This commit was manufactured by cvs2svn to create tag 'milter-0_8_8'.

Sprout from master 2007-07-25 19:04:44 UTC Stuart Gathman <stuart@gathman.org> 'Fixes from test on EL5.' Cherrypick from bmsi 2005-05-31 18:23:49 UTC Stuart Gathman <stuart@gathman.org> 'Development changes since 0.7.2': rejects.py rhsbl.m4 sample.py test/amazon test/big5 test/bounce test/bounce1 test/bound test/honey test/missingboundary test/samp1 test/spam44 test/spam7 test/spam8 test/test1 test/test8 test/virus1 test/virus13 test/virus2 test/virus3 test/virus4 test/virus5 test/virus6 test/virus7 testsample.py
2007-07-25 19:04:45 +00:00
41 changed files with 4312 additions and 741 deletions
@@ -1,8 +1,8 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991

- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
+the GNU Library General Public License instead.)  You can apply it to
 your programs, too.

  When we speak of free software, we are referring to freedom, not
@@ -55,7 +55,7 @@ patent must be licensed for everyone's free use or not licensed at all.

  The precise terms and conditions for copying, distribution and
 modification follow.
-
+
 		    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.

 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -278,7 +278,7 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.

 		     END OF TERMS AND CONDITIONS
-
+
 	    How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
@@ -303,9 +303,10 @@ the "copyright" line and a pointer to where the full notice is found.
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+

 Also add information on how to contact you by electronic and paper mail.

@@ -335,5 +336,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
+library.  If this is what you want to do, use the GNU Library General
 Public License instead of this License.
@@ -7,8 +7,6 @@ real, usable Python extension.

 Other contributors (in random order):

-Dwayne Litzenberger, B.A.Sc.
-  for library_dirs patch to compile on Debian 
 Dave MacQuigg 
  for noticing that smfi_insheader wasn't supported, and creating
  a template to help first time pymilter users create their own milter.
@@ -35,13 +35,13 @@ wish to install pydspam.
 For basic pymilter you'll need:

 python-2.4
-milter-0.8.10
+milter-0.8.7
 sendmail-8.13.x	(with milter support enabled)

 and for SPF you'll need:

-pydns-2.3.3-2.4
-pyspf-2.0.5-1.py24
+pydns-2.3.0-2.4
+pyspf-2.0.3-2.py24

 and for SRS you'll need:

@@ -65,7 +65,7 @@ Start milter and pysrs with "service milter start", "service pysrs start".
 Tail /var/log/milter/milter.log while SMTP clients connect to your
 sendmail instance.  This should show you what the milter is doing.

-By default, milter-0.8.10 rejects on SPF fail.
+By default, milter-0.8.7 rejects on SPF fail.

 	Step four.  Tweaking the basic config.

@@ -1,6 +1,7 @@
 include COPYING
 include TODO
 include NEWS
+include HOWTO
 include CREDITS
 include README
 include ChangeLog
@@ -8,10 +9,27 @@ include MANIFEST.in
 include testsample.py
 include testmime.py
 include testutils.py
+include testbms.py
+include rejects.py
+include report.py
+include bms.py
+include spf.py
+include cid2spf.py
+include spfquery.py
 include test.py
 include sample.py
 include milter-template.py
+include spfmilter.py
+include spfmilter.rc
+include spfmilter.cfg
 include test/*
+include doc/*
 include Milter/*.py
 include *.spec
 include start.sh
+include milter.rc
+include milter.rc7
+include milter.cfg
+include rhsbl.m4
+include *.txt
+include *.html
@@ -112,8 +112,8 @@ class Milter:
  def chgheader(self,field,idx,value):
    return self.__ctx.chgheader(field,idx,value)

-  def addrcpt(self,rcpt,params=None):
-    return self.__ctx.addrcpt(rcpt,params)
+  def addrcpt(self,rcpt):
+    return self.__ctx.addrcpt(rcpt)

  def delrcpt(self,rcpt):
    return self.__ctx.delrcpt(rcpt)
@@ -121,9 +121,6 @@ class Milter:
  def replacebody(self,body):
    return self.__ctx.replacebody(body)

-  def chgfrom(self,sender,params=None):
-    return self.__ctx.chgfrom(sender,params)
-
  # When quarantined, a message goes into the mailq as if to be delivered,
  # but delivery is deferred until the message is unquarantined.
  def quarantine(self,reason):
@@ -187,10 +184,8 @@ def runmilter(name,socketname,timeout = 0):
    print "Removing %s" % fname
    try:
      os.unlink(fname)
-    except os.error, x:
-      import errno
-      if x.errno != errno.ENOENT:
-        raise milter.error(x)
+    except:
+      pass

  # The default flags set include everything
  # milter.set_flags(milter.ADDHDRS)
@@ -10,14 +10,6 @@
 # CBV results.
 #
 # $Log$
-# Revision 1.8  2007/09/03 16:18:45  customdesigned
-# Delete unparseable timestamps when loading address cache.  These have
-# arisen because of failure to parse MAIL FROM properly.   Will have to
-# tighten up MAIL FROM parsing to match RFC.
-#
-# Revision 1.7  2007/01/25 22:47:26  customdesigned
-# Persist blacklisting from delayed DSNs.
-#
 # Revision 1.6  2007/01/19 23:31:38  customdesigned
 # Move parse_header to Milter.utils.
 # Test case for delayed DSN parsing.
@@ -74,17 +66,13 @@ class AddrCache(object):
      for ln in fp:
 	try:
 	  rcpt,ts = ln.strip().split(None,1)
-          try:
-            l = time.strptime(ts,AddrCache.time_format)
-            t = time.mktime(l)
-            if t < too_old:
-              changed = True
-              continue
-            cache[rcpt.lower()] = (t,None)
-          except:       # unparsable timestamp - likely garbage
-            changed = True
-            continue
-	except: # manual entry (no timestamp)
+	  l = time.strptime(ts,AddrCache.time_format)
+	  t = time.mktime(l)
+	  if t < too_old:
+	    changed = True
+	    continue
+	  cache[rcpt.lower()] = (t,None)
+	except:
 	  cache[ln.strip().lower()] = (now,None)
 	wfp.write(ln)
      if changed:
@@ -94,10 +82,8 @@ class AddrCache(object):
    except IOError:
      lock.unlock()

-  def has_precise_key(self,sender):
-    """True if precise sender is cached and has not expired.  Don't
-    try looking up wildcard entries.
-    """
+  def has_key(self,sender):
+    "True if sender is cached and has not expired."
    try:
      lsender = sender and sender.lower()
      ts,res = self.cache[lsender]
@@ -105,17 +91,16 @@ class AddrCache(object):
      if not ts or ts > too_old:
        return True
      del self.cache[lsender]
-    except KeyError: pass
-    return False
-
-  def has_key(self,sender):
-    "True if sender is cached and has not expired."
-    if self.has_precise_key(sender):
-      return True
-    try:
-      user,host = sender.split('@',1)
-      return self.has_precise_key(host)
-    except: pass
+      try:
+	user,host = sender.split('@',1)
+	return self.has_key(host)
+      except ValueError:
+        pass
+    except KeyError:
+      try:
+	user,host = sender.split('@',1)
+	return self.has_key(host)
+      except: pass
    return False

  __contains__ = has_key
@@ -57,8 +57,3 @@ class MilterConfigParser(ConfigParser):
    if self.has_option(sect,opt):
      return self.get(sect,opt)
    return default
-
-  def getintdefault(self,sect,opt,default=None):
-    if self.has_option(sect,opt):
-      return self.getint(sect,opt)
-    return default
@@ -1,90 +0,0 @@
-# provide a higher level interface to pydns
-
-import DNS
-from DNS import DNSError
-
-MAX_CNAME = 10
-
-def DNSLookup(name, qtype):
-    try:
-        req = DNS.DnsRequest(name, qtype=qtype)
-        resp = req.req()
-        #resp.show()
-        # key k: ('wayforward.net', 'A'), value v
-        # FIXME: pydns returns AAAA RR as 16 byte binary string, but
-        # A RR as dotted quad.  For consistency, this driver should
-        # return both as binary string.
-        return [((a['name'], a['typename']), a['data']) for a in resp.answers]
-    except IOError, x:
-        raise DNSError, str(x)
-
-class Session(object):
-  """A Session object has a simple cache with no TTL that is valid
-   for a single "session", for example an SMTP conversation."""
-  def __init__(self):
-    self.cache = {}
-
-  # We have to be careful which additional DNS RRs we cache.  For
-  # instance, PTR records are controlled by the connecting IP, and they
-  # could poison our local cache with bogus A and MX records.  
-
-  SAFE2CACHE = {
-    ('MX','A'): None,
-    ('MX','MX'): None,
-    ('CNAME','A'): None,
-    ('CNAME','CNAME'): None,
-    ('A','A'): None,
-    ('AAAA','AAAA'): None,
-    ('PTR','PTR'): None,
-    ('NS','NS'): None,
-    ('NS','A'): None,
-    ('TXT','TXT'): None,
-    ('SPF','SPF'): None
-  }
-
-
-  def dns(self, name, qtype, cnames=None):
-    """DNS query.
-
-    If the result is in cache, return that.  Otherwise pull the
-    result from DNS, and cache ALL answers, so additional info
-    is available for further queries later.
-
-    CNAMEs are followed.
-
-    If there is no data, [] is returned.
-
-    pre: qtype in ['A', 'AAAA', 'MX', 'PTR', 'TXT', 'SPF']
-    post: isinstance(__return__, types.ListType)
-    """
-    result = self.cache.get( (name, qtype) )
-    cname = None
-
-    if not result:
-        safe2cache = Session.SAFE2CACHE
-        for k, v in DNSLookup(name, qtype):
-            if k == (name, 'CNAME'):
-                cname = v
-            if (qtype,k[1]) in safe2cache:
-                self.cache.setdefault(k, []).append(v)
-        result = self.cache.get( (name, qtype), [])
-    if not result and cname:
-        if not cnames:
-            cnames = {}
-        elif len(cnames) >= MAX_CNAME:
-            #return result    # if too many == NX_DOMAIN
-            raise DNSError('Length of CNAME chain exceeds %d' % MAX_CNAME)
-        cnames[name] = cname
-        if cname in cnames:
-            raise DNSError, 'CNAME loop'
-        result = self.dns(cname, qtype, cnames=cnames)
-    return result
-
-DNS.DiscoverNameServers()
-
-if __name__ == '__main__':
-  import sys
-  s = Session()
-  for n,t in zip(*[iter(sys.argv[1:])]*2):
-    print n,t
-    print s.dns(n,t)
@@ -5,12 +5,6 @@
 # Send DSNs, do call back verification,
 # and generate DSN messages from a template
 # $Log$
-# Revision 1.15  2007/09/24 20:13:26  customdesigned
-# Remove explicit spf dependency.
-#
-# Revision 1.14  2007/03/03 18:19:40  customdesigned
-# Handle DNS error sending DSN.
-#
 # Revision 1.13  2007/01/04 18:01:11  customdesigned
 # Do plain CBV when template missing.
 #
@@ -25,22 +19,22 @@
 #

