned
+# Don't match hostnames for internal connects.
+#
+# Revision 1.13  2005/07/01 16:30:24  customdesigned
+# Always log trusted Received and Received-SPF headers.
+#
+# Revision 1.12  2005/06/20 22:35:35  customdesigned
+# Setreply for rejectvirus.
+#
+# Revision 1.11  2005/06/17 02:07:20  customdesigned
+# Release 0.8.1
+#
+# Revision 1.10  2005/06/16 18:35:51  customdesigned
+# Ignore HeaderParseError decoding header
+#
+# Revision 1.9  2005/06/14 21:55:29  customdesigned
+# Check internal_domains for outgoing mail.
+#
+# Revision 1.8  2005/06/06 18:24:59  customdesigned
+# Properly log exceptions from pydspam
+#
+# Revision 1.7  2005/06/04 19:41:16  customdesigned
+# Fix bugs from testing RPM
+#
+# Revision 1.6  2005/06/03 04:57:05  customdesigned
+# Organize config reader by section.  Create defang section.
+#
+# Revision 1.5  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.4  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.3  2005/06/02 02:09:00  customdesigned
+# Record timestamp in send_dsn.log
+#
+# Revision 1.2  2005/06/02 01:00:36  customdesigned
+# Support configurable templates for DSNs.

HOWTO

@@ -116,7 +116,7 @@ The CBV policy requires a valid HELO name.  If the EHLO name is
 RFC2822 compliant, then a DSN is sent to the alleged sender.  The 
 template for the DSN is selected according to the SPF result:
 
-Fail:		softfail.txt
+Fail:		fail.txt
 SoftFail:	softfail.txt
 Neutral:	neutral.txt
 PermError:	permerror.txt

MANIFEST.in

@@ -4,12 +4,14 @@ include NEWS
 include HOWTO
 include CREDITS
 include README
+include ChangeLog
 include MANIFEST.in
 include testsample.py
 include testmime.py
 include testbms.py
 include testdspam.py
 include rejects.py
+include report.py
 include bms.py
 include spf.py
 include cid2spf.py
@@ -17,6 +19,7 @@ include spfquery.py
 include test.py
 include sample.py
 include test/*
+include doc/*
 include Milter/*.py
 include *.spec
 include start.sh

Milter/__init__.py

@@ -16,7 +16,7 @@ from milter import ACCEPT,CONTINUE,REJECT,DISCARD,TEMPFAIL,	\
 try: from milter import QUARANTINE
 except: pass
 
-__version__ = '0.8.3'
+__version__ = '0.8.5'
 
 _seq_lock = thread.allocate_lock()
 _seq = 0
@@ -44,7 +44,7 @@ class Milter:
     for i in msg: print i,
     print
 
-  def connect(self,hostname,unused,hostaddr):
+  def connect(self,hostname,family,hostaddr):
     "Called for each connection to sendmail."
     self.log("connect from %s at %s" % (hostname,hostaddr))
     return CONTINUE
@@ -106,8 +106,8 @@ class Milter:
     return self.__ctx.setreply(rcode,xcode,msg,*ml)
 
   # Milter methods which can only be called from eom callback.
-  def addheader(self,field,value):
-    return self.__ctx.addheader(field,value)
+  def addheader(self,field,value,idx=-1):
+    return self.__ctx.addheader(field,value,idx)
 
   def chgheader(self,field,idx,value):
     return self.__ctx.chgheader(field,idx,value)

Milter/dsn.py

@@ -4,98 +4,25 @@
 
 # Send DSNs, do call back verification,
 # and generate DSN messages from a template
+# $Log$
+# Revision 1.12  2006/07/26 16:37:35  customdesigned
+# Support timeout.
+#
+# Revision 1.11  2006/06/21 21:07:11  customdesigned
+# Include header fields in DSN template.
+#
+# Revision 1.10  2006/05/24 20:56:35  customdesigned
+# Remove default templates.  Scrub test.
+#
 
 import smtplib
 import spf
 import socket
 from email.Message import Message
 import Milter
+import time
 
-nospf_msg = """Subject: Critical mail server configuration error
-
-This is an automatically generated Delivery Status Notification.
-
-THIS IS A WARNING MESSAGE ONLY.
-
-YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
-
-Delivery to the following recipients has been delayed.
-
-	%(rcpt)s
-
-Subject: %(subject)s 
-
-Someone at IP address %(connectip)s sent an email claiming
-to be from %(sender)s.  
-
-If that wasn't you, then your domain, %(sender_domain)s,
-was forged - i.e. used without your knowlege or authorization by
-someone attempting to steal your mail identity.  This is a very
-serious problem, and you need to provide authentication for your
-SMTP (email) servers to prevent criminals from forging your
-domain.  The simplest step is usually to publish an SPF record
-with your Sender Policy.  
-
-For more information, see: http://spfhelp.net
-
-I hate to annoy you with a DSN (Delivery Status
-Notification) from a possibly forged email, but since you
-have not published a sender policy, there is no other way
-of bringing this to your attention.
-
-If it *was* you that sent the email, then your email domain
-or configuration is in error.  If you don't know anything
-about mail servers, then pass this on to your SMTP (mail)
-server administrator.  We have accepted the email anyway, in
-case it is important, but we couldn't find anything about
-the mail submitter at %(connectip)s to distinguish it from a
-zombie (compromised/infected computer - usually a Windows
-PC).  There was no PTR record for its IP address (PTR names
-that contain the IP address don't count).  RFC2821 requires
-that your hello name be a FQN (Fully Qualified domain Name,
-i.e. at least one dot) that resolves to the IP address of
-the mail sender.  In addition, just like for PTR, we don't
-accept a helo name that contains the IP, since this doesn't
-help to identify you.  The hello name you used,
-%(heloname)s, was invalid.
-
-Furthermore, there was no SPF record for the sending domain
-%(sender_domain)s.  We even tried to find its IP in any A or
-MX records for your domain, but that failed also.  We really
-should reject mail from anonymous mail clients, but in case
-it is important, we are accepting it anyway.
-
-We are sending you this message to alert you to the fact that
-
-Either - Someone is forging your domain.
-Or - You have problems with your email configuration.
-Or - Possibly both.
-
-If you need further assistance, please do not hesitate to
-contact me again.
-
-Kind regards,
-
-postmaster@%(receiver)s
-"""
-
-softfail_msg = """Subject: SPF softfail (POSSIBLE FORGERY)
-
-This is an automatically generated Delivery Status Notification.
-
-THIS IS A WARNING MESSAGE ONLY.
-
-YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
-
-Delivery to the following recipients has been delayed.
-
-       %(rcpt)s
-
-Subject: %(subject)s
-Received-SPF: %(spf_result)s
-"""
-
-def send_dsn(mailfrom,receiver,msg=None):
+def send_dsn(mailfrom,receiver,msg=None,timeout=600):
   """Send DSN.  If msg is None, do callback verification.
      Mailfrom is original sender we are sending DSN or CBV to.
      Receiver is the MTA sending the DSN.
@@ -108,6 +35,7 @@ def send_dsn(mailfrom,receiver,msg=None):
   else:
     mxlist.sort()
   smtp = smtplib.SMTP()
+  toolate = time.time() + timeout
   for prior,host in mxlist:
     try:
       smtp.connect(host)
@@ -145,11 +73,17 @@ def send_dsn(mailfrom,receiver,msg=None):
       pass		# any other error, try next MX
     except socket.error:
       pass		# MX didn't accept connections, try next one
+    except socket.timeout:
+      pass		# MX too slow, try next one
     smtp.close()
+    if time.time() > toolate:
+      return (450,'No MX response within %f minutes'%(timeout/60.0))
   return (450,'No MX servers available')	# temp error
 
 def create_msg(q,rcptlist,origmsg=None,template=None):
   "Create a DSN message from a template.  Template must be '\n' separated."
+  if not template:
+    return None
   heloname = q.h
   sender = q.s
   connectip = q.i
@@ -166,30 +100,37 @@ def create_msg(q,rcptlist,origmsg=None,template=None):
 
   msg = Message()
 
-  msg.add_header('To',sender)
-  msg.add_header('From','postmaster@%s'%receiver)
-  msg.add_header('Auto-Submitted','auto-generated (configuration error)')
   msg.add_header('X-Mailer','PyMilter-'+Milter.__version__)
   msg.set_type('text/plain')
 
-  if not template:
-    if spf_result and spf_result.startswith('softfail'):
-      template = softfail_msg
-    else:
-      template = nospf_msg
-  hdrs,body = template.split('\n',1)
+  hdrs,body = template.split('\n\n',1)
   for ln in hdrs.splitlines():
     name,val = ln.split(':',1)
     msg.add_header(name,(val % locals()).strip())
   msg.set_payload(body % locals())
-
+  # add headers if missing from old template
+  if 'to' not in msg:
+    msg.add_header('To',sender)
+  if 'from' not in msg:
+    msg.add_header('From','postmaster@%s'%receiver)
+  if 'auto-submitted' not in msg:
+    msg.add_header('Auto-Submitted','auto-generated')
   return msg
 
 if __name__ == '__main__':
   q = spf.query('192.168.9.50',
-  'SRS0=pmeHL=RH=bmsi.com=stuart@bmsi.com',
-  'bmsred.bmsi.com',receiver='mail.bmsi.com')
-  msg = create_msg(q,['charlie@jsconnor.com'],None,None)
+  'SRS0=pmeHL=RH==stuart@example.com',
+  'red.example.com',receiver='mail.example.com')
+  q.result = 'softfail'
+  q.perm_error = None
+  msg = create_msg(q,['charlie@example.com'],None,
+"""From: postmaster@%(receiver)s
+To: %(sender)s
+Subject: Test
+
+Test DSN template
+"""
+  )
   print msg.as_string()
   # print send_dsn(f,msg.as_string())
-  print send_dsn(q.s,'mail.bmsi.com',msg.as_string())
+  # print send_dsn(q.s,'mail.example.com',msg.as_string())

NEWS

@@ -1,5 +1,40 @@
 Here is a history of user visible changes to Python milter.
-
+0.8.7	Move spf module to pyspf
+	Prevent PTR cache poisoning
+	More lame bounce heuristics
+	Do plain CBV when template is missing
+0.8.6	Support CBV timeout
+	Support fail template, headers in templates
+	Create GOSSiP record only when connection will procede to DATA.
+	More SPF lax heuristics
+	Don't require SPF pass for white/black listing mail from trusted relay.
+	Support localpart wildcard for white and black lists.
+	Delay reject of unsigned RCPT for postmaster and abuse only
+	Fix dsn reporting of hard permerror
+	Resolve FIXME for wrap_close in miltermodule.c
+	Add Message-ID to DSNs
+	Use signed Message-ID in delayed reject to blacklist senders
+	Auto-train via blacklist and auto-whitelist
+	Don't check userlist for signed MFROM
+	Accept but skip DSPAM training for whitelisted senders without SPF PASS
+	Report GC stats 
+	Support CIDR matching for IP lists
+	Support pysrs sign feature
+	Support localpart specific SPF policy in access file
+0.8.5	Simple trusted_forwarder implementation.
+	Fix access_file neutral policy
+	Move Received-SPF header to beginning of headers
+	Supply keyword info for all results in Received-SPF header.
+	Move guessed SPF result to separate header
+	Activate smfi_insheader only when SMFIR_INSHEADER defined
+	Handle NULL MX in spf.py
+	in-process GOSSiP server support (to be extended later)
+	Expire CBV cache and renew auto-whitelist entries
+0.8.4	Auto-whitelist recipients of outgoing email.
+	Fix SPF policy via sendmail access map (case insensitive keys).
+	Train screener on whitelisted messages
+	Optional idx parameter to addheader to invoke smfi_insheader
+	Activate progress API when SMFIR_PROGRESS defined
 0.8.3   Keep screened honeypot mail, but optionally discard honeypot only mail.
 	spf_accept_fail option for braindead SPF senders 
 	  (treats fail like softfail)