 import smtplib
+import spf
 import socket
 from email.Message import Message
 import Milter
 import time
-import dns

-def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
+def send_dsn(mailfrom,receiver,msg=None,timeout=600):
  """Send DSN.  If msg is None, do callback verification.
     Mailfrom is original sender we are sending DSN or CBV to.
     Receiver is the MTA sending the DSN.
     Return None for success or (code,msg) for failure."""
  user,domain = mailfrom.split('@')
-  if not session: session = dns.Session()
  try:
-    mxlist = session.dns(domain,'MX')
-  except dns.DNSError:
+    q = spf.query(None,None,None)
+    mxlist = q.dns(domain,'MX')
+  except spf.TempError:
    return (450,'DNS Timeout: %s MX'%domain)	# temp error
  if not mxlist:
    mxlist = (0,domain),	# fallback to A record when no MX
@@ -92,41 +86,23 @@ def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
      return (450,'No MX response within %f minutes'%(timeout/60.0))
  return (450,'No MX servers available')	# temp error

-class Vars: pass
-
-# NOTE: Caller can pass an object to create_msg that in a typical milter
-# collects things like heloname or sender anyway.
-def create_msg(v,rcptlist=None,origmsg=None,template=None):
-  """Create a DSN message from a template.  Template must be '\n' separated.
-     v - an object whose attributes are used for substitutions.  Must
-       have sender and receiver attributes at a minimum.
-     rcptlist - used to set v.rcpt if given
-     origmsg - used to set v.subject and v.spf_result if given
-     template - a '\n' separated string with python '%(name)s' substitutions.
-  """
+def create_msg(q,rcptlist,origmsg=None,template=None):
+  "Create a DSN message from a template.  Template must be '\n' separated."
  if not template:
    return None
-  if hasattr(v,'perm_error'):
-    # likely to be an spf.query, try translating for backward compatibility
-    q = v
-    v = Vars()
-    try:
-      v.heloname = q.h
-      v.sender = q.s
-      v.connectip = q.i
-      v.receiver = q.r
-      v.sender_domain = q.o
-      v.result = q.result
-      v.perm_error = q.perm_error
-    except: v = q
-  if rcptlist:
-    v.rcpt = '\n\t'.join(rcptlist)
-  if origmsg:
-    try: v.subject = origmsg['Subject']
-    except: v.subject = '(none)'
-    try:
-      v.spf_result = origmsg['Received-SPF']
-    except: v.spf_result = None
+  heloname = q.h
+  sender = q.s
+  connectip = q.i
+  receiver = q.r
+  sender_domain = q.o
+  result = q.result
+  perm_error = q.perm_error
+  rcpt = '\n\t'.join(rcptlist)
+  try: subject = origmsg['Subject']
+  except: subject = '(none)'
+  try:
+    spf_result = origmsg['Received-SPF']
+  except: spf_result = None

  msg = Message()

@@ -136,19 +112,18 @@ def create_msg(v,rcptlist=None,origmsg=None,template=None):
  hdrs,body = template.split('\n\n',1)
  for ln in hdrs.splitlines():
    name,val = ln.split(':',1)
-    msg.add_header(name,(val % v.__dict__).strip())
-  msg.set_payload(body % v.__dict__)
+    msg.add_header(name,(val % locals()).strip())
+  msg.set_payload(body % locals())
  # add headers if missing from old template
  if 'to' not in msg:
-    msg.add_header('To',v.sender)
+    msg.add_header('To',sender)
  if 'from' not in msg:
-    msg.add_header('From','postmaster@%s'%v.receiver)
+    msg.add_header('From','postmaster@%s'%receiver)
  if 'auto-submitted' not in msg:
    msg.add_header('Auto-Submitted','auto-generated')
  return msg

 if __name__ == '__main__':
-  import spf
  q = spf.query('192.168.9.50',
  'SRS0=pmeHL=RH==stuart@example.com',
  'red.example.com',receiver='mail.example.com')
@@ -1,74 +0,0 @@
-import time
-import shelve
-import thread
-import logging
-import urllib
-
-log = logging.getLogger('milter.greylist')
-
-def quoteAddress(s):
-  '''Quote an address so that it's safe to store in the file-system.
-  Address can either be a domain name, or local part.
-  Returns the quoted address.'''
-
-  s = urllib.quote(s, '@_-+~!.%')
-  if s.startswith('.'): s = '%2e' + s[1:]
-  return s
-
-class Record(object):
-  __slots__ = ( 'firstseen', 'lastseen', 'umis', 'cnt' )
-
-  def __init__(self):
-    now = time.time()
-    self.firstseen = now
-    self.lastseen = now
-    self.cnt = 0
-    self.umis = None
-
-class Greylist(object):
-
-  def __init__(self,dbname,grey_time=10,grey_expire=4,grey_retain=36):
-    self.ignoreLastByte = False
-    self.greylist_time = grey_time * 60         # minutes
-    self.greylist_expire = grey_expire * 3600   # hours
-    self.greylist_retain = grey_retain * 24 * 3600   # days
-    self.dbp = shelve.open(dbname,'c',protocol=2)
-    self.lock = thread.allocate_lock()
-  
-  def check(self,ip,sender,recipient):
-    "Return number of allowed messages for greylist triple."
-    sender = quoteAddress(sender)
-    recipient = quoteAddress(recipient)
-    key = ip + ':' + sender + ':' + recipient
-    self.lock.acquire()
-    try:
-      dbp = self.dbp
-      try:
-        r = dbp[key]
-        now = time.time()
-        if now > r.lastseen + self.greylist_retain:
-          # expired
-          log.debug('Expired greylist: %s',key)
-          r = Record()
-        elif now < r.firstseen + self.greylist_time:
-          # still greylisted
-          log.debug('Early greylist: %s',key)
-          #r = Record()
-          r.lastseen = now
-        elif r.cnt or now < r.firstseen + self.greylist_expire:
-          # in greylist window or active
-          r.lastseen = now
-          r.cnt += 1
-          log.debug('Active greylist(%d): %s',r.cnt,key)
-        else:
-          # passed greylist window
-          log.debug('Late greylist: %s',key)
-          r = Record()
-        dbp[key] = r
-      except:
-        r = Record()
-        dbp[key] = r
-      dbp.sync()
-    finally:
-      self.lock.release()
-    return r.cnt
@@ -4,8 +4,6 @@ import socket
 import email.Errors
 from fnmatch import fnmatchcase
 from email.Header import decode_header
-#import email.Utils
-import rfc822

 ip4re = re.compile(r'^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$')

@@ -42,44 +40,6 @@ def iniplist(ipaddr,iplist):
      return True
  return False

-def parseaddr(t):
-  """Split email into Fullname and address.
-
-  >>> parseaddr('user@example.com')
-  ('', 'user@example.com')
-  >>> parseaddr('"Full Name" <foo@example.com>')
-  ('Full Name', 'foo@example.com')
-  >>> parseaddr('spam@spammer.com <foo@example.com>')
-  ('spam@spammer.com', 'foo@example.com')
-  >>> parseaddr('God@heaven <@hop1.org,@hop2.net:jeff@spec.org>')
-  ('God@heaven', 'jeff@spec.org')
-  >>> parseaddr('Real Name ((comment)) <addr...@example.com>')
-  ('Real Name', 'addr...@example.com')
-  >>> parseaddr('a(WRONG)@b')
-  ('WRONG', 'a@b')
-  """
-  #return email.Utils.parseaddr(t)
-  res = rfc822.parseaddr(t)
-  # dirty fix for some broken cases
-  if not res[0]:
-    pos = t.find('<')
-    if pos > 0 and t[-1] == '>':
-      addrspec = t[pos+1:-1]
-      pos1 = addrspec.rfind(':')
-      if pos1 > 0:
-        addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
-  if not res[1]:
-    pos = t.find('<')
-    if pos > 0 and t[-1] == '>':
-      addrspec = t[pos+1:-1]
-      pos1 = addrspec.rfind(':')
-      if pos1 > 0:
-        addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
-  return res
-    
-
 def parse_addr(t):
  """Split email into user,domain.