TODO

@@ -1,10 +1,116 @@
+When bms.py can't find templates, it passes None to dsn.create_msg(),
+which uses local variable as backup, which no longer exist.
+
+Purge old GOSSiP records nightly.
+
+Find and use X-GOSSiP: header for SPAM: and FP: submissions.  Would need to 
+keep tags longer.
+
+Generate DSNs according to RFC 3464
+
+Parse incoming 3464 DSNs for "Action: failed" to recognize delayed
+failures.  This works regardless of Subject.
+
+Get temperror policy from access file.
+
+When training with spam, REJECT after data so that mistakenly blacklisted
+senders at least get an error.
+
+Reporting explanation for failure should show source if sender
+provided explanation.
+
+Reports PROBATION even when rejecting message (works, but confusing in log).
+
+Bug in Auto-whitelist.  Recent Auto-whitelist doesn't override expired entry.
+
+DONE Delayed_failure detection needs to handle multi-line header fields.  
+Also, delayed_failure should be recognized when addressed to
+postmaster@helodomain 
+
+Need to use wildcards in blacklist.log: *.madcowsrecord.net
+Need to exclude emails like !*-admin@example.com in whitelist_sender.
+
+SPF permerror diagnostics should include corrected mechanism.
+
+Delay SPF check until RCPT TO.  Cache result to avoid repeating
+for multiple RCPT.  This avoids overhead for invalid RCPT, and
+allows for per RCPT local policy.
+
+Add auto-blacklisted senders to blacklist.log with timestamp.
+
+Received-SPF header field should show identity that was checked.
+
+Check SPF for outgoing mail (including local policy for internal addresses).
+This could also solve the second part of the mail from relay problem below.
+
+Whitelisted sender from trusted relay get PROBATION.  Need to extracted
+SPF result from headers - and in the case of mail internal to relay
+(e.g. bmsi.com), supply 'pass' result.  
+
+FIXME: DSN for Permerror shows 'None' for error under some condition.
+
+Another metaDSN format:
+Subject: Delivery Report
+...
+Original-Envelope-ID: SRS0...@...
+
+For selected domains, check rcpts via CBV before accepting mail.  Cache
+results.  This will kick out dictonary attacks against a mail domain
+behind a gateway sooner.
+
+Allow blacklisted emails as well as domains in blacklist.log.  Use same
+data structure as autowhitelist.log.  Add emails blacklisted via CBV
+so that they are remembered across milter restarts.
+
+Make all dictionaries work like honeypot.  Do not train as ham unless
+whitelisted.  Train on blacklisted messages, or spam feedback.  This
+can be called Train On Error.  Should be possible to startup
+with training on everything to get dictionary built fast, then switch
+to train on error to minimize labor.
+
+Allow unsigned DSNs from selected domains (that don't accept signed MFROM,
+e.g. verizon.net).
+
+Added Message-ID header to DSN with SRS signed sender.  When seen on incoming
+rfc ignorant failure message, blacklist sender.
+
+Allow verified hostnames for trusted_relay.  E.g. HELO name that
+passes SPF.
+
+Table of sendmail macros for documentation.
+
+When do we get two hello calls?  STARTTLS is one reason.
+
+Option: accept mail from auto-whitelisted senders even with spf-fail,
+but do not update dspam.  This can be done for individual senders or domains 
+using the access file.
+
+pysrs: SRS doesn't get applied to proper recipients when there are
+multiple recipients.  This requires debugging cf scripts - yuk.
+
+auto_whitelist false_positives from quarantine - perhaps only when
+user selects special button (use special header to communicate
+that from dspamcgi.py to milter.)
+
+Use send_dsn.log for blacklist also.  AddrCache needs localpart
+wildcard (e.g. empty localpart).
+
+Quarantined mail is missing headers modified/added by milter after
+checking dspam.
+
+Require signed MFROM for all incoming bounces when signing all outgoing mail -
+except from trusted relays.
+
+Send DSN for permerror before processing extended result.  An additional
+DSN may be sent based on extended result.
+
+Rescind whitelist for banned extensions, in case sender is infected.
+
+Train honeypot on error only.
+
 Find rfc2822 policy for MFROM quoting.
 
-Use /etc/mail/access for domain specific SPF policies.
-
-SPF-Fail:	REJECT
-SPF-Softfail:	OK
-SPF-Neutral:	OK
+Support explicit errors for SPF policy in access file:
 SPF-Neutral:aol.com	ERROR:"550 AOL mail must get SPF PASS"
 
 Defer TEMPERROR in SPF evaluation - give precedence to security
@@ -16,9 +122,6 @@ Option to add Received-SPF header, but never reject on SPF.
 Create null config that does nothing - except maybe add Received-SPF
 headers.  Many admins would like to turn features on one at a time.
 
-Auto whitelist based on outgoing email - perhaps with magic subject
-or recipient prefix.
-
 Can't output messages with malformed rfc822 attachments.
 
 Move milter,Milter,mime,spf modules to pymilter
@@ -33,7 +136,8 @@ check spam keywords with character classes, e.g.
 
 Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
 forwarder accounts, and a util provides a special local alias for the
-user to give to the forwarder.  Alias only works for mail from that
+user to give to the forwarder.  (Or user just adds arbitrary alias
+unique to that forwarder to a database.)  Alias only works for mail from that
 forwarder.  Milter gets forwarder domain from alias and uses it to
 SPF check forwarder.
 

cid2spf.py

@@ -1,153 +0,0 @@
-#!/usr/bin/python2.3
-
-# Convert a MS Caller-ID entry (XML) to a SPF entry
-#
-# (c) 2004 by Ernesto Baschny
-# (c) 2004 Python version by Stuart Gathman
-#
-# Date: 2004-02-25
-# Version: 1.0
-#
-# Usage:
-#  ./cid2spf.pl "<ep xmlns='http://ms.net/1'>...</ep>"
-#
-# Note that the 'include' directives will also have to be checked and
-# "translated". Future versions of this script might be able to get a
-# domain name as an argument and "crawl" the DNS for the necessary
-# information.
-#
-# A complete reverse translation (SPF -> CID) might be impossible, since
-# there are no way to handle:
-# - PTR and EXISTS mechanism 
-# - MX mechanism with an different domain as argument
-# - macros
-# 
-# References:
-# http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx
-# http://spf.pobox.com/
-#
-# Known bugs:
-# - Currently it won't handle the exclusions provided in the A and R
-#   tags (prefix '!'). They will show up "as-is" in the SPF record
-# - I really haven't read the MS-CID specs in-depth, so there are probably
-#   other bugs too :)
-#
-# Ernesto Baschny <ernst@baschny.de>
-#
-
-import xml.sax
-import spf
-
-# -------------------------------------------------------------------------
-class CIDParser(xml.sax.ContentHandler):
-  "Convert a MS Caller-ID entry (XML) to a SPF entry"
-
-  def __init__(self,q=None):
-    self.spf = []
-    self.action = '-all'
-    self.has_servers = None
-    self.spf_entry = None
-    if q:
-      self.spf_query = q
-    else:
-      self.spf_query = spf.query(i='127.0.0.1', s='localhost', h='unknown')
-
-  def startElement(self,tag,attr):
-      if tag == 'm':
-	if self.has_servers != None and not self.has_servers:
-	  raise ValueError(
-    "Declared <noMailServers\> and later <m>, this CID entry is not valid."
-	  )
-	self.has_servers = True
-      elif tag == 'noMailServers':
-	if self.has_servers:
-	  raise ValueError(
-    "Declared <m> and later <noMailServers\>, this CID entry is not valid."
-	  )
-	self.has_servers = False
-      elif tag == 'ep':
-	if attr.has_key('testing') and attr.getValue('testing') == 'true':
-	  # A CID with 'testing' found:
-	  # From the MS-specs:
-	  #  "Documents in which such attribute is present with a true
-	  #  value SHOULD be entirely ignored (one should act as if the
-	  #  document were absent)"
-	  # From the SPF-specs:
-	  #  "Neutral (?): The SPF client MUST proceed as if a domain did
-	  #  not publish SPF data."
-	  # So we set SPF action to "neutral":
-	  self.action = '?all'
-      elif tag == 'mx':
-	  # The empty MX-tag, same as SPF's MX-mechanism
-	  self.spf.append('mx')
-      self.tag = tag
-
-  def characters(self,text):
-	tag = self.tag
-	# Remove starting and trailing spaces from text:
-	text = text.strip()
-
-	if tag == 'a' or tag == 'r':
-	    # The A and R tags from MS-CID are both handled by the 
-	    # ipv4/6-mechanisms from SPF:
-	    if text.find(':') < 0:
-	      mechanism = 'ip4'
-	    else:
-	      mechanism = 'ip6'
-	    self.spf.append(mechanism + ':' + text)
-	elif tag == 'indirect':
-	    # MS-CID's indirect is "sort of" the include from SPF:
-	    # Not really true, because the <indirect> tag from MS-CID also 
-	    # provides a fallback in case the included domain doesn't provide
-	    # _ep-records: The inbound MX-servers of the included domains
-	    # are added to the list of allowed outgoing mailservers for the
-	    # domain that declared the _ep-record with the <indirect> tag.
-	    # In SPF you would use the 'mx:domain' to handle this, but this
-	    # wouldn't depend on referred domain having or not SPF-records.
-	    cid_xml = self.cid_txt(text)
-	    if cid_xml:
-	      p = CIDParser()
-	      xml.sax.parseString(cid_xml,p)
-	      if p.has_servers != False:
-		self.spf += p.spf
-	    else:
-	      self.spf.append('mx:' + text)
-
-  def cid_txt(self,domain):
-    q = self.spf_query
-    domain='_ep.' + domain
-    a = q.dns_txt(domain)
-    if not a: return None
-    if a[0].lower().startswith('<ep ') and a[-1].lower().endswith('</ep>'):
-      return ''.join(a)
-    return None
-
-  def endElement(self,tag):
-      if tag == 'ep':
-	# This is the end... assemble what we've got
-	spf_entry = ['v=spf1']
-	if self.has_servers != False:
-	  spf_entry += self.spf
-	spf_entry.append(self.action)
-	self.spf_entry = ' '.join(spf_entry)
-
-  def spf_txt(self,cid_xml):
-    if not cid_xml.startswith('<'):
-      cid_xml = self.cid_txt(cid_xml)
-      if not cid_xml: return None
-    # Parse the beast. Any XML-problem will be reported by xlm.sax
-    self.spf_entry = None
-    xml.sax.parseString(cid_xml,self)
-    return self.spf_entry
-
-if __name__ == '__main__':
-  import sys
-  if len(sys.argv) < 2:
-    print >>sys.stderr, \
-      """Usage: %s "<ep xmlns='http://ms.net/1'>...</ep>" """ % sys.argv[0]
-    sys.exit(1)
-
-  cid_xml = sys.argv[1]
-
-  p = CIDParser()
-  print p.spf_txt(cid_xml)