@@ -1,6 +1,4 @@
-See pymilter.spec for recent history.
-
-Here is a history of older changes to Python milter.
+Here is a history of user visible changes to Python milter.
 0.8.8	move AddrCache, parse_addr, iniplist, parse_header to Milter package
 	fix plock for missing source and can't change owner/group
 	add sample spfmilter.py milter
@@ -1,6 +1,226 @@
-Support smfi_negotiate and auto negotiate only those callbacks for which 
-Milter.Milter methods have been overridden.  (Python should be able to
-do that.)
+Don't match dynamic ptr in bestguess.
+
+When content filtering is not installed, reject BLACKLISTed MFROM
+immediately.  There is no use waiting until EOM.
+
+Configuration is problematic when handling incoming, but not outgoing mail.
+The problem comes when alice@example.com sends mail to bill@example.com,
+and we are the MX for example.com, but alice is sending from some other
+MTA.  The mail is flagged external, so we don't list example.com in
+internal_domains (or we would get "spam from self").  But, if we try to do a
+CBV, we get "fraudulent MX", because the MX is ourself!  So we need to 
+avoid doing CBV on such domains.  Currently, we try to make sure the SPF
+policies don't do CBV.
+
+We now don't check internal domains for incoming mail if there is an
+SPF record.
+
+On the other hand, if alice is sending internally, or with SMTP AUTH, she
+*does* need the domain to be in internal_domains.  The solution to that 
+is to use the new SMTP AUTH access configuration to specify which domains
+can be used by smtp AUTH (by user if desired).
+
+It would be cleaner if CBV would know which domains we have agreed to
+be MX for. Some ideas for external connections:
+
+a) check access file for To:example.com	RELAY
+b) check mailertable
+c) check mx_domains config list
+d) if there is an SPF record, don't check internal_domains
+   (let SPF block unauthorized machines)
+
+But that still doesn't handle the roaming user, who won't use SMTP
+AUTH, but sends through some hotel MTA.  Maybe we don't want to support
+him?
+
+When setting up pydspam, both sender and rcpt must resolve to dspam users
+for falsepositive recognition.  Usually, this means adding 
+honeypot@mail.example.com to alias list for honeypot in pymilter.cfg.
+This needs to be documented.  I was caught by it setting up a new site.
+
+Add signature (x-sig=AB7485f=TS) to Received-SPF, so it can be used
+to blacklist sources of delayed DSNs.
+
+rcpt-addr may let us know when a recipient is unknown.  That should count
+against reputation.
+
+Need to use wildcards in blacklist.log: *.madcowsrecord.net
+Need to exclude emails like !*-admin@example.com in whitelist_sender.
+Need to exclude robot users from autowhitelist.  Don't want to have to
+list all users, so implement something like !*-admin@bmsi.com,@bmsi.com.
+
+GOSSiP feedback from user training is ignored because UMIS has already been
+removed from queue.  Maybe keep UMIS in queue, and add method to 
+alter last feedback for ID.
+
+Generate DSNs according to RFC 3464
+
+Get temperror policy from access file.
+
+Reporting explanation for failure should show source if sender
+provided explanation.
+
+Bug in Auto-whitelist.  Recent Auto-whitelist doesn't override expired entry.
+
+SPF permerror diagnostics should include corrected mechanism.
+
+Delay SPF check until RCPT TO.  Cache result to avoid repeating
+for multiple RCPT.  This avoids overhead for invalid RCPT, and
+allows for per RCPT local policy.
+
+Check SPF for outgoing mail (including local policy for internal addresses).
+This could also solve the second part of the mail from relay problem below.
+
+Whitelisted senders from trusted relay get PROBATION.  Need to extracted
+SPF result from headers - and in the case of mail internal to relay
+(e.g. bmsi.com), supply 'pass' result.  
+
+For selected domains, check rcpts via CBV before accepting mail.  Cache
+results.  This will kick out dictonary attacks against a mail domain
+behind a gateway sooner.
+
+Add auto-blacklisted senders to blacklist.log with timestamp.
+Add emails blacklisted via CBV so that they are remembered across milter
+restarts.
+
+Make all dictionaries work like honeypot.  Do not train as ham unless
+whitelisted.  Train on blacklisted messages, or spam feedback.  This
+can be called Train On Error.  Should be possible to startup
+with training on everything to get dictionary built fast, then switch
+to train on error to minimize labor.
+
+Allow unsigned DSNs from selected domains (that don't accept signed MFROM,
+e.g. verizon.net).
+
+Allow verified hostnames for trusted_relay.  E.g. HELO name that
+passes SPF.
+
+Table of sendmail macros for documentation.
+
+When do we get two hello calls?  STARTTLS is one reason.
+
+Option: accept mail from auto-whitelisted senders even with spf-fail,
+but do not update dspam.  This can be done for individual senders or domains 
+using the access file.
+
+pysrs: SRS doesn't get applied to proper recipients when there are
+multiple recipients.  This requires debugging cf scripts - yuk.
+
+auto_whitelist false_positives from quarantine - perhaps only when
+user selects special button (use special header to communicate
+that from dspamcgi.py to milter.)
+
+Use send_dsn.log for blacklist also.  AddrCache needs localpart
+wildcard (e.g. empty localpart).
+
+Quarantined mail is missing headers modified/added by milter after
+checking dspam.
+
+Send DSN for permerror before processing extended result.  An additional
+DSN may be sent based on extended result.  Send permerror DSN to
+postmaster@sending_domain.
+
+Rescind whitelist for banned extensions, in case sender is infected.
+
+Train honeypot on error only.
+
+Find rfc2822 policy for MFROM quoting.
+
+Support explicit errors for SPF policy in access file:
+SPF-Neutral:aol.com	ERROR:"550 AOL mail must get SPF PASS"
+
+Defer TEMPERROR in SPF evaluation - give precedence to security
+(only defer for PASS mechanisms).
+
+Create null config that does nothing - except maybe add Received-SPF
+headers.  Many admins would like to turn features on one at a time.
+
+Can't output messages with malformed rfc822 attachments.
+
+Move milter,Milter,mime,spf modules to pymilter
+milter package will have bms.py application
+
+Web admin interface
+message log for automated stats and blacklisting
+Skip dspam when SPF pass? NO
+Report 551 with rcpt on SPF fail?
+check spam keywords with character classes, e.g.
+	{a}=[a@ãä], {i}=[i1í], {e}=[eë], {o}=[o0ö]
+
+Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
+forwarder accounts, and a util provides a special local alias for the
+user to give to the forwarder.  (Or user just adds arbitrary alias
+unique to that forwarder to a database.)  Alias only works for mail from that
+forwarder.  Milter gets forwarder domain from alias and uses it to
+SPF check forwarder.
+
+Framework for modular Python milter components within a single VM.
+Python milters can be already be composed through sendmail by running each in
+a separate process.  However, a significant amount of memory is wasted
+for each additional Python VM, and communication between milters
+is cumbersome (e.g., adding mail headers, writing external files).
+
+Copy incoming wiretap mail, even though sendmail alias works perfectly
+for the purpose, to avoid having to change two configs for a wiretap.
+
+Provide a way to reload milter.cfg without stopping/restarting milter.
+
+Allow selected Windows extensions for specific domains via milter.cfg
+
+Fix setup.py so that _FFR_QUARANTINE is automatically defined when
+available in libmilter.
+
+Keep separate ismodified flag for headers and body.  This is important
+when rejecting outgoing mail with viruses removed (so as not to
+embarrass yourself), and also removing Received headers with hidepath.
+
+Need a test module to feed sample messages to a milter though a live 
+sendmail and SMTP.  The mockup currently used is probably not very accurate,
+and doesn't test the threading code.
+
+DONE Require signed MFROM for all incoming bounces when signing all outgoing
+mail - except from trusted relays.
+
+DONE Added Message-ID header to DSN with SRS signed sender.  When seen on
+incoming rfc ignorant failure message, blacklist sender.
+
+DONE Option to add Received-SPF header, but never reject on SPF.
+  I think the above will handle this.
+
+DONE Received-SPF header field should show identity that was checked.
+
+DONE When training with spam, REJECT after data so that mistakenly blacklisted
+senders at least get an error.
+
+DONE Milter won't start when it can't change permissions on *.lock to match
+*.log.  Should maybe ignore that error - the effect will be to set
+the permissions to default.
+
+DONE Milter won't start when a whitelist/blacklist file is missing.
+
+DONE Delayed failure detection should parse From header to find email address.
+
+DONE When bms.py can't find templates, it passes None to dsn.create_msg(),
+which uses local variable as backup, which no longer exist.  Do plain
+CBV in that case instead.
+
+DONE Find and use X-GOSSiP: header for SPAM: and FP: submissions.  Would need
+to keep tags longer.
+
+DONE Parse incoming 3464 DSNs for "Action: failed" to recognize delayed
+failures.  This works regardless of Subject.
+
+DONE Reports PROBATION even when rejecting message (works, but confusing in
+log).
+
+DONE Delayed_failure detection needs to handle multi-line header fields.  
+Also, delayed_failure should be recognized when addressed to
+postmaster@helodomain 
+
+DONE DSN for Permerror shows 'None' for error under some condition.
+
+DONE Allow blacklisted emails as well as domains in blacklist.log.  Use same
+data structure as autowhitelist.log.  
+
+DONE Backup copies for outgoing/incoming mail.

-Lookup exact RFC syntax of real name / email and make 
-Milter.utils.parse_addr() pass all unit tests.
@@ -2,47 +2,6 @@ Title: Recent Changes

 <h2> Recent Changes </h2>

-<h3> 0.8.10 </h3>
-
-SRS rejections now log the recipient.  
-I have finally implemented plain CBV (no DSN).  The CBV policy
-will do a plain CBV from now on, and the DSN policy is required
-if you want to send a DSN.
-I started checking the MAIL FROM fullname (human readable part
-of an email) for porn keywords.  There is now a banned IP database.
-IPs are banned for too many bad MAIL FROMs or RCPT TOs, and remain banned
-for 7 days.
-
-<h3> 0.8.9 </h3>
-
-I use the <code>%ifarch</code> hack to build milter and milter-spf
-packages as noarch, while pymilter is built as native.
-
-I removed the spf dependency from dsn.py, so pymilter can be used without
-installing pyspf, and added a Milter.dns module to let python milters do
-general DNS lookups without loading pyspf.
-
-<h3> 0.8.8 </h3>
-
-Programs do not belong in the /var/log directory.  I moved the
-milter apps to /usr/lib/pymilter.  Since having the programs and
-data in the same directory is convenient for debugging, it will
-still use an executable present in the datadir.
-
-Several general utility classes and functions are now in the Milter package
-for possible use by other python milters.  In addition to the trivial example
-milter, a simple SPF only milter is included as a realistic example.
-
-The spec file now build 3 RPMs:
-
-<ul>
-<li> pymilter is the milter module and Milter package for use by all python
-     milters.
-<li> milter is the all-singing, all-dancing python milter application, with
-     supporting <code>/etc/init.d</code>, logrotate and other scripts.
-<li> milter-spf is the simple SPF only milter application.
-</ul>
-
 <h3> 0.8.7 </h3>

 The spf module has been moved to the 
@@ -5,7 +5,7 @@ Title: Credits
 <a href="mailto:Jim Niemira <urmane@urmane.org>">Jim Niemira</a>
 wrote the original C module and some quick
 and dirty python to use it.  
-<a href="http://gathman.org/vitae">Stuart D. Gathman</a>
+<a href="mailto:Stuart Gathman <stuart@bmsi.com>">Stuart D. Gathman</a>
 took that kludge and added threading and context objects to it, wrote a proper
 OO wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
@@ -4,7 +4,6 @@
 <li><a href="changes.html">Changes</a>
 <li><a href="requirements.html">Requirements</a>
 <li><a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download</a>
-<li><a href="RPM-GPG-KEY-bms">GPG-KEY</a>
 <li><a href="faq.html">FAQ</a>
 <li><a href="policy.html">Policies</a>
 <li><a href="logmsgs.html">Log&nbsp;Messages</a>
@@ -12,7 +11,7 @@
 <li><a href="credits.html">CREDITS</a>
 <li><a href="http://sourceforge.net"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=139894&amp;type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a>
 <h3>Links</h3>
-<li><a href="https://www.milter.org/developers/api/index">C&nbsp;API</a>
+<li><a href="http://www.milter.org/milter_api/api.html">C&nbsp;API</a>
 <li><a href="http://www.milter.org/">Milter.Org</a>
 <li><a href="http://www.python.org/">Python.Org</a>
 <li><a href="http://www.sendmail.org/">Sendmail.Org</a>
@@ -13,19 +13,14 @@ ALT="Viewable With Any Browser" BORDER="0"></A>
 </map>
 </P>

-<table rules="none">
-<tr><td>
-<img src="Maxwells.gif" alt="Maxwell's Daemon: pymilter mascot" align="top">
-Mascot by <a href="http://alphard.ethz.ch/hafner/lebl.htm">Christian Hafner</a>
-</td>
-<td>
+<img src="Maxwells.gif" alt="Maxwell's Daemon: pymilter mascot" align=left>
 <h1 align=center>Sendmail Milters in Python</h1>
 <h4 align=center>by <a href="mailto:%75%72%6D%61%6E%65%40%6E%65%75%72%61l%61%63%63%65%73%73%2E%63%6F%6D">Jim Niemira</a>
  and <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">
  Stuart D. Gathman</a><br>
 This web page is written by Stuart D. Gathman<br>and<br>sponsored by
 <a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br>
-Last updated Aug 26, 2008</h4>
+Last updated Mar 30, 2007</h4>

 See the <a href="faq.html">FAQ</a> | <a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download now</a> |
 <a href="http://bmsi.com/mailman/listinfo/pymilter">Subscribe to mailing list</a> |
@@ -36,7 +31,7 @@ See the <a href="faq.html">FAQ</a> | <a href="http://sourceforge.net/project/sho
 <a href="//www.python.org">
 <img src="python55.gif" align=left alt="A Python"></a>
 <a href="//www.sendmail.org/">Sendmail</a> introduced a
-<a href="https://www.milter.org/developers/api/index"> new API</a> beginning with version 8.10 -
+<a href="http://www.milter.org/milter_api/api.html"> new API</a> beginning with version 8.10 -
 libmilter.  The milter module for <a href="//www.python.org">Python</a>
 provides a python interface to libmilter that exploits all its features.
 <p>
@@ -44,11 +39,7 @@ Sendmail 8.12 officially releases libmilter.
 Version 8.12 seems to be more robust, and includes new privilege
 separation features to enhance security.  Even better, sendmail 8.13
 supports socket maps, which makes <a href="pysrs.html">pysrs</a> much more
-efficient and secure.   Sendmail 8.14 finally supports modifying 
-MAIL FROM via the milter API.  Unfortunately, I haven't gotten around
-to supporting that yet in python milter.
-</td></tr>
-</table>
+efficient and secure.  I recommend upgrading.

 <h3><a name=overview>Overview</a></h3>

@@ -57,7 +48,7 @@ href="#milter">milters</a>, and the beginnings of a general purpose mail
 filtering system written in Python.
 <p>
 At the lowest level, the 'milter' module provides a thin wrapper around the
-<a href="https://www.milter.org/developers/api/index">
+<a href="http://www.milter.org/milter_api/api.html">
 sendmail libmilter API</a>.  This API lets you register callbacks for 
 a number of events in the
 <a href="http://www.cs.concordia.ca/~group/fig/public/email/relay/milter+ruleset-checks.html">process of sendmail receiving a message via SMTP</a>.  
@@ -130,7 +121,7 @@ copy mail.
 <li> For more ideas, check the <a href="//www.milter.org">Milter Web Page</a>.
 </menu>

-<a href="https://www.milter.org/developers/api/index">
+<a href="http://www.milter.org/milter_api/api.html">
 Documentation</a> for the C API is provided with sendmail.  Miltermodule
 provides a thin python wrapper for the C API.  Milter.py provides a simple
 OO wrapper on top of that.
@@ -211,8 +202,60 @@ href="http://www.duh.org/cvsweb.cgi/~checkout~/pmilter/doc/milter-protocol.txt?r
 <h3> Confirmed Installations </h3>

 Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a>
-me if you do <i>not</i> successfully install milter.  The confirmed
-installations are too numerous to list at this point.
+me if you successfully install milter on a system not mentioned below.
+<p>
+<table>
+<tr>
+<th>Operating System</th> <th>Compiler</th> <th>Python</th> <th>Sendmail</th>
+<th>milter</th>
+<tr>
+<td>Mandrake 8.0</td><td>gcc-3.0.1</td><td>2.1.1</td><td>8.12.0</td>
+<td>0.3.3</td><tr>
+<td>Mandrake 8.0</td><td>gcc-2.96</td><td>2.0</td><td>8.11.2</td>
+<td>0.3.6</td><tr>
+<td>RedHat 6.2</td><td>egcs-1.1.2</td><td>2.2.2</td><td>8.11.6</td>
+<td>0.5.4</td><tr>
+<td>RedHat 7.1</td><td>gcc-2.96</td><td>?</td><td>8.12.1</td>
+<td>0.3.5</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
+<td>0.5.5</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.3.3</td><td>8.13.1</td>
+<td>0.7.2</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
+<td>RedHat 8.0</td><td>gcc-3.2</td><td>2.2.1</td><td>8.12.6</td>
+<td>0.5.2</td><tr>
+<td>RedHat 9.0</td><td>gcc-3.2.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.2</td><tr>
+<td>RedHat EL3</td><td>gcc-3.2.3</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
+<td>Debian Linux</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.0</td>
+<td>0.3.7</td><tr>
+<td>Debian Linux</td><td>gcc-3.2.2</td><td>2.2.2</td><td>8.12.7</td>
+<td>0.5.4</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.11.5</td>
+<td>0.3.3</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.1</td>
+<td>0.3.4</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.3</td><td>8.12.3</td>
+<td>0.4.2</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.4</td><tr>
+<td>Slackware 7.1</td><td>?</td><td>?</td><td>8.12.1</td>
+<td>0.3.8</td><tr>
+<td>Slackware 9.0</td><td>gcc-3.2.2</td><td>2.2.3</td><td>8.12.9</td>
+<td>0.5.4</td><tr>
+<td>OpenBSD</td><td>?</td><td>2.3.3?</td><td>8.13.1?</td>
+<td>0.7.2</td><tr>
+<td>SuSE 7.3</td><td>gcc-2.95.3</td><td>2.1.1</td><td>8.12.2</td>
+<td>0.3.9</td><tr>
+<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.1</td><td>8.12.3</td>
+<td>0.4.0</td><tr>
+<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.2</td><td>?</td>
+<td>0.5.5</td><tr>
+<td>FreeBSD 4.4</td><td>gcc-2.95.3</td><td>?</td><td>8.12.10</td>
+<td>0.6.6</td>
+</table>

 <h2> Enough Already! </h2>

@@ -4,7 +4,8 @@ Title: Python Milter Mail Policy

 These are the policies implemented by the <code>bms.py</code> milter
 application.  The milter and Milter modules do not implement any policies
-by themselves.  
+by themselves.  Eventually, I'll get the bms.py milter moved to its
+own package.