doc/changes.ht

@@ -0,0 +1,173 @@
+Title: Recent Changes
+
+<h2> Recent Changes </h2>
+
+Python milter has been moved to 
+<a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge
+project</a> for development and release downloads.
+
+<h3> 0.8.5 </h3>
+
+Release 0.8.5 fixes some build bugs reported by Stephen Figgins.  It
+fixes many small things, like not auto-whitelisting recipients of
+outgoing mail when the subject contains "autoreply:".  There is a 
+simple trusted forwarder implementation.  If you have more than
+2 or so forwarders, we will need a way to "compile" SPF records into an
+IP set and TTL for it to be efficient (like libspf2 does).
+
+<h3> GOSSiP </h3>
+An alpha release of <a href="pygossip.html">pygossip</a> has been commited to
+CVS, module pygossip. A version of the bms.py milter has been commited to CVS
+which supports calling GOSSiP to track domain reputation in a local database.
+
+<h3> New website design </h3>
+
+Hey, I'm no artist, so I just used the
+<a href="http://ht2html.sourceforge.net/">ht2html</a> package
+by <a href="http://barry.wooz.org/">Barry Warsaw</a>.  The mascot
+is by <a href="http://alphard.ethz.ch/hafner/lebl.htm">Christian Hafner</a>,
+or maybe his wife.  I chose Maxwell's daemon because it tirelessly
+and invisibly sorts molecules, just as milters sort mail.
+Christian has also provided a fun 
+<a href="http://alphard.ethz.ch/hafner/PPS/PPS2002/Maxwell/simulation.htm">
+simulation</a> that lets you try your hand at sorting molecules.
+
+<h3> 0.8.4 </h3>
+
+Release 0.8.4 makes configuring SPF policy via access.db actually work.
+The honeypot idea is enhanced by auto-whitelisting recipients of
+email sent from selected domains.  Whitelisted messages are then used
+to train the honeypot.  This makes the honeypot screener entirely self
+training.  The smfi_progress() API is now automatically supported when present.
+An optional idx parameter to milter.addheader() invokes smfi_insheader().
+
+<h3> 0.8.3 </h3>
+
+Release 0.8.3 uses the standard logging module, and supports configuring
+more detailed SPF policy via the sendmail access map.  SMTP AUTH connections
+are considered INTERNAL.  Preventing forgery between internal domains is
+just a matter of specifying the user-domain map - I'll define something
+for the next version.  We now send DSNs when mail is quarantined (rejecting
+if DSN fails) and for SPF syntax errors (PermError).  There is an
+experimental option to add a Sender header when it is missing and the From
+domain doesn't match the MAIL FROM domain.  Next release, we may start
+renaming and replacing an existing Sender header when neither it nor the
+From domain matches MAIL FROM.  Since bogus MAIL FROMs are rejected
+(to varying degrees depending on the configured SPF policy), and
+both Sender and From and displayed by default in many email clients,
+this provides some phishing protection without rejecting mail based
+on headers.
+
+<h3> 0.8.2 </h3>
+
+Release 0.8.2 has changes to <a href="http://openspf.net">SPF</a> to bring it
+in line with the newly official RFC.  It adds 
+<a href="http://ses.codeshare.ca/">SES</a>
+support (the original SES without body hash) for pysrs-0.30.10, and honeypot
+support for pydspam-1.1.9.  There is a new method in the base milter module.
+milter.set_exception_policy(i) lets you choose a policy of CONTINUE, REJECT, or
+TEMPFAIL (default) for untrapped exceptions encountered in a milter callback.
+
+<h3> 0.8.0 </h3>
+
+Release 0.8.0 is the first <a href="http://sourceforge.net/">Sourceforge</a>
+release.  It supports Python-2.4, and provides an option to accept mail
+that gets an SPF softfail or fails the 3 strikes rule, provided the
+alleged sender accepts a DSN explaining the problem.  Python-2.3 is
+no longer supported by the reworked mime.py module, although API changes
+could be backported.  There are too many incompatible changes to the
+python email package.
+
+<h3> Older Releases </h3>
+
+Release 0.7.2 tightens the authentication screws with a "3 strikes and
+you're out" policy.  A sender must have a valid PTR, HELO, or SPF record
+to send email.  Specific senders can be whitelisted using the
+"delegate" option in the spf configuration section by adding a
+default SPF record for them.  The PTR and HELO are required
+by RFC anyway, so this is not an unreasonable requirement.
+There is now a coherent policy for an SPF softfail result.  A softfail
+is accepted if there is a valid PTR or HELO, or if the domain
+is listed in the "accept_softfail" option of the spf configuration section.
+A neutral result is accepted by default if there is a valid PTR or
+HELO, (and the SPF record was not guessed), unless the domain is listed in the
+"reject_neutral" option.  Common forms of PTR records for dynamic IPs are
+recognized, and do not count as a valid PTR.  This does not prevent anyone
+from sending mail from a dynamic IP - they just need to configure a
+valid HELO name or publish an SPF record.
+<p>
+As SPF adoption continues to rise, forged spam is not getting through.  So
+spammers are publishing their SPF records as predicted.  The 0.7.2 RPM
+now provides the <code>rhsbl</code> sendmail hack so that spammer domains
+can be blacklisted.  With the RPM installed, add a line like the following
+to your <code>sendmail.mc</code>.
+<pre>
+HACK(rhsbl,`blackholes.example.com',"550 Rejected: " $&{RHS} " has been spamming our customers.")dnl
+</pre>
+<p>
+Of course, spammers are now starting to register
+throwaway domains.  The next thing we need is a custom DNS server,
+in Python, that
+can recognize patterns.  For instance, one spammer registers ded304.com,
+ded305.com, ded306.com, etc.  We also need the custom DNS server to
+let SPF classic clients check SES (which will be part of pysrs).  
+The <a href="http://twistedmatrix.com/products/twisted">Twisted Python</a>
+framework provides a custom DNS server - but I
+would like a smaller implementation for our use.
+<p>
+The RPM for release 0.7.0 moves the config file and socket locations to
+/etc/mail and /var/run/milter respectively.  We now parse Microsoft CID records
+- but only hotmail.com uses them.  They seem to have applied for a patent on
+the brilliant idea of examining the mail headers to see who the message is
+from.  We aren't doing that here, so not to worry - but I am not a lawyer, so
+if you are worried, change spf.py around line 626 to return None instead of
+calling CIDParser().  There is a new option to reject mail with no PTR
+and no SPF.
+<p>
+Microsoft is pushing an anti-opensource license for their pending patent
+along with their sender-ID proposal before the IETF.
+It is royalty free - but requires anyone distributing a binary they've
+compiled from source to sign a license agreement.  The Apache Software
+Foundation <a
+href="http://www.apache.org/foundation/docs/sender-id-position.html"> explains
+the problem with sender-ID</a>, and Debian <a
+href="http://www.debian.org/News/2004/20040904">concurs</a>.  Since 
+the <a href="http://download.microsoft.com/download/4/3/9/439b024b-09fd-44ee-8ff0-10e834004c36/senderid_FAQ.PDF">Microsoft license</a> is
+<a href="http://www.circleid.com/article/732_0_1_0_C/">incompatible with free
+software in general</a> and the <a
+href="http://www.imc.org/ietf-mxcomp/mail-archive/msg03678.html">GPL in
+particular</a>, Python milter will not be able to implement sender-ID in its
+current form.  This was, no doubt, Microsoft's intent all along.
+<p>
+Sender-ID attempts to do for RFC2822 headers what SPF does for RFC2821 headers.
+Unlike SPF, it has never been tried, and is encumbered by a stupid patent.  I
+recommend ignoring it and continuing to implement and improve SPF until a
+working and unencumbered proposal for RFC2822 headers surfaces.
+
+<p>
+<a href="http://openspf.com">
+<img src="SPF.gif" align=left alt="SPF logo"></a>
+Release 0.6.6 adds support for <a href="http://openspf.com/">SPF</a>,
+a protocol to prevent forging of the envelope from address.  
+SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
+The included spf.py module is an updated version of the original 1.6
+version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
+The updated version tracks the draft RFC and test suite.
+<p>
+The FAQ addresses <a href="faq.html#spf">how to get started with SPF</a>.
+<p>
+Release 0.6.1 adds a full milter based dspam application.
+<p>
+I have selected the <a href="http://www.nuclearelephant.com/projects/dspam/">
+dspam bayes filter project</a> and <a href="dspam.html">
+packaged it for python</a>.
+Release 0.6.0 offers a simple application of dspam I call "header triage",
+which rejects messages with spammy headers.  
+To use header triage, you must have <a href="dspam.html">DSPAM</a> installed,
+and select a dictionary that is well moderated by someone who gets
+lots of spam.  That dictionary can be used to block spam that is 
+obvious from the headers (e.g. X-Mailer and Subject) before it ties
+up any more resources.  I have yet to see any false positives from this
+approach (check the milter log), but if there are, the sender will
+get a REJECT with the message "Your message looks spammy."
+

doc/credits.ht

@@ -0,0 +1,55 @@
+Title: Credits
+
+<h1> CREDITS </h1>
+
+<a href="mailto:Jim Niemira <urmane@urmane.org>">Jim Niemira</a>
+wrote the original C module and some quick
+and dirty python to use it.  
+<a href="mailto:Stuart Gathman <stuart@bmsi.com>">Stuart D. Gathman</a>
+took that kludge and added threading and context objects to it, wrote a proper
+OO wrapper (Milter.py) that handles attachments, did lots of testing, packaged
+it with distutils, and generally transformed it from a quick hack to a
+real, usable Python extension.
+
+<h2>Other contributors (in random order):</h2>
+
+<dl>
+<dt> <a href="http://alphard.ethz.ch/hafner/lebl.htm">Christian Hafner</a>
+  <dd>for the pymilter mascot image of 
+  <a href="http://maxwelld.netfirms.com/">
+  Maxwell's daemon</a>
+<dt>Stephen Figgins
+  <dd>for reporting problems building with sendmail-8.12, and when
+  building milter.so for the first time.
+<dt>Dave MacQuigg 
+  <dd>for noticing that smfi_insheader wasn't supported, and creating
+  a template to help first time pymilter users create their own milter.
+<dt>Terence Way
+  <dd>for providing a Python port of SPF
+<dt>Scott Kitterman
+  <dd>for doing lots of testing and debugging of SPF against draft standard,
+  and for putting up a <a href="http://www.kitterman.com/spf/validate.html">
+  web page that validates SPF</a> records using spf.py
+<dt>Alexander Kourakos
+  <dd>for plugging several memory leaks
+<dt>George Graf at Vienna University of Economics and Business Administration
+  <dd>for handling None passed to setreply and chgheader.
+<dt>Deron Meranda
+  <dd>for IPv6 patches
+<dt>Jason Erikson
+  <dd>for handling NULL hostaddr in connect callback.
+<dt>John Draper
+  <dd>for porting Python milter to OpenBSD, and starting to work on tutorials
+  then pointing out that it would be easier to just write the MTA in Python.
+<dt>Eric S. Johansson
+  <dd>for helpful design discussions while working on camram
+<dt>Alex Savguira
+  <dd>for finding bugs with international headers and
+  suggesting the scan_zip option.
+<dt><a href="http://www.bmsi.com">Business Management Systems</a>
+  <dd>for hosting the website, and providing paying clients who need milter
+  service so I can work on it as part of my day job.
+</dl>
+
+If I have left anybody out, send me a reminder: 
+<a href="mailto:Stuart Gathman <stuart@bmsi.com>">stuart@bmsi.com</a>

doc/faq.ht

@@ -1,8 +1,4 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<title>Python Milter FAQ</title>
-</head><body>
+Title: Python Milter FAQ
 
 <h1> Python Milter <a name=faq>FAQ</a> </h1>
 
@@ -22,8 +18,23 @@ shows you how to install libmilter with a separate invocation of make.
 <li> Q. Why is mfapi.h not found when I try to compile Python milter on
 RedHat 7.2?
 <p>  A. RedHat forgot to include the header in the RPM.  See the
-<a href="milter.html#rh72">RedHat 7.2 requirements</a>.
+<a href="requirements.html#rh72">RedHat 7.2 requirements</a>.
 <p>
+<li> Q. Python milter compiles ok, but I get an error like this when
+	I try to import the milter module:
+<pre>
+ImportError: /usr/lib/python2.4/site-packages/milter.so: undefined symbol: smfi_setmlreply
+</pre>
+<p>  A. Your libmilter.a is from sendmail-8.12 or earlier.  You need
+	sendmail-8.13 or later to support setmlreply.  You can disable
+	setmlreply by changing setup.py.  Change:
+<pre>
+            define_macros = [ ('MAX_ML_REPLY',32) ]
+</pre>
+in setup.py to
+<pre>
+            define_macros = [ ('MAX_ML_REPLY',1) ]
+</pre>
 
 <h3> Running Python Milter </h3>
 
@@ -103,13 +114,14 @@ If you are running bms.py, then the block_chinese option in
 
 <li> Q. Why does sendmail coredump with milters on OpenBSD?
 <p>  A. Sendmail has a problem with unix sockets on old versions of OpenBSD.
-Use an internet domain socket instead.  For example, in
+OpenBSD users report that this problem has been fixed, so upgrading
+OpenBSD will fix this.  Otherwise, you can
+use an internet domain socket instead.  For example, in
 <code>sendmail.cf</code> use
 <pre>
 Xpythonfilter, S=inet:1234@localhost
 </pre>
 and change sample.py accordingly.
-<p> OpenBSD users report that this problem has been fixed.
 <p>
 
 <li> Q. How can I change the bounce message for an invalid recipient?
@@ -143,10 +155,15 @@ Xpythonfilter, S=local:/var/log/milter/pythonsock, F=T, T=C:5m;S:20s;R:60s;E:5m
 </pre>
 <li> Q. There is a Python traceback in the log file!  What happened to
 	my email?
-<p>  A. When the milter fails with an untrapped exception, a TEMPFAIL
-result (451) is returned to the sender.  The sender will then retry every
-hour or so for several days.  Hopefully, someone will notice the 
-traceback, and workaround or fix the problem.
+<p>  A. By default, when the milter fails with an untrapped exception, a
+TEMPFAIL result (451) is returned to the sender.  The sender will then retry
+every hour or so for several days.  Hopefully, someone will notice the 
+traceback, and workaround or fix the problem.  Beginning with milter-0.8.2,
+you can call <code>milter.set_exception_policy(milter.CONTINUE)</code>
+to cause an untrapped exception to continue processing with the
+next callback or milter instead.  For
+completeness, you can also set the exception policy to
+<code>milter.REJECT</code>.
 