 <h3> Classify connection </h3>

@@ -76,174 +77,161 @@ altered accordingly.

 <h2> SPF check </h2>

-The MAIL FROM, connect IP, and HELO name are checked against
-any SPF records published via DNS for the alleged sender (MAIL FROM)
-to determine the official SPF policy result.
-The offical SPF result is then logged in the Received-SPF header field,
-but certain results are subjected to further processing to create
-an effective result for policy purposes.
-<p>
-If the official result is 'none', we try to turn it into an effective result of
-'pass' or 'fail'.  First, we check for a local substitute SPF record
-under the domain defined in the <code>[spf]delegate</code> configuration.  
-It is often useful to add local SPF records for correspondents that are
-too clueless to add their own.  If there is no local substitute, we use a "best
-guess" SPF record of "v=spf1 a/24 mx/24 ptr" for MAIL FROM or "v=spf1 a/24
-mx/24" for HELO.  In addition, a HELO that is a subdomain of MAIL FROM and
-resolves to the connect IP results in an effective result of 'pass'.
-<p>
-If there is no local SPF record, and the effective result is still not
-'pass', we check for either a valid HELO name or a valid PTR record for
-the connect IP.  A valid HELO or PTR cannot look like a dynamic name
-as determined by the heuristic in <code>Milter.dynip</code>.
-<p>
-If HELO has an SPF record, and the result is anything but pass, we reject
-the connection:
+Finally, the MAIL FROM, connect IP, and HELO name are checked against
+any SPF records published via DNS for the alleged sender (MAIL FROM).
+If there is no SPF record, we check for a local substitute under the
+domain defined in the <code>[spf]delegate</code> configuration.
+Further checks depend on the result.
+
+<table border=1>
+<tr><th>NONE</th><td>
+If there is no SPF record (official or delegated), then we 
+initiate a "three strikes and your out" regime, which looks for
+<b>some</b> form of validated identification.
+<ol>
+<li>We try a "best guess" SPF record of "v=spf1 a/24 mx/24 ptr".  If this
+    passes, good.  
+<li> We try to validate the HELO name. First check for an SPF record.
+   Otherwise, check whether the connect IP matches any A record for
+   the HELO name, or any A record for any MX name for the HELO name,
+   or is at least in the same /24 subnet as any of the above.
+   (In other words, a HELO SPF "best guess" of "v=spf1 a/24 mx/24".)
+   If so, good.  We consider the HELO validated.  If the HELO SPF
+   check fails, we reject the email.
+</ol>
 <pre>
 2005Jul30 19:45:16 [93991] connect from [221.200.41.54] at ('221.200.41.54', 3581) EXTERNAL DYN
 2005Jul30 19:45:18 [93991] hello from adelphia.net
 2005Jul30 19:45:19 [93991] mail from <wendy.stubbsua@link-it.com> ()
 2005Jul30 19:45:19 [93991] REJECT: hello SPF: fail 550 access denied
 </pre>
-Note that HELO does not have any forwarding issues like MAIL FROM, and so
-any result other than 'pass' or 'none' should be treated like 'fail'.
+<ol>
+<li> If there is a validated PTR name, and it doesn't look
+   like a dynamic name, good.  We consider the connection validated.
+</ol>
+If any of the above can be validated, we continue on.
+If none of the above can be validated, and the <code>[SPF]reject_noptr</code>
+option is true, we reject the message immediately with the explanation
+that we need some form of valid identification before we accept an email.
+If <code>[SPF]reject_noptr</code> is false, we flag the message as
+needing Call Back Validation.  
+The Call Back Valildation sends a DSN to the purported sender informing
+them of the lack of identification.  If the message is legitimate, the
+sender needs to know that their email setup is broken and should be corrected.
+If the message is forged, the sender is informed of the forgery, 
+and their need to publish an SPF record or at least use a valid HELO name.
+If the purported sender does not accept the DSN,
+then the message is rejected.  The CBV status is cached to avoid
+annoying the purported sender with too many DSNs.  Currently, the DSN
+is repeated to the same sender once per month.
 <p>
-Only if nothing about the SMTP envelope can be validated does the effective
-result remain 'none.  I call this the "3 strikes" rule.
-<p>
-If the official result is 'permerror' (a syntax error in the sender's
-policy), we use the 'lax' option in pyspf to try various heuristics to guess 
-what they really meant.  For instance, the invalid mechanism "ip:1.2.3.4" is
-treated as "ip4:1.2.3.4".  The result of lax processing is then used
-as the effective result for policy purposes.
-<p>
-With an effective SPF result in hand, we consult the sendmail access
-database to find our receiver policy for the sender.  
+In this example, although 3com.com has no SPF record, we assume that 
+any legitimate mail from them will at least have a valid HELO or PTR.
+<pre>
+2005Jul30 23:52:03 [96777] connect from [222.252.233.200] at ('222.252.233.200', 29934) EXTERNAL DYN
+2005Jul30 23:52:03 [96777] hello from 3mail.3com.com
+2005Jul30 23:52:04 [96777] mail from <etec_nic_family@3mail.3com.com> ()
+2005Jul30 23:52:04 [96777] REJECT: no PTR, HELO or SPF
+</pre>
+</td></tr>

-<table border=1>
-<tr><th>REJECT</th><td>
-Reject the sender with a 550 5.7.1 SMTP code.  The SMTP rejection
-includes a detailed description of the problem.
+<tr><th>PASS</th><td>
+A pass result normally lets the email continue on, but the domain is 
+tracked for reputation (and may be blocked), and may skip content scanning if
+it matches a whitelist.
+<pre>
+2005Jul24 17:44:26 [2104] mail from <gnucash-devel-bounces@gnucash.org> ('SIZE=4410',)
+2005Jul24 17:44:26 [2104] Received-SPF: pass (mail.bmsi.com: domain of gnucash.org
+	designates 204.107.200.65 as permitted sender)
+	client-ip=204.107.200.65; envelope-from=gnucash-devel-bounces@gnucash.org; helo=cvs.gnucash.org;
+</pre>
 </td></tr>
-<tr><th>CBV</th><td>
-Do a Call Back Validation by connecting to an MX of the sender
-and checking that using the sender as the RCPT TO is not rejected.
-We quit the CBV connection before actualling sending a message.
-If the CBV is rejected, our SMTP connection is rejected with the
-same error code and message.  CBV results are cached.
+
+<tr><th>NEUTRAL</th><td>
+A neutral result normally lets the email continue on, but the domain is not
+tracked for reputation or matched against any whitelists. 
+Highly forged domains listed in <code>[SPF]reject_neutral</code> are
+rejected.
+<pre>
+2005Jul24 17:41:37 [2070] connect from cp500627-a.dbsch1.nb.home.nl at ('84.27.225.3', 3465) EXTERNAL
+2005Jul24 17:41:37 [2070] hello from cp500627-a.dbsch1.nb.home.nl
+2005Jul24 17:41:38 [2070] mail from <nwarjejkw@yahoo.com> ()
+2005Jul24 17:41:38 [2070] REJECT: SPF neutral for nwarjejkw@yahoo.com
+</pre>
 </td></tr>
-<tr><th>DSN</th><td>
-Do a Call Back Validation by connecting to an MX of the sender
-and checking that using the sender as the RCPT TO is not rejected.
-Unlike a CBV, we continue on to data and send a detailed message
-explaining the problem.  This can be useful for reporting PermError
-or SoftFail to the sender.  Keep in mind that for any result other
-than 'pass', the sender could be forged, and your DSN could annoy the
-wrong person.  However, a SoftFail result is requesting such feedback
-for debugging and a PermError result needs to be fixed by the sender ASAP
-whether forged or not.  DSN results are cached so that senders are
-annoyed only weekly.
+
+<tr><th>SOFTFAIL</th><td>
+A softfail result normally lets the email continue on, but the domain is not
+tracked for reputation or matched against any whitelists.  Furthermore,
+the message is flagged as needing Call Back Validation,
+and the highly forged domains listed in <code>[SPF]reject_neutral</code> are
+rejected as well.  
+<p>
+At present, we also require a valid HELO or PTR to avoid rejecting 
+a softfail.  But this should probably change to only require a
+successful CBV.
+<p>
+The Call Back Valildation sends a DSN to the purported sender informing
+them of the softfail.  If the message is legitimate, the sender needs
+to know about the softfail so that their email setup can be corrected.
+If the message is forged, the sender is informed of the forgery, confirming
+that SPF is protecting their reputation and encouraging a rapid transition
+to a strict policy.  If the purported sender does not accept the DSN,
+then the message is rejected.  The CBV status is cached to avoid
+annoying the purported sender with too many DSNs.  Currently, the DSN
+is repeated to the same sender once per month.
+<pre>
+2005Jul24 15:41:33 [801] mail from <Aitp@horafeliz.com> ()
+2005Jul24 15:41:33 [801] Received-SPF: softfail (mail.bmsi.com: transitioning domain of horafeliz.com
+	does not designate 221.184.83.185 as permitted sender)
+	client-ip=221.184.83.185; envelope-from=Aitp@horafeliz.com;
+	helo=p8185-ipad30funabasi.chiba.ocn.ne.jp;
+2005Jul24 15:41:33 [801] rcpt to <david@example.com> ()
+2005Jul24 15:41:35 [801] Subject: Microsoft, Adobe, Macromedia, Corel software. Up to 80% discount.
+2005Jul24 15:41:35 [801] X-Mailer: Microsoft Outlook, Build 10.0.2605
+2005Jul24 15:41:35 [801] CBV: Aitp@horafeliz.com
+2005Jul24 15:41:38 [801] REJECT: CBV: 550 <Aitp@horafeliz.com>: User unknown
+</pre>
 </td></tr>
-<tr><th>OK</th><td>
-Accept the sender.  The message may still be rejected via reputation
-or content filtering.
+
+<tr><th>FAIL</th><td>
+The message is rejected with a reference the SPF why page.
+<pre>
+2005Jul30 19:53:27 [94070] connect from [212.70.52.16] at ('212.70.52.16', 3192) EXTERNAL DYN
+2005Jul30 19:53:27 [94070] hello from winzip.com
+2005Jul30 19:53:27 [94070] mail from <dan@winzip.com> ()
+2005Jul30 19:53:27 [94070] REJECT: SPF fail 550 SPF fail:
+	see http://openspf.com/why.html?sender=dan@winzip.com&ip=212.70.52.16
+</pre>
 </td></tr>
+
+<tr><th>PERMERROR</th><td>
+Permanent errors were called "unknown", and are still show that way
+in the log.  The message is rejected.  Previously, we enabled "lax" parsing
+of the SPF record, but rejecting is better because it informs the
+sender about their problem.  The next milter version will 
+look for a local substitute SPF record (as for a missing SPF record)
+before rejecting.  This will inform the sender of their problem, but
+also let the receiver install a temporary workaround.
+<pre>
+2005Jul24 18:05:37 [2312] mail from <b-mihdbcgaacaa-becibijh-000-@msg.euxiphipops.com> () 
+2005Jul24 18:05:37 [2312] REJECT: SPF unknown 550 SPF Permanent Error:
+	include mechanism missing domain: include
+</pre>
+The SPF record for msg.euxiphipops.com looked like this at the time of the
+above error:
+<pre>
+msg.euxiphipops.com	TXT "v=spf1 mx ptr a include"
+</pre>
+</td></tr>
+
+<tr><th>TEMPERROR</th><td>
+Temporary errors result in a 451 "Try again later" response.  The sender
+should retry the message at a later time.
+<pre>
+2005Jul24 07:33:13 [29846] mail from <quickenloans@rate.quicken.com> ('SIZE=73775', 'BODY=8BITMIME')
+2005Jul24 07:33:43 [29846] TEMPFAIL: SPF error 450 SPF Temporary Error: DNS Timeout
+</pre>
+</td></tr>
+
 </table>
-
-<h3> SPF policy syntax </h3>
-
-First, the full sender is checked:
-<pre>
-SPF-Fail:abeb@adelphia.net     DSN
-</pre>
-This says to accept mail from that adelphia.net user despite the
-SPF fail, but only after annoying them with a DSN about their ISP's broken
-policy. 
-<p>
-If there is no match on the full sender, the domain is checked:
-<pre>
-SPF-Neutral:aol.com     REJECT
-</pre>
-This says to reject mail from AOL with an SPF result of neutral.
-This means AOL users can't use their AOL address with another mail service
-to send us mail.  This is good because the other mail service is 
-likely a badly configured greeting card site or a virus.
-<p>
-Finally, a default policy for the result is checked.  While there are program
-defaults, you should have defaults in the access database for SPF results:
-<pre>
-SPF-Neutral:            CBV
-SPF-Softfail:           DSN
-SPF-PermError:          DSN
-SPF-TempError:          REJECT
-SPF-None:               REJECT
-SPF-Fail:               REJECT
-SPF-Pass:               OK
-</pre>
-
-<h2> Reputation </h2>
-
-If the sender has not been rejected by this point, and if a GOSSiP server is
-configured, we consult GOSSiP for the reputation score of the sender and
-SPF result.  The score is a number from -100 to 100 with a confidence
-percentage from 0 to 100.  A really bad reputation (less than -50 with
-confidence greater than 3) is rejected.  Note that the reputation is tracked
-independently for each SPF result and sender combination.  So aol.com:neutral
-might have a really bad reputation, while aol.com:pass would be ok.
-Furthermore, when a sender finally publishes an SPF policy and starts
-getting SPF pass, their reputation is effectively reset.
-
-<h2> Whitelists and Blacklists </h2>
-
-The administrator can whitelist or blacklist senders and sending domains by
-appending them to <code>${datadir}/auto_whitelist.log</code> or
-<code>${datadir}/blacklist.log</code> respectively.  In addition,
-recipients of internal senders (except for automatic replies like vacation
-messages and return receipts) are automatically whitelisted for 60 days, and
-senders that fail CBV or DSN checks are automatically blacklisted for 30 days.
-Whitelisted and blacklisted senders are used to automatically train the
-bayesian content filter before being delivered or rejected, respectively.
-<p>
-Real Soon Now users will be able to maintain their own whitelist and
-blacklist that applies only when they are the recipient.
-
-<h2> Content Filter </h2>
-
-Most messages have been rejected or delivered by now, but spammers
-are always finding new places to send their junk from.  For instance,
-we get around 10000 emails a day, of which around 500 are first time
-spam senders.  A bayesian filter is trained by the whitelists and
-blacklists, and scores the message.  What is likely spam is either
-rejected or quarantined.  If the sender is an effective SPF pass,
-then they get a DSN notifying them that their message has been
-quarantined.  (A DSN failure gets the sender auto blacklisted.)
-Else, if the reject_spam option is set, the message is rejected.  
-Otherwise, a CBV is done (failure gets the sender auto blacklisted)
-and the message is silently quarantined.
-<p>
-Normally, you don't want email messages to silently disappear into
-a black hole, so you should set the reject_spam option.  However,
-if you don't want your correspondent's email to get rejected, you can
-check your quarantine frequently instead.
-
-<h3> Honeypot </h3>
-
-You can also blacklist recipients by listing them as aliases of the
-'honeypot' dspam user.  These are collectively called
-the honeypot.  Any email to these recipients is used to train the
-spam filter as spam and chalk up a reputation demerit for the sender, then
-discarded.  It might be a good idea to blacklist the sender if it has SPF pass
-as well, but I'm afraid of accidents.
-
-<h3> Reputation </h3>
-
-Reputation is tracked by sending domain and effective SPF result.
-The GOSSiP server tracks the spam/ham status of the last 1024 messages
-for each domain:result combination.  When the server is queried during
-the SMTP envelope phase (MAIL FROM), it also queries any configured
-peers, and the scores are combined.  Domains with a history of spam for
-a given SPF result are rejected at MAIL FROM.  The GOSSiP system has
-a command line utility to reset (delete) a reputation for cases where a
-sender that was infected with malware is repaired.  In addition,
-the confidence score of a reputation decays with time, so a bad sender
-will eventually be able to try again without manual intervention.
@@ -12,8 +12,25 @@ import StringIO
 import time
 import email
 from socket import AF_INET, AF_INET6
-from Milter import parse_addr

+def parse_addr(t):
+  """Split email into user,domain.
+
+  >>> parse_addr('user@example.com')
+  ['user', 'example.com']
+  >>> parse_addr('"user@example.com"')
+  ['user@example.com']
+  >>> parse_addr('"user@bar"@example.com')
+  ['user@bar', 'example.com']
+  >>> parse_addr('foo')
+  ['foo']
+  """
+  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
+  if t.startswith('"'):
+    if t.endswith('"'): return [t[1:-1]]
+    pos = t.find('"@')
+    if pos > 0: return [t[1:pos],t[pos+2:]]
+  return t.split('@')

 class myMilter(Milter.Milter):