 <li> Q. I read some notes such as "Check valid domains allowed by internal
 	senders to detect PCs infected with spam trojans." but could not
@@ -194,5 +211,3 @@ everything up for you.  For other systems:
 </ol>
 
 </ol>
-</body>
-</html>

doc/links.h

@@ -0,0 +1,21 @@
+<!-- -*- html -*- -->
+<h3>Subsections</h3>
+<li><a href="milter.html">Introduction</a>
+<li><a href="changes.html">Changes</a>
+<li><a href="requirements.html">Requirements</a>
+<li><a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download</a>
+<li><a href="faq.html">FAQ</a>
+<li><a href="policy.html">Policies</a>
+<li><a href="logmsgs.html">Log&nbsp;Messages</a>
+<li><a href="http://bmsi.com/mailman/listinfo/pymilter">Mailing&nbsp;List</a>
+<li><a href="credits.html">CREDITS</a>
+<h3>Links</h3>
+<li><a href="http://www.milter.org/milter_api/api.html">C&nbsp;API</a>
+<li><a href="http://www.milter.org/">Milter.Org</a>
+<li><a href="http://www.python.org/">Python.Org</a>
+<li><a href="http://www.sendmail.org/">Sendmail.Org</a>
+<li><a href="http://www.openspf.org/">SPF</a>
+<li><a href="pysrs.html">pysrs</a>
+<li><a href="http://cheeseshop.python.org/pypi/pyspf">pyspf</a>
+<li><a href="http://bmsi.com/python/dspam.html">pydspam</a>
+<li><a href="http://bmsi.com/libdspam/dspam.html">libdspam</a>

doc/logmsgs.ht

@@ -0,0 +1,91 @@
+Title: Python Milter Log Documentation
+<style>
+DT              { font-weight: bolder; padding-top: 1em }
+</style>
+
+<h1> Milter Log Documentation </h1>
+
+The milter log from the bms.py application has a variety of "tags" in it that
+indicate what it did.
+
+<dl>
+<dt> DSPAM: honeypot SCREENED
+<dd> message was quarantined to the honeypot quarantine
+
+<dt> REJECT: hello SPF: fail 550 access denied
+<dt> REJECT: hello SPF: softfail 550 domain in transition
+<dt> REJECT: hello SPF: neutral 550 access neither permitted nor denied
+<dd> message was rejected because there was an SPF policy for the
+HELO name, and it did not pass.
+
+<dt> CBV: sender-17-44662668-643@bluepenmagic.com
+<dd> we performed a call back verification
+
+<dt> dspam
+<dd> dspam identifier was added to the message
+
+<dt> REJECT: spam from self: jsconnor.com
+<dd> message was reject because HELO was us (jsconnor.com)
+
+<dt> INNOC: richh
+<dd> message was used to update richh's dspam dictionary
+
+<dt> HONEYPOT: pooh@bwicorp.com
+<dd> message was sent to a honeypot address (pooh@bwicorp.com), the 
+message was added to the honeypot dspam dictionary as spam
+
+<dt> REJECT: numeric hello name: 63.217.19.146
+<dd> message was rejected because helo name was invalid (numeric)
+
+<dt> eom
+<dd> message was successfully received
+
+<dt> TEMPFAIL: CBV: 450 No MX servers available
+<dd> we tried to do a call back verification but could not look up 
+MX record, we told the sender to try again later
+
+<dt> CBV: info@emailpizzahut.com (cached)
+<dd> call back verification was needed, we had already done it recently
+
+<dt> abort after 0 body chars
+<dd> sender hung up on us
+
+<dt> REJECT: SPF fail 550 SPF fail: see 
+  http://openspf.com/why.html?sender=m.hendersonxk@163.net&ip=213.47.161.100
+<dd> message was reject because its sender's spf policy said to
+
+<dt> REJECT: Subject: Cialis - No prescription needed!
+<dd> message was rejected because its subject contained a bad expression
+
+<dt> REJECT: zombie PC at  192.168.3.37  sending MAIL FROM  seajdr@amritind.com
+<dd> message was rejected because the connect ip was internal, but the
+sender was not.  This is usually because a Windows PC is infected with
+malware.
+
+<dt> X-Guessed-SPF: pass
+<dd> When the SPF result is NONE, we guess a result based on the generic
+SPF policy "v=spf1 a/24 mx/24 ptr".
+
+<dt> DSPAM: tonyc tonyc@example.com
+<dd> message was sent to tonyc@example.com and it was identified as spam 
+and placed in the tonyc dspam quarantine
+
+<dt> REJECT: CBV: 550 calvinalstonis@ix.netcom.com...User unknown
+<dt> REJECT: CBV: 553 sorry, that domain isn't in my list
+<dt> REJECT: CBV: 554 delivery error: dd This user doesn't have an account 
+<dd> message was rejected because call back verification gave us a fatal
+error
+<dt> Auto-Whitelist: user@example.com
+<dd> recipient has been added to auto_whitelist.log because the message
+was sent from an internal IP and the recipient is not internal.
+<dt> WHITELIST user@example.com
+<dd> message is whitelisted because sender appears in auto_whitelist.log
+<dt> BLACKLIST user@example.com
+<dd> message is blacklisted because sender appears in blacklist.log or
+     failed a CBV test.
+<dt> TRAINSPAM: honeypot X-Dspam-Score: 0.002278
+<dd> message was used to train screener dictionary as spam
+<dt> TRAIN: honeypot X-Dspam-Score: 0.980203
+<dd> message was used to train screener dictionary as ham
+</dl>
+<br>

doc/milter.ht

@@ -1,33 +1,29 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Python Milters</title>
-</head><body>
+Title: Python Milters
 
 <P ALIGN="CENTER"><A HREF="http://www.anybrowser.org/campaign/">
-<IMG SRC="/art/brain1.gif"
+<IMG SRC="http://bmsi.com/art/brain1.gif"
 ALT="Viewable With Any Browser" BORDER="0"></A>
 
-<img src="/art/banner_4.gif" width="468" height="60" border="0"
+<img src="http://bmsi.com/art/banner_4.gif" width="468" height="60" border="0"
 	usemap="#banner_4" alt="Your vote?">
 <map name="banner_4">
   <area shape="rect" coords="330,25,426,59"
   	href="http://education-survey.org/" alt="I Disagree">
   <area shape="rect" coords="234,28,304,57" href="http://www.honestEd.com/" alt="I Agree">
 </map>
-
 </P>
+
+<img src="Maxwells.gif" alt="Maxwell's Daemon: pymilter mascot" align=left>
 <h1 align=center>Sendmail Milters in Python</h1>
 <h4 align=center>by <a href="mailto:%75%72%6D%61%6E%65%40%6E%65%75%72%61l%61%63%63%65%73%73%2E%63%6F%6D">Jim Niemira</a>
   and <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">
   Stuart D. Gathman</a><br>
 This web page is written by Stuart D. Gathman<br>and<br>sponsored by
 <a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br>
-Last updated Aug 28, 2005</h4>
+Last updated Dec 29, 2005</h4>
 
 See the <a href="faq.html">FAQ</a> | <a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download now</a> |
-<a href="/mailman/listinfo/pymilter">Subscribe to mailing list</a> |
+<a href="http://bmsi.com/mailman/listinfo/pymilter">Subscribe to mailing list</a> |
 <a href="#overview">Overview</a> |
 <a href="/python/dspam.html">pydspam</a> |
 <a href="/libdspam/dspam.html">libdspam</a>
@@ -45,159 +41,6 @@ separation features to enhance security.  Even better, sendmail 8.13
 supports socket maps, which makes <a href="pysrs.html">pysrs</a> much more
 efficient and secure.  I recommend upgrading.
 
-<h2> Recent Changes </h2>
-
-Python milter is being moved to 
-<a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge
-project</a> for development and release downloads.
-<p>
-Release 0.8.2 has changes to <a href="http://openspf.net">SPF</a> to bring it
-in line with the newly official RFC.  It adds 
-<a href="http://ses.codeshare.ca/">SES</a>
-support (the original SES without body hash) for pysrs-0.30.10, and honeypot
-support for pydspam-1.1.9.  There is a new method in the base milter module.
-milter.set_exception_policy(i) lets you choose a policy of CONTINUE, REJECT, or
-TEMPFAIL (default) for untrapped exceptions encountered in a milter callback.
-<p>
-Release 0.8.0 is the first <a href="http://sourceforge.net/">Sourceforge</a>
-release.  It supports Python-2.4, and provides an option to accept mail
-that gets an SPF softfail or fails the 3 strikes rule, provided the
-alleged sender accepts a DSN explaining the problem.  Python-2.3 is
-no longer supported by the reworked mime.py module, although API changes
-could be backported.  There are too many incompatible changes to the
-python email package.
-<p>
-Release 0.7.2 tightens the authentication screws with a "3 strikes and
-you're out" policy.  A sender must have a valid PTR, HELO, or SPF record
-to send email.  Specific senders can be whitelisted using the
-"delegate" option in the spf configuration section by adding a
-default SPF record for them.  The PTR and HELO are required
-by RFC anyway, so this is not an unreasonable requirement.
-There is now a coherent policy for an SPF softfail result.  A softfail
-is accepted if there is a valid PTR or HELO, or if the domain
-is listed in the "accept_softfail" option of the spf configuration section.
-A neutral result is accepted by default if there is a valid PTR or
-HELO, (and the SPF record was not guessed), unless the domain is listed in the
-"reject_neutral" option.  Common forms of PTR records for dynamic IPs are
-recognized, and do not count as a valid PTR.  This does not prevent anyone
-from sending mail from a dynamic IP - they just need to configure a
-valid HELO name or publish an SPF record.
-<p>
-As SPF adoption continues to rise, forged spam is not getting through.  So
-spammers are publishing their SPF records as predicted.  The 0.7.2 RPM
-now provides the <code>rhsbl</code> sendmail hack so that spammer domains
-can be blacklisted.  With the RPM installed, add a line like the following
-to your <code>sendmail.mc</code>.
-<pre>
-HACK(rhsbl,`blackholes.example.com',"550 Rejected: " $&{RHS} " has been spamming our customers.")dnl
-</pre>
-<p>
-Of course, spammers are now starting to register
-throwaway domains.  The next thing we need is a custom DNS server,
-in Python, that
-can recognize patterns.  For instance, one spammer registers ded304.com,
-ded305.com, ded306.com, etc.  We also need the custom DNS server to
-let SPF classic clients check SES (which will be part of pysrs).  
-The <a href="http://twistedmatrix.com/products/twisted">Twisted Python</a>
-framework provides a custom DNS server - but I
-would like a smaller implementation for our use.
-<p>
-The RPM for release 0.7.0 moves the config file and socket locations to
-/etc/mail and /var/run/milter respectively.  We now parse Microsoft CID records
-- but only hotmail.com uses them.  They seem to have applied for a patent on
-the brilliant idea of examining the mail headers to see who the message is
-from.  We aren't doing that here, so not to worry - but I am not a lawyer, so
-if you are worried, change spf.py around line 626 to return None instead of
-calling CIDParser().  There is a new option to reject mail with no PTR
-and no SPF.
-<p>
-Microsoft is pushing an anti-opensource license for their pending patent
-along with their sender-ID proposal before the IETF.
-It is royalty free - but requires anyone distributing a binary they've
-compiled from source to sign a license agreement.  The Apache Software
-Foundation <a
-href="http://www.apache.org/foundation/docs/sender-id-position.html"> explains
-the problem with sender-ID</a>, and Debian <a
-href="http://www.debian.org/News/2004/20040904">concurs</a>.  Since 
-the <a href="http://download.microsoft.com/download/4/3/9/439b024b-09fd-44ee-8ff0-10e834004c36/senderid_FAQ.PDF">Microsoft license</a> is
-<a href="http://www.circleid.com/article/732_0_1_0_C/">incompatible with free
-software in general</a> and the <a
-href="http://www.imc.org/ietf-mxcomp/mail-archive/msg03678.html">GPL in
-particular</a>, Python milter will not be able to implement sender-ID in its
-current form.  This was, no doubt, Microsoft's intent all along.
-<p>
-Sender-ID attempts to do for RFC2822 headers what SPF does for RFC2821 headers.
-Unlike SPF, it has never been tried, and is encumbered by a stupid patent.  I
-recommend ignoring it and continuing to implement and improve SPF until a
-working and unencumbered proposal for RFC2822 headers surfaces.
-
-<p>
-<a href="http://openspf.com">
-<img src="SPF.gif" align=left alt="SPF logo"></a>
-Release 0.6.6 adds support for <a href="http://openspf.com/">SPF</a>,
-a protocol to prevent forging of the envelope from address.  
-SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
-The included spf.py module is an updated version of the original 1.6
-version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
-The updated version tracks the draft RFC and test suite.
-<p>
-The FAQ addresses <a href="faq.html#spf">how to get started with SPF</a>.
-<p>
-Release 0.6.1 adds a full milter based dspam application.
-<p>
-I have selected the <a href="http://www.nuclearelephant.com/projects/dspam/">
-dspam bayes filter project</a> and <a href="dspam.html">
-packaged it for python</a>.
-Release 0.6.0 offers a simple application of dspam I call "header triage",
-which rejects messages with spammy headers.  
-To use header triage, you must have <a href="dspam.html">DSPAM</a> installed,
-and select a dictionary that is well moderated by someone who gets
-lots of spam.  That dictionary can be used to block spam that is 
-obvious from the headers (e.g. X-Mailer and Subject) before it ties
-up any more resources.  I have yet to see any false positives from this
-approach (check the milter log), but if there are, the sender will
-get a REJECT with the message "Your message looks spammy."
-
-<h2> Enough Already! </h2>
-
-Nearly a dozen people have emailed me begging for a feature to copy
-outgoing and/or incoming mail to a backup directory by user.  Ok, it
-looks like this is a most requested feature for 0.5.6.  In the meantime,
-here are some things to consider:
-<ul>
-<li> If you want to equivalent of a Bcc added to each message, this
-is very easy to do in the python code for bms.py.   See below.
-<li> If you want to copy to a file in a directory (thus avoiding having to
-set up aliases), this is slightly more involved.  The bms.py milter already
-copies the message to a temporary file for use in replacing the message body
-when banned attachments are found.  You have to open a file, and copy the
-Mesage object to it in eom().
-<li> Finally, you are probably aware that most email clients already
-keep a copy of outgoing mail?  Presumably there is a good reason for
-keeping another copy on the server.
-</ul>
-<p>
-To Bcc a message, call <code>self.add_recipient(rcpt)</code> in envfrom after
-determining whether you want to copy (e.g. whether the sender is local).  For
-example,
-<pre>
-  def envfrom(...
-    ...
-    if len(t) == 2:
-      self.rejectvirus = t[1] in reject_virus_from
-      if t[0] in wiretap_users.get(t[1],()):
-	self.add_recipient(wiretap_dest)
-      if t[1] == 'mydomain.com':
-        self.add_recipient('&lt;copy-%s&gt;' % t[0])
-      ...
-</pre>
-<p>
-To make this a generic feature requires thinking about how the configuration
-would look.  Feel free to make specific suggestions about config file
-entries.  Be sure to handle both Bcc and file copies, and designating what
-mail should be copied.  How should "outgoing" be defined?  Implementing it is
-easy once the configuration is designed.
-
 <h3><a name=overview>Overview</a></h3>
 
 This package provides a robust toolkit for Python <a
@@ -245,6 +88,8 @@ content filtering.  SPF checking
 requires <a href="http://pydns.sourceforge.net/">
 pydns</a>.  Configuration documentation is currently included as comments
 in the <a href="milter.cfg">sample config file</a> for the bms.py milter.
+See also the <a href="HOWTO">HOWTO</a> and <a href="logmsgs.html">
+Milter Log Message Tags</a>.
 <p>
 Python milter is under GPL.  The authors can probably be convinced to
 change this to LGPL if needed.
@@ -376,8 +221,14 @@ me if you successfully install milter on a system not mentioned below.
 <td>0.5.5</td><tr>
 <td>RedHat 7.3</td><td>gcc-2.96</td><td>2.3.3</td><td>8.13.1</td>
 <td>0.7.2</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
 <td>RedHat 8.0</td><td>gcc-3.2</td><td>2.2.1</td><td>8.12.6</td>
 <td>0.5.2</td><tr>
+<td>RedHat 9.0</td><td>gcc-3.2.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.2</td><tr>
+<td>RedHat EL3</td><td>gcc-3.2.3</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
 <td>Debian Linux</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.0</td>
 <td>0.3.7</td><tr>
 <td>Debian Linux</td><td>gcc-3.2.2</td><td>2.2.2</td><td>8.12.7</td>
@@ -388,8 +239,8 @@ me if you successfully install milter on a system not mentioned below.
 <td>0.3.4</td><tr>
 <td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.3</td><td>8.12.3</td>
 <td>0.4.2</td><tr>
-<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.2.3</td><td>8.13.1</td>
-<td>0.7.1</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.4</td><tr>
 <td>Slackware 7.1</td><td>?</td><td>?</td><td>8.12.1</td>
 <td>0.3.8</td><tr>
 <td>Slackware 9.0</td><td>gcc-3.2.2</td><td>2.2.3</td><td>8.12.9</td>
@@ -403,108 +254,54 @@ me if you successfully install milter on a system not mentioned below.
 <td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.2</td><td>?</td>
 <td>0.5.5</td><tr>
 <td>FreeBSD 4.4</td><td>gcc-2.95.3</td><td>?</td><td>8.12.10</td>
-<td>0.6.6</td><tr>
-
+<td>0.6.6</td>
 </table>
 
-<h3> Requirements </h3>
+<h2> Enough Already! </h2>
 
-<menu>
-<li> While the miltermodule will work with python 1.5, you probably
-want to use python 2.0 or better.  The python code uses a number of
-python 2 features.
-<li> Python must be configured with thread support.  This is because
-sendmail's libmilter requires thread support.
-<li> You must compile sendmail with libmilter enabled.  In versions of
-sendmail prior to 8.12 libmilter is marked FFR (For Future Release) and
-is not installed by default.  
-Sendmail 8.12 still does not enable libmilter by default.  You must 
-explicitly select the "MILTER" option when compiling.  
-<li> Python milter has been tested against sendmail-8.11 and sendmail-8.12.
-<li> Python milter must be compiled for the specific version of sendmail
-it will run with.  (Since the result is dynamically loaded, there could 
-conceivably be multiple versions available and selected at startup - but
-that will have to wait.)  This situation may only exist for sendmail
-versions prior to 8.12.  The protocol seems designed for backward 
-compatibility - and 8.12 is the first official milter release.
-<li> Mea Culpa!  After reading the Python Style guide, I realize that
-my Python code is not up to snuff.  Apparently mixed tabs and spaces
-are anathema to those using Windows editors, where tabs can be expanded using
-any arbitrary algorithm.  Other than that, my
-intuition matched Guido's pretty well - although I like to indent by 2
-rather than 4.  I will arrange to have tabs expanded to spaces when
-exporting new versions.  Until then, beware!
-</menu>
-
-<h3> <a name="aix4"> AIX 4.1.5 Requirements </a> </h3>
-To create sendmail RPMs for AIX, you can download my AIX 4.1.5 spec files 
-for <a href="/aix/sendmail.spec">sendmail-8.11.5</a> 
-or <a href="/aix/sendmail12.spec">sendmail-8.12.3</a>.  If you have
-not already set it up, I use a <a href="/aix/aix.spec">dummy RPM package</a>
-to represent the stuff that comes with AIX.  You might also want
-my <a href="/aix/python.spec">python-2.1.1</a> spec file for AIX.  It
-does not include Tk or curses modules, sorry.  If y'all trust me, you can
-download rpms for AIX 4.x from my <a href="/aix">AIX RPM directory</a>.
+Nearly a dozen people have emailed me begging for a feature to copy
+outgoing and/or incoming mail to a backup directory by user.  Ok, it
+looks like this is a most requested feature for 0.5.6.  In the meantime,
+here are some things to consider:
+<ul>
+<li> If you want to equivalent of a Bcc added to each message, this
+is very easy to do in the python code for bms.py.   See below.
+<li> If you want to copy to a file in a directory (thus avoiding having to
+set up aliases), this is slightly more involved.  The bms.py milter already
+copies the message to a temporary file for use in replacing the message body
+when banned attachments are found.  You have to open a file, and copy the
+Mesage object to it in eom().
+<li> Finally, you are probably aware that most email clients already
+keep a copy of outgoing mail?  Presumably there is a good reason for
+keeping another copy on the server.
+</ul>
 <p>
-Sendmail-8.12 renames 
-libsmutil.a to libsm.a.  Unfortunately, libsm.a is an important AIX system
-shared library.  Therefore, I rename libsm.a back to libsmutil.a for
-AIX.  This presents a problem for setup.py.
-
-<h3> <a name="rh72"> RedHat 7.2 Requirements </a> </h3>
-
-If you are running Redhat 7.2, the distributed version of sendmail
-now enables libmilter by default.  RedHat 7.2 bundles
-the development libraries with the main sendmail package, so
-there is no sendmail-devel package.  However, they forgot to include the
-headers!  So you'll have to get the SRPM and modify it.  I suggest
-moving the static libs to a devel package and adding the headers.  If
-this is too much trouble, you can get the <a href="mfapi.h">mfapi.h</a>
-header for sendmail-8.6.11 from here and manually install it as
-<code>/usr/include/libmilter/mfapi.h</code>.
+To Bcc a message, call <code>self.add_recipient(rcpt)</code> in envfrom after
+determining whether you want to copy (e.g. whether the sender is local).  For
+example,
+<pre>
+  def envfrom(...
+    ...
+    if len(t) == 2:
+      self.rejectvirus = t[1] in reject_virus_from
+      if t[0] in wiretap_users.get(t[1],()):
+	self.add_recipient(wiretap_dest)
+      if t[1] == 'mydomain.com':
+        self.add_recipient('&lt;copy-%s&gt;' % t[0])
+      ...
+</pre>
 <p>
-If you do modify the SRPM, I suggest renaming libsmutil.a
-to libsm.a - just like sendmail-8.12 will.  If you manually install
-mfapi.h or don't rename libsmutil.a, you'll
-need to force <code>libs = ["milter", "smutil"]</code> in setup.py.
-<p>
-If you have installed python2, and want
-python-milter to use python2, add <code>python=python2</code> to setup.cfg
-and build with <code>python2 setup.py bdist_rpm</code>.   
+To make this a generic feature requires thinking about how the configuration
+would look.  Feel free to make specific suggestions about config file
+entries.  Be sure to handle both Bcc and file copies, and designating what
+mail should be copied.  How should "outgoing" be defined?  Implementing it is
+easy once the configuration is designed.
 
-<h3> <a name="rh62"> Redhat 6.2 Requirements </a> </h3>
-
-If you are running Redhat 6.2, the distributed version of sendmail
-does not enable libmilter.  You can download the Redhat 7.2 sendmail.spec
-modified to compile on RedHat 6.2:
-<a href="http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec">
-sendmail-rhmilter.spec</a>.  The <a
-href="ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-1.7.0.src.rpm">
-SRPM for sendmail-8.11.6</a> is available from
-<a href="http://www.redhat.com">Redhat</a> under 
-<a href="http://www.redhat.com/support/errata/RHSA-2001-106.html">
-Errata for RH6.2</a>.  But that doesn't include the latest security
-patches since RH6.2 is no longer supported.
-<p>
-If y'all trust me, you can pick up source and binary sendmail RPMs for RH6.2
-from my <a href="http://www.bmsi.com/linux/rh62">linux downloads</a> directory.
-The lastest RPMs were built by taking a RH7.2 SRPMS and removing some
-RPM features from the spec file that RH6.2 doesn't support, then
-recompiling on RH6.2.  You can check this by installing the RH7.2 SRPM,
-then diffing my sendmail.spec with theirs.  Then run
-"rpm -bb sendmail-rhmilter.spec" when you are satisfied.
-<p>
-If you have installed python2, and want
-python-milter to use python2, add <code>python=python2</code> to setup.cfg
-and build with <code>python2 setup.py bdist_rpm</code>.
-You'll need to install the sendmail-devel package to compile milter.
 