@@ -0,0 +1,217 @@
+[milter]
+# the socket used to communicate with sendmail.  Must match sendmail.cf
+socket=/var/run/milter/pythonsock
+# where to save original copies of defanged and failed messages
+tempdir = /var/log/milter/save
+# how long to wait for a response from sendmail before giving up 
+;timeout=600
+log_headers = 0
+# Connection ips and hostnames are matched against this glob style list
+# to recognize internal senders.  You probably need to change this.
+# The default is a good guess to try and prevent newbie frustration.
+internal_connect = 192.168.0.0/16,127.*
+
+# mail that is not an internal_connect and claims to be from an
+# internal domain is rejected.  Furthermore, internal mail that
+# does not claim to be from an internal domain is rejected.
+# You should enable SPF instead if you can.  SPF is much more comprehensive and
+# flexible.  However, SPF is not currently checked for outgoing
+# (internal_connect) mail because it doesn't yet handle authorizing 
+# internal IPs locally.
+;internal_domains = mycorp.com,localhost.localdomain
+
+# connections from a trusted relay can trust the first Received header
+# SPF checks are bypassed for internal connections and trusted relays.
+;trusted_relay = 1.2.3.4, 66.12.34.56
+
+# Relaying to these domains is allowed from internal connections only.
+;private_relay = mycorp.com
+
+# Reject external senders with hello names no legit external sender would use.
+# SPF will do this also, but listing your own domain and mailserver here
+# will save some DNS lookups when rejecting certain viruses.
+;hello_blacklist = mycorp.com, 66.12.34.56
+
+# Reject mail for domains mentioned unless user is mentioned here also
+;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
+
+# Treat localparts in milter.cfg as case-insensitive
+case_sensitive_localpart = true
+
+# features intended to filter or block incoming mail
+[defang]
+
+# do virus scanning on attached messages also
+scan_rfc822 = 0
+# do virus scanning on attached zipfiles also
+scan_zip = 0
+# Comment out scripts in HTML attachments.  Can be CPU intensive.
+scan_html = 0
+# reject messages with asian fonts because we can't read them
+block_chinese = 0
+# list users who hate forwarded mail
+;block_forward = egghead@mycorp.com, busybee@mycorp.com
+# reject mail with these case insensitive strings in the subject
+porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
+	vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, xanaax,
+	p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
+	v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
+	x@n3x, vicod3n, penís, c0d1n, phentermine, en1arge, dip1oma, v1codin,
+	valium, rolex, sexual, fuck, adv1t
+# reject mail with these case sensitive strings in the subject
+spam_words = $$$, !!!, XXX, FREE, HGH
+# attachments with these extensions will be replaced with a warning
+# message.  A copy of the original will be saved. 
+banned_exts = ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,
+	inf,ins,isp,js,jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,
+	shs,url,vb,vbe,vbs,wsc,wsf,wsh 
+
+# See http://bmsi.com/python/pysrs.html for details
+[srs]
+config=/etc/mail/pysrs.cfg
+# SRS options can be set here also, but must match the sendmail plugin
+;secret="shhhh!"
+;maxage=21
+;hashlength=4
+;database=/var/log/milter/srsdata
+;fwdomain = mydomain.com
+# turn this on after a grace period to reject spoofed DSNs
+reject_spoofed = 0
+# Many braindead MTAs send DSNs with a non-DSN MFROM (e.g. to report that
+# some virus claiming to be sent by you).  This heuristic
+# refuses mail from user names commonly abused in that way.
+;banned_users = postmaster, mailer-daemon, clamav
+
+# See http://www.openspf.com for more info on SPF.
+[spf]
+# namespace where SPF records can be supplied for domains without one
+# records are searched for under _spf.domain.com
+;delegate = domain.com
+# domains where a neutral SPF result should cause mail to be rejected
+;reject_neutral = aol.com
+# use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
+;best_guess = 0
+# Reject senders that have neither PTR nor valid HELO nor SPF records, or send
+# DSN otherwise
+;reject_noptr = 0
+# always accept softfail from these domains, or send DSN otherwise
+;accept_softfail = bounces.amazon.com
+# Treat fail from these domains like softfail: because their SPF record
+# or an important sender is screwed up.  Must have valid HELO, however.
+;accept_fail = custhelp.com
+# Use sendmail access map or similar format for detailed spf policy.
+# SPF entries in the access map will override any defaults set above.
+;access_file = /etc/mail/access.db
+# Add MAIL FROM as Sender when Sender is missing and From domain
+# doesn't match MAIL FROM.  Outlook and other email clients will then display
+# something like: "Sent by sender@domain.com on behalf of from@example.com"
+;supply_sender = 0
+# Connections that get an SPF pass for a pretend MAIL FROM of 
+# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
+# This is for non-SRS forwarders.  It is a simple implementation that
+# is inefficient for more than a few entries.
+;trusted_forwarder = careerbuilder.com
+
+# features intended to clean up outgoing mail
+[scrub]
+# domains that block visible private nodes
+;hide_path = jcpenney.com	
+# reject, don't just replace with warning, viruses from these domains
+;reject_virus_from = mycorp.com
+
+# features intended for spying on users and coworkers
+[wiretap]
+blind = 1
+#
+# wiretap lets you surreptitiously monitor a users outgoing email
+# (sendmail aliases let you monitor incoming mail)
+#
+;users = disloyal@bigcorp.com, bigmouth@bigcorp.com
+# multiple destinations can use smart_alias
+;dest = spy@bigcorp.com
+# discard outgoing mail without alerting sender
+# can be used in conjunction with wiretap to censor outgoing mail
+;discard_users = canned@bigcorp.com
+# archive copies all delivered mail to a file
+;mail_archive = /var/log/mail_archive
+
+#
+# smart aliases trigger on both sender and recipient
+#   alias = sender, recipient[, destination]
+#
+[smart_alias]
+# multiple wiretap monitors.  Smart aliases are applied after wiretap.
+;spy1 = disloyal@bigcorp.com,spy@bigcorp.com
+;spy2 = bigmouth@bigcorp.com,spy@bigcorp.com
+# mail from client@clientcorp.com to sue@bigcorp.com is redirected to 
+# local alias copycust
+;copycust = client@clientcorp.com,sue@bigcorp.com
+# mail from cust@othercorp.com to walter@bigcorp.com is redirected to
+# boss@bigcorp.com
+;walter = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com
+# additional copies can be added
+;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com,
+;	walter@bigcorp.com
+;bulk = soruce@telex.com,bob@jsconnor.com
+;bulk1 = soruce@telex.com,larry@jsconnor.com,bulk
+
+# See http://bmsi.com/python/dspam.html
+[dspam]
+# Select a well moderated dspam dictionary to reject spammy headers.
+# To filter on the entire message, use the full setup below.
+# only EXTERNAL messages are dspam filtered
+;dspam_dict=/var/lib/dspam/moderator.dict
+
+# Recipients of mail sent from these senders are added to the auto_whitelist.
+# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
+# messages from auto_whitelisted senders will be used to train screener
+# dictionaries as innocent mail.
+;whitelist_senders = @mycorp.com
+
+# Opt-out recipients entirely from dspam screening and header triage
+;dspam_exempt=getitall@mycorp.com
+# Do not scan mail (ostensibly) from these senders
+;dspam_whitelist=getitall@sender.com
+# Reject spam to these domains instead of quarantining it.
+;dspam_reject=othercorp.com
+# Scan internal mail - often a good source of stats on legit mail.
+;dspam_internal=1
+
+# directory for dspam user quarantine, signature db, and dictionaries
+# defining this activates the dspam application
+# dspam and dspam-python must be installed
+;dspam_userdir=/var/lib/dspam
+# do not dspam messages larger than this
+;dspam_sizelimit=180000
+
+# Map email addresses and aliases to dspam users
+;dspam_users=david,goliath,spam,falsepositive
+;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com
+;goliath=giant@foocorp.com,goliath.philistine@foocorp.com
+# address to forward spam to.  milter will process these and not deliver
+;spam=spam@foocorp.com
+# address to forward false positives to.  milter will process and not deliver
+;falsepositive=ham@foocorp.com
+# account which receives only spam: all received messages are marked as spam.
+;honeypot=spam-me@example.com
+# the dspam_screener is a list of dspam users who screen mail for all
+# recipients who are not dspam_users.  Spam goes to the screeners quarantine,
+# and the original recipients are saved so that false positives can be properly
+# delivered.
+;dspam_screener=david,goliath
+# The dspam CGI can also be used: logins must match dspam users
+
+# Optional pygossip interface
+#
+# GOSSiP tracks reputation of domain:qualifier pairs.  For instance,
+# the reputation of example.com:SPF is tracked separately from
+# example.com:neutral.  Currently qualifiers are
+# SPF,neutral,softfail,fail,permerror,GUESS,HELO
+[gossip]
+# Use a dedicated GOSSiP server.  If not specified, a local database
+# will be used.
+;server=host:11900
+# If a local database is used, also consult these GOSSiP servers about 
+# domains.  Peer reputation is also tracked as to how often they
+# agree with us, and weighted accordingly.
+;peers=host1:port,host2
@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# milter	This shell script takes care of starting and stopping milter.
+#
+# chkconfig: 2345 80 30
+# description: Milter is a process that filters messages sent through sendmail.
+# processname: milter
+# config: /etc/mail/pymilter.cfg
+# pidfile: /var/run/milter/milter.pid
+
+python="python2.4"
+
+pidof() {
+	set - ""
+	if set - `ps -e -o pid,cmd | grep "${python} bms.py"` &&
+	  [ "$2" != "grep" ]; then
+	  echo $1
+	  return 0
+	fi
+	return 1
+}
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+[ -x /var/log/milter/start.sh ] || exit 0
+
+RETVAL=0
+prog="milter"
+
+start() {
+	# Start daemons.
+
+	echo -n "Starting $prog: "
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /var/log/milter/start.sh milter bms