 <hr>
 <p>
 <a href="http://validator.w3.org/check/referer">
-<img border=0 src="/vh32.png" alt=" [ Valid HTML 3.2! ] " height=31 width=88></a>
+<img border=0 src="http://bmsi.com/vh32.png" alt=" [ Valid HTML 3.2! ] " height=31 width=88></a>
 <a href="http://www.redhat.com">
-<img src="/art/powered_by.gif" width="88" height="31" alt=" [ Powered By Red Hat Linux ] " border="0"></a>
+<img src="http://bmsi.com/art/powered_by.gif" width="88" height="31" alt=" [ Powered By Red Hat Linux ] " border="0"></a>
 </p>
-
-</body></html>

doc/policy.ht

@@ -1,11 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<title>Python Milter Mail Policy </title>
-</head><body>
+Title: Python Milter Mail Policy
 
 <h1> Python Milter Mail Policy </h1>
 
+These are the policies implemented by the <code>bms.py</code> milter
+application.  The milter and Milter modules do not implement any policies
+by themselves.  Eventually, I'll get the bms.py milter moved to its
+own package.
+
 <h3> Classify connection </h3>
 
 When the SMTP client connects, the connection IP address is
@@ -72,7 +73,9 @@ The wiretap feature can screen and/or monitor mail to/from certain
 users.  If the MAIL FROM is being wiretapped, the recipients are
 altered accordingly.
 
-<h4> SPF check </h4>
+<!--table-stop-->
+
+<h2> SPF check </h2>
 
 Finally, the MAIL FROM, connect IP, and HELO name are checked against
 any SPF records published via DNS for the alleged sender (MAIL FROM).
@@ -232,6 +235,3 @@ should retry the message at a later time.
 </td></tr>
 
 </table>
-
-</body>
-</html>

doc/requirements.ht

@@ -0,0 +1,99 @@
+Title: Requirements
+
+<h2> Requirements </h2>
+
+<menu>
+<li> While the miltermodule will work with python 1.5, you probably
+want to use python 2.0 or better.  The python code uses a number of
+python 2 features.  The email support requires python 2.4.
+<li> Python must be configured with thread support.  This is because
+pymilter uses sendmail's libmilter which requires thread support.
+<li> You must compile sendmail with libmilter enabled.  In versions of
+sendmail prior to 8.12 libmilter is marked FFR (For Future Release) and
+is not installed by default.  
+Sendmail 8.12 still does not enable libmilter by default.  You must 
+explicitly select the "MILTER" option when compiling.  
+<li> When compiling Python milter against sendmail versions earlier than
+8.13, you must set MAX_ML_REPLY to 1 in setup.py.  There is no way to tell from
+the libmilter includes that smfi_setmlreply is not supported.
+<li> You probably want to use sendmail-8.13, since that supports multi-line
+SMTP error descriptions and SOCKETMAP.  You want SOCKETMAP for use with
+pysrs.
+<li> Python milter has been tested against sendmail-8.11 through sendmail-8.13.
+<li> Python milter must be compiled for the specific version of sendmail
+it will run with.  (Since the result is dynamically loaded, there could 
+conceivably be multiple versions available and selected at startup - but
+that will have to wait.)  This situation may only exist for sendmail
+versions prior to 8.12.  The protocol seems designed for backward 
+compatibility - and 8.12 is the first official milter release.
+<li> Mea Culpa!  After reading the Python Style guide, I realize that
+my Python code is not up to snuff.  Apparently mixed tabs and spaces
+are anathema to those using Windows editors, where tabs can be expanded using
+any arbitrary algorithm.  Other than that, my
+intuition matched Guido's pretty well - although I like to indent by 2
+rather than 4.  I will arrange to have tabs expanded to spaces when
+exporting new versions.  Until then, beware!
+</menu>
+
+<h3> <a name="aix4"> AIX 4.1.5 Requirements </a> </h3>
+To create sendmail RPMs for AIX, you can download my AIX 4.1.5 spec files 
+for <a href="/aix/sendmail.spec">sendmail-8.11.5</a> 
+or <a href="/aix/sendmail12.spec">sendmail-8.12.3</a>.  If you have
+not already set it up, I use a <a href="/aix/aix.spec">dummy RPM package</a>
+to represent the stuff that comes with AIX.  You might also want
+my <a href="/aix/python.spec">python-2.1.1</a> spec file for AIX.  It
+does not include Tk or curses modules, sorry.  If y'all trust me, you can
+download rpms for AIX 4.x from my <a href="/aix">AIX RPM directory</a>.
+<p>
+Sendmail-8.12 renames 
+libsmutil.a to libsm.a.  Unfortunately, libsm.a is an important AIX system
+shared library.  Therefore, I rename libsm.a back to libsmutil.a for
+AIX.  This presents a problem for setup.py.
+
+<h3> <a name="rh72"> RedHat 7.2 Requirements </a> </h3>
+
+If you are running Redhat 7.2, the distributed version of sendmail
+now enables libmilter by default.  RedHat 7.2 bundles
+the development libraries with the main sendmail package, so
+there is no sendmail-devel package.  However, they forgot to include the
+headers!  So you'll have to get the SRPM and modify it.  I suggest
+moving the static libs to a devel package and adding the headers.  If
+this is too much trouble, you can get the <a href="mfapi.h">mfapi.h</a>
+header for sendmail-8.6.11 from here and manually install it as
+<code>/usr/include/libmilter/mfapi.h</code>.
+<p>
+If you do modify the SRPM, I suggest renaming libsmutil.a
+to libsm.a - just like sendmail-8.12 will.  If you manually install
+mfapi.h or don't rename libsmutil.a, you'll
+need to force <code>libs = ["milter", "smutil"]</code> in setup.py.
+<p>
+If you have installed python2, and want
+python-milter to use python2, add <code>python=python2</code> to setup.cfg
+and build with <code>python2 setup.py bdist_rpm</code>.   
+
+<h3> <a name="rh62"> Redhat 6.2 Requirements </a> </h3>
+
+If you are running Redhat 6.2, the distributed version of sendmail
+does not enable libmilter.  You can download the Redhat 7.2 sendmail.spec
+modified to compile on RedHat 6.2:
+<a href="http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec">
+sendmail-rhmilter.spec</a>.  The <a
+href="ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-1.7.0.src.rpm">
+SRPM for sendmail-8.11.6</a> is available from
+<a href="http://www.redhat.com">Redhat</a> under 
+<a href="http://www.redhat.com/support/errata/RHSA-2001-106.html">
+Errata for RH6.2</a>.  But that doesn't include the latest security
+patches since RH6.2 is no longer supported.
+<p>
+If y'all trust me, you can pick up source and binary sendmail RPMs for RH6.2
+from my <a href="http://www.bmsi.com/linux/rh62">linux downloads</a> directory.
+The lastest RPMs were built by taking a RH7.2 SRPMS and removing some
+RPM features from the spec file that RH6.2 doesn't support, then
+recompiling on RH6.2.  You can check this by installing the RH7.2 SRPM,
+then diffing my sendmail.spec with theirs.  Then run
+"rpm -bb sendmail-rhmilter.spec" when you are satisfied.
+<p>
+If you have installed python2, and want
+python-milter to use python2, add <code>python=python2</code> to setup.cfg
+and build with <code>python2 setup.py bdist_rpm</code>.
+You'll need to install the sendmail-devel package to compile milter.

milter.cfg

@@ -8,7 +8,7 @@ tempdir = /var/log/milter/save
 log_headers = 0
 # connection ips and hostnames are matched against this glob style list
 # to recognize internal senders.
-;internal_connect = 192.168.*.*
+;internal_connect = 192.168.*.*,127.*
 
 # mail that is not an internal_connect and claims to be from an
 # internal domain is rejected.  Furthermore, internal mail that
@@ -17,7 +17,7 @@ log_headers = 0
 # flexible.  However, SPF is not currently checked for outgoing
 # (internal_connect) mail because it doesn't yet handle authorizing 
 # internal IPs locally.
-;internal_domains = mycorp.com
+;internal_domains = mycorp.com,localhost.localdomain
 
 # connections from a trusted relay can trust the first Received header
 # SPF checks are bypassed for internal connections and trusted relays.
@@ -31,17 +31,20 @@ log_headers = 0
 # Reject mail for domains mentioned unless user is mentioned here also
 ;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
 
+# Treat localparts in milter.cfg as case-insensitive
+case_sensitive_localpart = true
+
 # features intended to filter or block incoming mail
 [defang]
 
 # do virus scanning on attached messages also
-scan_rfc822 = 1
+scan_rfc822 = 0
 # do virus scanning on attached zipfiles also
 scan_zip = 0
 # Comment out scripts in HTML attachments.  Can be CPU intensive.
 scan_html = 0
 # reject messages with asian fonts because we can't read them
-block_chinese = 1
+block_chinese = 0
 # list users who hate forwarded mail
 ;block_forward = egghead@mycorp.com, busybee@mycorp.com
 # reject mail with these case insensitive strings in the subject
@@ -99,6 +102,11 @@ reject_spoofed = 0
 # doesn't match MAIL FROM.  Outlook and other email clients will then display
 # something like: "Sent by sender@domain.com on behalf of from@example.com"
 ;supply_sender = 0
+# Connections that get an SPF pass for a pretend MAIL FROM of 
+# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
+# This is for non-SRS forwarders.  It is a simple implementation that
+# is inefficient for more than a few entries.
+;trusted_forwarder = careerbuilder.com
 
 # features intended to clean up outgoing mail
 [scrub]
@@ -120,11 +128,15 @@ blind = 1
 # discard outgoing mail without alerting sender
 # can be used in conjunction with wiretap to censor outgoing mail
 ;discard_users = canned@bigcorp.com
+# archive copies all delivered mail to a file
+;mail_archive = /var/log/mail_archive
+
 #
 # smart aliases trigger on both sender and recipient
+#   alias = sender, recipient[, destination]
 #
-;smart_alias = copycust,walter,spy1,spy2
-# multiple wiretap monitors
+[smart_alias]
+# multiple wiretap monitors.  Smart aliases are applied after wiretap.
 ;spy1 = disloyal@bigcorp.com,spy@bigcorp.com
 ;spy2 = bigmouth@bigcorp.com,spy@bigcorp.com
 # mail from client@clientcorp.com to sue@bigcorp.com is redirected to 
@@ -137,7 +149,7 @@ blind = 1
 ;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com,
 ;	walter@bigcorp.com
 ;bulk = soruce@telex.com,bob@jsconnor.com
-;bulk = soruce@telex.com,larry@jsconnor.com
+;bulk1 = soruce@telex.com,larry@jsconnor.com,bulk
 
 # See http://bmsi.com/python/dspam.html
 [dspam]
@@ -146,7 +158,13 @@ blind = 1
 # only EXTERNAL messages are dspam filtered
 ;dspam_dict=/var/lib/dspam/moderator.dict
 
-# Opt-opt recipients from dspam screening and header triage
+# Recipients of mail sent from these senders are added to the auto_whitelist.
+# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
+# messages from auto_whitelisted senders will be used to train screener
+# dictionaries as innocent mail.
+;whitelist_senders = @mycorp.com
+
+# Opt-out recipients entirely from dspam screening and header triage
 ;dspam_exempt=getitall@mycorp.com
 # Do not scan mail (ostensibly) from these senders
 ;dspam_whitelist=getitall@sender.com

milter.rc

@@ -5,7 +5,7 @@
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
-# config: /var/log/milter/bms.py
+# config: /etc/mail/pymilter.cfg
 # pidfile: /var/run/milter/milter.pid
 
 python="python2.3"

milter.rc7

@@ -5,7 +5,7 @@
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
-# config: /var/log/milter/bms.py
+# config: /etc/mail/pymilter.cfg
 # pidfile: /var/run/milter/milter.pid
 
 python="python2.3"

milter.spec

@@ -1,23 +1,20 @@
 %define name milter
-%define version 0.8.3
-%define release 1.RH7
+%define version 0.8.7
+%define release 1
 # what version of RH are we building for?
-%define redhat9 0
-%define redhat7 1
-%define redhat6 0
+%define redhat7 0
 
 # Options for Redhat version 6.x:
-# rpm -ba|--rebuild --define "rh6 1"
-%{?rh6:%define redhat7 0}
-%{?rh6:%define redhat6 1}
+# rpm -ba|--rebuild --define "rh7 1"
+%{?rh7:%define redhat7 1}
 
 # some systems dont have initrddir defined
 %{?_initrddir:%define _initrddir /etc/rc.d/init.d}
 
-%if %{redhat9}
-%define sysvinit milter.rc
-%else	# Redhat 7.x and earlier (multiple ps lines per thread)
+%if %{redhat7} # Redhat 7.x and earlier (multiple ps lines per thread)
 %define sysvinit milter.rc7
+%else	
+%define sysvinit milter.rc
 %endif
 # RH9, other systems (single ps line per process)
 %ifos Linux
@@ -39,23 +36,29 @@ Prefix: %{_prefix}
 Vendor: Stuart D. Gathman <stuart@bmsi.com>
 Packager: Stuart D. Gathman <stuart@bmsi.com>
 Url: http://www.bmsi.com/python/milter.html
-Requires: %{python} >= 2.4, sendmail >= 8.12.10
+Requires: %{python} >= 2.4, sendmail >= 8.13
 %ifos Linux
 Requires: chkconfig
 %endif
-BuildRequires: %{python}-devel , sendmail-devel >= 8.12.10
+BuildRequires: %{python}-devel >= 2.4, sendmail-devel >= 8.13
 
 %description
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
-modules provide for navigating and modifying MIME parts.
+modules provide for navigating and modifying MIME parts, sending
+DSNs, and doing CBV.
 
 %prep
 %setup
-#%patch -p1
+#patch -p0 -b .bms
 
 %build
-env CFLAGS="$RPM_OPT_FLAGS" %{python} setup.py build
+%if %{redhat7}
+  LDFLAGS="-s"
+%else # Redhat builds debug packages after 7.3
+  LDFLAGS="-g"
+%endif
+env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{python} setup.py build
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -86,6 +89,8 @@ cat >$RPM_BUILD_ROOT/etc/cron.daily/milter <<'EOF'
 #!/bin/sh
 
 find /var/log/milter/save -mtime +7 | xargs $R rm
+# work around memory leak
+/etc/init.d/milter condrestart
 EOF
 chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
 
@@ -146,7 +151,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %files -f INSTALLED_FILES
 %defattr(-,root,root)
-%doc README HOWTO NEWS TODO CREDITS sample.py
+%doc README HOWTO ChangeLog NEWS TODO CREDITS sample.py
 /etc/logrotate.d/milter
 /etc/cron.daily/milter
 %ifos aix4.1
@@ -169,7 +174,51 @@ rm -rf $RPM_BUILD_ROOT
 /usr/share/sendmail-cf/hack/rhsbl.m4
 
 %changelog
-* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
+* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
+- More lame bounce heuristics
+- SPF moved to pyspf RPM
+- wiretap archive option
+- Do plain CBV if missing template
+* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
+- Support CBV timeout
+- Support fail template, headers in templates
+- Create GOSSiP record only when connection will procede to DATA.
+- More SPF lax heuristics
+- Don't require SPF pass for white/black listing mail from trusted relay.
+- Support localpart wildcard for white and black lists.
+* Thu Feb 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-1
+- Delay reject of unsigned RCPT for postmaster and abuse only
+- Fix dsn reporting of hard permerror
+- Resolve FIXME for wrap_close in miltermodule.c
+- Add Message-ID to DSNs
+- Use signed Message-ID in delayed reject to blacklist senders
+- Auto-train via blacklist and auto-whitelist
+- Don't check userlist for signed MFROM
+- Accept but skip DSPAM and training for whitelisted senders without SPF PASS
+- Report GC stats 
+- Support CIDR matching for IP lists
+- Support pysrs sign feature
+- Support localpart specific SPF policy in access file
+* Thu Dec 29 2005 Stuart Gathman <stuart@bmsi.com> 0.8.5-1
+- Simple trusted_forwarder implementation.
+- Fix access_file neutral policy
+- Move Received-SPF header to beginning of headers
+- Supply keyword info for all results in Received-SPF header.
+- Move guessed SPF result to separate header
+- Activate smfi_insheader only when SMFIR_INSHEADER defined
+- Handle NULL MX in spf.py
+- in-process GOSSiP server support (to be extended later)
+- Expire CBV cache and renew auto-whitelist entries
+* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2
+- Don't supply sender when MFROM is subdomain of header from/sender.
+- Don't send quarantine DSN for DSNs
+- Skip dspam for replies/DSNs to signed MFROM
+* Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
+- Fix SPF policy via sendmail access map (case insensitive keys).
+- Auto whitelist senders, train screener on whitelisted messages
+- Optional idx parameter to addheader to invoke smfi_insheader
+- Activate progress when SMFIR_PROGRESS defined
+* Wed Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
 - Keep screened honeypot mail, but optionally discard honeypot only mail.
 - spf_accept_fail option for braindead SPF senders (treats fail like softfail)
 - Consider SMTP AUTH connections internal.

miltermodule.c

@@ -34,6 +34,18 @@ $ python setup.py help
      libraries=["milter","smutil","resolv"]
 
  * $Log$
+ * Revision 1.9  2005/12/23 21:46:36  customdesigned
+ * Compile on sendmail-8.12 (ifdef SMFIR_INSHEADER)
+ *
+ * Revision 1.8  2005/10/20 23:23:36  customdesigned
+ * Include smfi_progress is SMFIR_PROGRESS defined
+ *
+ * Revision 1.7  2005/10/20 23:04:46  customdesigned
+ * Add optional idx for position of added header.
+ *
+ * Revision 1.6  2005/07/15 22:18:17  customdesigned
+ * Support callback exception policy
+ *
  * Revision 1.5  2005/06/24 04:20:07  customdesigned
  * Report context allocation error.
  *
@@ -277,7 +289,7 @@ _find_context(PyObject *c) {
   if (c->ob_type == &milter_ContextType) {
     milter_ContextObject *self = (milter_ContextObject *)c;
     ctx = self->ctx;
-    if (smfi_getpriv(ctx) != self)
+    if (ctx != NULL && smfi_getpriv(ctx) != self)
       ctx = NULL;
   }
   if (ctx == NULL)
@@ -285,23 +297,6 @@ _find_context(PyObject *c) {
   return ctx;
 }
 
-/* Release the Python Context for a SMFICTX.  */
-static void
-_clear_context(SMFICTX *ctx) {
-  milter_ContextObject *self = smfi_getpriv(ctx);
-  if (self) {
-    PyThreadState *t = self->t;
-    PyEval_AcquireThread(t);
-    self->t = 0;
-    self->ctx = 0;
-    smfi_setpriv(ctx,0);
-    Py_DECREF(self);
-    PyThreadState_Clear(t);
-    PyEval_ReleaseThread(t);
-    PyThreadState_Delete(t);
-  }
-}
-
 static void
 milter_Context_dealloc(PyObject *s) {
   milter_ContextObject *self = (milter_ContextObject *)s;
@@ -535,13 +530,19 @@ milter_set_exception_policy(PyObject *self, PyObject *args) {
   return NULL;
 }
 
+static void
+_release_thread(PyThreadState *t) {
+  if (t != NULL)
+    PyEval_ReleaseThread(t);
+}
+
 /** Report and clear any python exception before returning to libmilter. 
   The interpreter is locked when we are called, and we unlock it.  */
 static int _report_exception(milter_ContextObject *self) {
   if (PyErr_Occurred()) {
     PyErr_Print();
     PyErr_Clear();	/* must clear since not returning to python */
-    PyEval_ReleaseThread(self->t);
+    _release_thread(self->t);
     switch (exception_policy) {
       case SMFIS_REJECT:
 	smfi_setreply(self->ctx, "554", "5.3.0", "Filter failure");
@@ -552,7 +553,7 @@ static int _report_exception(milter_ContextObject *self) {
     }
     return SMFIS_CONTINUE;
   }
-  PyEval_ReleaseThread(self->t);
+  _release_thread(self->t);
   return SMFIS_CONTINUE;
 }
 
@@ -571,7 +572,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
   retval = PyInt_AsLong(result);
   Py_DECREF(result);
   if (PyErr_Occurred()) return _report_exception(self);
-  PyEval_ReleaseThread(self->t);
+  _release_thread(self->t);
   return retval;
 }
 
@@ -768,17 +769,23 @@ milter_wrap_close(SMFICTX *ctx) {
   PyObject *cb = close_callback;
   milter_ContextObject *self = smfi_getpriv(ctx);
   int r = SMFIS_CONTINUE;
-  if (self != NULL && cb != NULL && self->ctx == ctx) {
-    PyObject *arglist;
-    PyEval_AcquireThread(self->t);
-    arglist = Py_BuildValue("(O)", self);
+  if (self != NULL) {
+    PyThreadState *t = self->t;
+    PyEval_AcquireThread(t);
+    self->t = 0;
+    if (cb != NULL && self->ctx == ctx) {
+      PyObject *arglist = Py_BuildValue("(O)", self);
+      /* Call python close callback, but do not ReleaseThread, because
+       * self->t is NULL */
       r = _generic_wrapper(self, cb, arglist);
     }
-  /* FIXME: It is inefficient to have released the interp lock only to
-     acquire it again in _clear_context.  We can tell _generic_return and
-     friends not to release the lock by, for instance, setting self->t to NULL.
-     However, first we make it work. */
-  _clear_context(ctx);
+    self->ctx = 0;
+    smfi_setpriv(ctx,0);
+    Py_DECREF(self);
+    PyThreadState_Clear(t);
+    PyEval_ReleaseThread(t);
+    PyThreadState_Delete(t);
+  }
   return r;
 }
 
@@ -967,28 +974,39 @@ milter_setreply(PyObject *self, PyObject *args) {
 }
 
 static char milter_addheader__doc__[] =
-"addheader(field, value) -> None\n\
+"addheader(field, value, idx=-1) -> None\n\
 Add a header to the message. This header is not passed to other\n\
 filters. It is not checked for standards compliance;\n\
 the mail filter must ensure that no protocols are violated\n\
 as a result of adding this header.\n\
 field - header field name\n\
 value - header field value\n\
+idx - optional position in internal header list to insert new header\n\
 Both are strings.  This function can only be called from the EOM callback.";
 
 static PyObject *
 milter_addheader(PyObject *self, PyObject *args) {
   char *headerf;
   char *headerv;
+  int idx = -1;
   SMFICTX *ctx;
   PyThreadState *t;
 
-  if (!PyArg_ParseTuple(args, "ss:addheader", &headerf, &headerv)) return NULL;
+  if (!PyArg_ParseTuple(args, "ss|i:addheader", &headerf, &headerv, &idx))
+    return NULL;
   ctx = _find_context(self);
   if (ctx == NULL) return NULL;
   t = PyEval_SaveThread();
-  return _thread_return(t,smfi_addheader(ctx, headerf, headerv),
+#ifdef SMFIR_INSHEADER
+  return _thread_return(t, (idx < 0) ? smfi_addheader(ctx, headerf, headerv) :
+      smfi_insheader(ctx, idx, headerf, headerv), "cannot add header");
+#else
+  if (idx < 0)
+    return _thread_return(t, smfi_addheader(ctx, headerf, headerv),
 	"cannot add header");
+  PyErr_SetString(MilterError, "insheader not supported");
+  return NULL;
+#endif
 }
 
 static char milter_chgheader__doc__[] =
@@ -1143,7 +1161,7 @@ milter_quarantine(PyObject *self, PyObject *args) {
 }
 #endif
 
-#if _FFR_SMFI_PROGRESS
+#ifdef SMFIR_PROGRESS
 static char milter_progress__doc__[] =
 "progress() -> None\n\
 Notify the MTA that we are working on a message so it will reset timeouts.";
@@ -1174,7 +1192,7 @@ static PyMethodDef context_methods[] = {
 #ifdef SMFIF_QUARANTINE
   { "quarantine",  milter_quarantine,  METH_VARARGS, milter_quarantine__doc__},
 #endif
-#if _FFR_SMFI_PROGRESS
+#ifdef SMFIR_PROGRESS
   { "progress",  milter_progress,  METH_VARARGS, milter_progress__doc__},
 #endif
   { NULL, NULL }

neutral.txt

@@ -1,4 +1,7 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
 Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (sender verification)
 
 This is an automatically generated Delivery Status Notification.
 
@@ -18,7 +21,7 @@ sent via an authorized SMTP server, but may still be legitimate.  Since there
 is no positive confirmation that the message is really from you, we have
 to give it extra scrutiny - including verifying that the sender really
 exists by sending you this DSN.  We will remember this sender and not
-bother you again for while.  You can avoid this message entirely for
+bother you again for a while.  You can avoid this message entirely for
 legitimate mail by using an authorized SMTP server.  Contact your mail
 administrator and ask how to configure your email client to use an
 authorized server.  

permerror.txt

@@ -1,4 +1,7 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
 Subject: Critical SPF configuration error
+Auto-Submitted: auto-generated (configuration error)
 
 This is an automatically generated Delivery Status Notification.
 

quarantine.txt

@@ -1,4 +1,7 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
 Subject: DELIVERY STATUS (POSSIBLE SPAM)
+Auto-Submitted: auto-generated (content analysis)
 
 This is an automatically generated Delivery Status Notification.
 
@@ -19,6 +22,19 @@ their quarantined mail and may notice your message.  If your message is
 important, please contact them via other means.  You may also try sending
 them a simple plain text message.
 
+If you never sent the above message, then your domain, %(sender_domain)s,
+was forged - i.e. used without your knowlege or authorization by
+someone attempting to steal your mail identity.  This is a very
+serious problem, and you need to provide authentication for your
+SMTP (email) servers to prevent criminals from forging your
+domain.  The simplest step is usually to publish an SPF record
+with your Sender Policy.  
+
+For more information, see: http://www.openspf.org
+
+Your mail admin needs to publish a strict SPF record so that I can reject
+those forgeries instead of bugging you with them.
+
 If you need further assistance, please do not hesitate to contact me.
 
 Kind regards,

report.py

@@ -0,0 +1,138 @@
+# Analyze milter log to find abusers
+import traceback
+import sys
+
+def parse_addr(a):
+  beg = a.find('<')
+  end = a.find('>')
+  if beg >= 0:
+    if end > beg: return a[beg+1:end]
+  return a
+
+class Connection(object):
+  def __init__(self,dt,tm,id,ip=None,conn=None):
+    self.dt = dt
+    self.tm = tm
+    self.id = id
+    if ip:
+      _,self.host,self.ip = ip.split(None,2)
+    elif conn:
+      self.ip = conn.ip
+      self.host = conn.host
+      self.helo = conn.helo
+    self.subject = None
+    self.rcpt = []
+    self.mfrom = None
+    self.helo = None
+    self.innoc = []
+    self.whitelist = False
+
+def connections(fp):
+  conndict = {}
+  termdict = {}
+  for line in fp:
+    if line.startswith('{'): continue
+    a = line.split(None,4)
+    if len(a) < 4: continue
+    dt,tm,id,op = a[:4]
+    if (id,op) == ('bms','milter'):
+      # FIXME: optionally yield all partial connections in conndict
+      conndict = {}
+      termdict = {}
+      continue
+    if id[0] == '[' and id[-1] == ']':
+      try:
+	key = int(id[1:-1])
+      except:
+        print >>sys.stderr,'bad id:',line.rstrip()
+	continue
+    else: continue
+    if op == 'connect':
+      ip = a[4].rstrip()
+      conn = Connection(dt,tm,id,ip=ip)
+      conndict[key] = conn
+    elif op in (
+	'DISCARD:','TAG:','CBV:','Large','No',
+	'NOTE:','From:','Sender:','TRAIN:'):
+      continue
+    else:
+      op = op.lower()
+      try:
+	conn = conndict[key]
+      except KeyError:
+        try:
+	  conn = termdict[key]
+	  del termdict[key]
+	  conndict[key] = conn
+	except KeyError:
+	  print >>sys.stderr,'key error:',line.rstrip()
+	  continue
+      try:
+	if op == 'subject:':
+	  if len(a) > 4:
+	    conn.subject = a[4].rstrip()
+	elif op == 'innoc:':
+	  conn.innoc.append(a[4].rstrip())
+	elif op == 'whitelist':
+	  conn.whitelist = True
+	elif op == 'x-mailer:':
+	  if len(a) > 4:
+	    conn.mailer = a[4].rstrip()
+        elif op == 'x-guessed-spf:':
+          conn.spfguess = a[4]
+	elif op == 'received-spf:':
+	  conn.spfres,conn.spfmsg = a[4].rstrip().split(None,1)
+	elif op == 'received:':
+	  conn.received = a[4].rstrip()
+	elif op == 'temp':
+	  _,conn.tempfile = a[4].rstrip().split(None,1)
+	elif op == 'srs':
+	  _,conn.srsrcpt = a[4].rstrip().split(None,1)
+	elif op == 'mail':
+	  _,conn.mfrom = a[4].rstrip().split(None,1)
+	elif op == 'rcpt':
+	  _,rcpt = a[4].rstrip().split(None,1)
+	  conn.rcpt.append(rcpt)
+	elif op == 'hello':
+	  _,conn.helo = a[4].rstrip().split(None,1)
+	elif op in ('eom','dspam','abort'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('reject:','dspam:','tempfail:','reject','fail:','honeypot:'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  conn.resmsg = a[4].rstrip()
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('fp:','spam:'):
+	  del conndict[key]
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	else:
+	  print >>sys.stderr,'unknown op:',line.rstrip()
+      except Exception:
+	print >>sys.stderr,'error:',line.rstrip()
+        traceback.print_exc()
+
+if __name__ == '__main__':
+  import gzip
+  for fn in sys.argv[1:]:
+    if fn.endswith('.gz'):
+      fp = gzip.open(fn)
+    else:
+      fp = open(fn)
+    for conn in connections(fp):
+      if conn.rcpt and conn.mfrom:
+        for r in conn.rcpt:
+	  if r.lower().find('iancarter') > 0: break
+	else:
+	  if conn.mfrom.lower().find('iancarter') < 0: continue
+	print >>sys.stderr,conn.result,conn.dt,conn.tm,conn.id,conn.subject,parse_addr(conn.mfrom),
+	for a in conn.rcpt:
+	  print parse_addr(a),
+	print

setup.py

@@ -1,9 +1,10 @@
 import os
 import sys
 from distutils.core import setup, Extension
-import Milter
 
 # FIXME: on some versions of sendmail, smutil is renamed to sm
+# on slackware and debian, leave it out entirely.  It depends
+# on how libmilter was built by the sendmail package.
 libs = ["milter", "smutil"]
 
 # patch distutils if it can't cope with the "classifiers" or
@@ -13,13 +14,14 @@ if sys.version < '2.2.3':
   DistributionMetadata.classifiers = None
   DistributionMetadata.download_url = None
 
-setup(name = "milter", version = Milter.__version__,
+# NOTE: importing Milter to obtain version fails when milter.so not built
+setup(name = "milter", version = '0.8.7',
 	description="Python interface to sendmail milter API",
 	long_description="""\
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, and
-querying SPF records.
+sending DSNs or doing CBVs.
 """,
 	author="Jim Niemira",
 	author_email="urmane@urmane.org",
@@ -27,11 +29,12 @@ querying SPF records.
 	maintainer_email="stuart@bmsi.com",
 	license="GPL",
 	url="http://www.bmsi.com/python/milter.html",
-	py_modules=["mime","spf"],
+	py_modules=["mime"],
 	packages = ['Milter'],
 	ext_modules=[
 	  Extension("milter", ["miltermodule.c"],
 	    libraries=libs,
+	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
 	    define_macros = [ ('MAX_ML_REPLY',32) ]
 	  ),
 	],

softfail.txt

@@ -1,4 +1,7 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
 Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (configuration error)
 
 This is an automatically generated Delivery Status Notification.
 
@@ -14,7 +17,7 @@ Subject: %(subject)s
 Received-SPF: %(spf_result)s
 
 Your sender policy indicated that the above email was likely forged and that
-feedback was desired.  If you are sending from a foreign ISP,
+feedback was desired for debugging.  If you are sending from a foreign ISP,
 then you may need to follow your home ISPs instructions for configuring
 your outgoing mail server.
 

spfquery.py

@@ -1,99 +0,0 @@
-#!/usr/bin/python2.3
-
-# Author: Stuart D. Gathman <stuart@bmsi.com>
-# Copyright 2004 Business Management Systems, Inc.
-# This code is under the GNU General Public License.  See COPYING for details.
-
-# $Log$
-# Revision 1.1.1.1  2005/05/31 18:07:19  customdesigned
-# Release 0.6.9
-#
-# Revision 2.3  2004/04/19 22:12:11  stuart
-# Release 0.6.9
-#
-# Revision 2.2  2004/04/18 03:29:35  stuart
-# Pass most tests except -local and -rcpt-to
-#
-# Revision 2.1  2004/04/08 18:41:15  stuart
-# Reject numeric hello names
-#
-# Driver for SPF test system
-
-import spf
-import sys
-
-from optparse import OptionParser
-
-class PerlOptionParser(OptionParser):
-    def _process_args (self, largs, rargs, values):
-        """_process_args(largs : [string],
-                         rargs : [string],
-                         values : Values)
-
-        Process command-line arguments and populate 'values', consuming
-        options and arguments from 'rargs'.  If 'allow_interspersed_args' is
-        false, stop at the first non-option argument.  If true, accumulate any
-        interspersed non-option arguments in 'largs'.
-        """
-        while rargs:
-            arg = rargs[0]
-            # We handle bare "--" explicitly, and bare "-" is handled by the
-            # standard arg handler since the short arg case ensures that the
-            # len of the opt string is greater than 1.
-            if arg == "--":
-                del rargs[0]
-                return
-            elif arg[0:2] == "--":
-                # process a single long option (possibly with value(s))
-                self._process_long_opt(rargs, values)
-            elif arg[:1] == "-" and len(arg) > 1:
-                # process a single perl style long option
-		rargs[0] = '-' + arg
-                self._process_long_opt(rargs, values)
-            elif self.allow_interspersed_args:
-                largs.append(arg)
-                del rargs[0]
-            else:
-		return
-
-def format(q):
-  res,code,txt = q.check()
-  print res
-  if res in ('pass','neutral','unknown'): print
-  else: print txt
-  print 'spfquery:',q.get_header_comment(res)
-  print 'Received-SPF:',q.get_header(res,'spfquery')
-
-def main(argv):
-  parser = PerlOptionParser()
-  parser.add_option("--file",dest="file")
-  parser.add_option("--ip",dest="ip")
-  parser.add_option("--sender",dest="sender")
-  parser.add_option("--helo",dest="hello_name")
-  parser.add_option("--local",dest="local_policy")
-  parser.add_option("--rcpt-to",dest="rcpt")
-  parser.add_option("--default-explanation",dest="explanation")
-  parser.add_option("--sanitize",type="int",dest="sanitize")
-  parser.add_option("--debug",type="int",dest="debug")
-  opts,args = parser.parse_args(argv)
-  if opts.ip:
-    q = spf.query(opts.ip,opts.sender,opts.hello_name,local=opts.local_policy)
-    if opts.explanation:
-      q.set_default_explanation(opts.explanation)
-    format(q)
-  if opts.file:
-    if opts.file == '0':
-      fp = sys.stdin
-    else:
-      fp = open(opts.file,'r')
-    for ln in fp:
-      ip,sender,helo,rcpt = ln.split(None,3)
-      q = spf.query(ip,sender,helo,local=opts.local_policy)
-      if opts.explanation:
-	q.set_default_explanation(opts.explanation)
-      format(q)
-    fp.close()
-    
-if __name__ == "__main__":
-  import sys
-  main(sys.argv[1:])

strike3.txt

@@ -1,4 +1,7 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
 Subject: Critical mail server configuration error
+Auto-Submitted: auto-generated (configuration error)
 
 This is an automatically generated Delivery Status Notification.
 
@@ -23,7 +26,7 @@ SMTP (email) servers to prevent criminals from forging your
 domain.  The simplest step is usually to publish an SPF record
 with your Sender Policy.  
 
-For more information, see: http://openspf.com
+For more information, see: http://openspf.org
 
 I hate to annoy you with a DSN (Delivery Status
 Notification) from a possibly forged email, but since you

testbms.py

@@ -238,7 +238,7 @@ class BMSMilterTestCase(unittest.TestCase):
     milter = TestMilter()
     milter.connect('testSmartAlias')
     # test smart alias feature
-    key = ('foo@bar.com','baz@bat.com')
+    key = ('foo@example.com','baz@bat.com')
     bms.smart_alias[key] = ['ham@eggs.com']
     rc = milter.feedMsg('test8',key[0],key[1])
     self.assertEqual(rc,Milter.ACCEPT)