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
+	return $RETVAL
+}
+
+stop() {
+	# Stop daemons.
+	echo -n "Shutting down $prog: "
+	killproc milter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
+	return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart|reload)
+	stop
+	start
+	RETVAL=$?
+	;;
+  condrestart)
+	if [ -f /var/lock/subsys/milter ]; then
+	    stop
+	    start
+	    RETVAL=$?
+	fi
+	;;
+  status)
+	status milter
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|condrestart|status}"
+	exit 1
+esac
+
+exit $RETVAL
@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# milter	This shell script takes care of starting and stopping milter.
+#
+# chkconfig: 2345 80 30
+# description: Milter is a process that filters messages sent through sendmail.
+# processname: milter
+# config: /etc/mail/pymilter.cfg
+# pidfile: /var/run/milter/milter.pid
+
+python="python2.4"
+
+pidof() {
+	set - ""
+	if set - `ps -e -o pid,wchan,cmd | grep "rt_sig ${python} bms.py"` &&
+	  [ "$3" != "grep" ]; then
+	  echo $1
+	  return 0
+	fi
+	return 1
+}
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+[ -x /var/log/milter/start.sh ] || exit 0
+
+RETVAL=0
+prog="milter"
+
+start() {
+	# Start daemons.
+
+	echo -n "Starting $prog: "
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /var/log/milter/start.sh milter bms
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
+	return $RETVAL
+}
+
+stop() {
+	# Stop daemons.
+	echo -n "Shutting down $prog: "
+	killproc milter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
+	return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart|reload)
+	stop
+	start
+	RETVAL=$?
+	;;
+  condrestart)
+	if [ -f /var/lock/subsys/milter ]; then
+	    stop
+	    start
+	    RETVAL=$?
+	fi
+	;;
+  status)
+	status milter
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|condrestart|status}"
+	exit 1
+esac
+
+exit $RETVAL
@@ -0,0 +1,406 @@
+%define name pymilter
+%define version 0.8.8
+%define release 1
+# what version of RH are we building for?
+%define redhat7 0
+
+# Options for Redhat version 6.x:
+# rpm -ba|--rebuild --define "rh7 1"
+%{?rh7:%define redhat7 1}
+
+# some systems dont have initrddir defined
+%{?_initrddir:%define _initrddir /etc/rc.d/init.d}
+
+%if %{redhat7} 
+# Redhat 7.x and earlier (multiple ps lines per thread)
+%define sysvinit milter.rc7
+%else	
+%define sysvinit milter.rc
+%endif
+# RH9, other systems (single ps line per process)
+%ifos Linux
+%define python python
+%else
+%define python python
+%endif
+%ifos aix4.1
+%define libdir /var/log/milter
+%else
+%define libdir /usr/lib/pymilter
+%endif
+
+Summary: Python interface to sendmail milter API
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Source: %{name}-%{version}.tar.gz
+#Patch: %{name}-%{version}.patch
+License: GPL
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-buildroot
+Prefix: %{_prefix}
+Vendor: Stuart D. Gathman <stuart@bmsi.com>
+Packager: Stuart D. Gathman <stuart@bmsi.com>
+Url: http://www.bmsi.com/python/milter.html
+Requires: %{python} >= 2.4, sendmail >= 8.13
+%ifos Linux
+Requires: chkconfig
+%endif
+BuildRequires: %{python}-devel >= 2.4, sendmail-devel >= 8.13
+
+%description
+This is a python extension module to enable python scripts to
+attach to sendmail's libmilter functionality.  Additional python
+modules provide for navigating and modifying MIME parts, sending
+DSNs, and doing CBV.
+
+%package -n milter
+Group: Applications/System
+Summary:  BMS spam and reputation milter
+Requires: pyspf >= 2.0.4
+
+%description -n milter
+A complex but effective spam filtering, SPF checking, and reputation tracking
+mail application.  It uses pydspam if installed for bayesian filtering.
+
+%package spf
+Group: Applications/System
+Summary:  BMS spam and reputation milter
+Requires: pyspf >= 2.0.4
+
+%description spf
+A simple mail filter to add Received-SPF headers and reject forged mail.
+Rejection policy is configured via sendmail access file.
+
+%prep
+%setup
+#patch -p0 -b .bms
+
+%build
+%if %{redhat7}
+  LDFLAGS="-s"
+%else # Redhat builds debug packages after 7.3
+  LDFLAGS="-g"
+%endif
+env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{python} setup.py build
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
+grep '.pyc$' INSTALLED_FILES | sed -e 's/c$/o/' >>INSTALLED_FILES
+mkdir -p $RPM_BUILD_ROOT/var/log/milter
+mkdir -p $RPM_BUILD_ROOT/etc/mail
+mkdir $RPM_BUILD_ROOT/var/log/milter/save
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+cp *.txt $RPM_BUILD_ROOT/var/log/milter
+cp bms.py spfmilter.py $RPM_BUILD_ROOT%{libdir}
+cp milter.cfg $RPM_BUILD_ROOT/etc/mail/pymilter.cfg
+cp spfmilter.cfg $RPM_BUILD_ROOT/etc/mail
+
+# logfile rotation
+mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
+cat >$RPM_BUILD_ROOT/etc/logrotate.d/milter <<'EOF'
+/var/log/milter/milter.log {
+  copytruncate
+  compress
+}
+/var/log/milter/banned_ips {
+  rotate 3
+  daily
+  copytruncate
+}
+EOF
+
+# purge saved defanged message copies
+mkdir -p $RPM_BUILD_ROOT/etc/cron.daily
+%ifos aix4.1
+R=
+%else
+R='-r'
+%endif
+cat >$RPM_BUILD_ROOT/etc/cron.daily/milter <<'EOF'
+#!/bin/sh
+
+find /var/log/milter/save -mtime +7 | xargs $R rm
+# work around memory leak
+/etc/init.d/milter condrestart
+EOF
+chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
+
+%ifos aix4.1
+cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+#!/bin/sh
+cd /var/log/milter
+# uncomment to enable sgmlop if installed
+#export PYTHONPATH=/usr/local/lib/python2.1/site-packages
+exec /usr/local/bin/python bms.py >>milter.log 2>&1
+EOF
+%else
+cp start.sh $RPM_BUILD_ROOT%{libdir}
+mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
+cp %{sysvinit} $RPM_BUILD_ROOT/etc/rc.d/init.d/milter
+cp spfmilter.rc $RPM_BUILD_ROOT/etc/rc.d/init.d/spfmilter
+ed $RPM_BUILD_ROOT/etc/rc.d/init.d/milter <<'EOF'
+/^python=/
+c
+python="%{python}"
+.
+w
+q
+EOF
+ed $RPM_BUILD_ROOT/etc/rc.d/init.d/spfmilter <<'EOF'
+/^python=/
+c
+python="%{python}"
+.
+w
+q
+EOF
+ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+/^python=/
+c
+python="%{python}"
+.
+w
+q
+EOF
+%endif
+chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
+
+mkdir -p $RPM_BUILD_ROOT/var/run/milter
+mkdir -p $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
+cp -p rhsbl.m4 $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
+
+%ifos aix4.1
+%post
+mkssys -s milter -p %{libdir}/start.sh -u 25 -S -n 15 -f 9 -G mail || :
+
+%preun
+if [ $1 = 0 ]; then
+  rmssys -s milter || :
+fi
+%else
+%post -n milter
+#echo "pythonsock has moved to /var/run/milter, update /etc/mail/sendmail.cf"
+/sbin/chkconfig --add milter
+
+%preun -n milter
+if [ $1 = 0 ]; then
+  /sbin/chkconfig --del milter
+fi
+%post spf
+#echo "pythonsock has moved to /var/run/milter, update /etc/mail/sendmail.cf"
+/sbin/chkconfig --add spfmilter
+
+%preun spf
+if [ $1 = 0 ]; then
+  /sbin/chkconfig --del spfmilter
+fi
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f INSTALLED_FILES
+%defattr(-,root,root)
+%doc README HOWTO ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%config %{libdir}/start.sh
+
+%files -n milter
+%defattr(-,root,root)
+/etc/logrotate.d/milter
+/etc/cron.daily/milter
+%ifos aix4.1
+%defattr(-,smmsp,mail)
+%else
+/etc/rc.d/init.d/milter
+%defattr(-,mail,mail)
+%endif
+%dir /var/log/milter
+%dir /var/log/milter/save
+%config %{libdir}/bms.py
+%{libdir}/bms.py?
+%config(noreplace) /var/log/milter/strike3.txt
+%config(noreplace) /var/log/milter/softfail.txt
+%config(noreplace) /var/log/milter/fail.txt
+%config(noreplace) /var/log/milter/neutral.txt
+%config(noreplace) /var/log/milter/quarantine.txt
+%config(noreplace) /var/log/milter/permerror.txt
+%config(noreplace) /etc/mail/pymilter.cfg
+/usr/share/sendmail-cf/hack/rhsbl.m4
+
+%files spf
+%defattr(-,root,root)
+%dir /var/log/milter
+%{libdir}/spfmilter.py*
+%config(noreplace) /etc/mail/spfmilter.cfg
+/etc/rc.d/init.d/spfmilter
+
+%changelog
+* Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
+- move AddrCache, parse_addr, iniplist to Milter package
+- move parse_header to Milter.utils
+- fix plock for missing source and can't change owner/group
+- add sample spfmilter.py milter
+- private_relay config option
+- persist delayed DSN blacklisting
+- handle gossip server restart without disabling gossip
+- split out pymilter and pymilter-spf packages
+- move milter apps to /usr/lib/pymilter
+* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
+- More lame bounce heuristics
+- SPF moved to pyspf RPM
+- wiretap archive option
+- Do plain CBV if missing template
+* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
+- Support CBV timeout
+- Support fail template, headers in templates
+- Create GOSSiP record only when connection will procede to DATA.
+- More SPF lax heuristics
+- Don't require SPF pass for white/black listing mail from trusted relay.
+- Support localpart wildcard for white and black lists.
+* Thu Feb 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-1
+- Delay reject of unsigned RCPT for postmaster and abuse only
+- Fix dsn reporting of hard permerror
+- Resolve FIXME for wrap_close in miltermodule.c
+- Add Message-ID to DSNs
+- Use signed Message-ID in delayed reject to blacklist senders
+- Auto-train via blacklist and auto-whitelist
+- Don't check userlist for signed MFROM
+- Accept but skip DSPAM and training for whitelisted senders without SPF PASS
+- Report GC stats 
+- Support CIDR matching for IP lists
+- Support pysrs sign feature
+- Support localpart specific SPF policy in access file
+* Thu Dec 29 2005 Stuart Gathman <stuart@bmsi.com> 0.8.5-1
+- Simple trusted_forwarder implementation.
+- Fix access_file neutral policy
+- Move Received-SPF header to beginning of headers
+- Supply keyword info for all results in Received-SPF header.
+- Move guessed SPF result to separate header
+- Activate smfi_insheader only when SMFIR_INSHEADER defined
+- Handle NULL MX in spf.py
+- in-process GOSSiP server support (to be extended later)
+- Expire CBV cache and renew auto-whitelist entries
+* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2
+- Don't supply sender when MFROM is subdomain of header from/sender.
+- Don't send quarantine DSN for DSNs
+- Skip dspam for replies/DSNs to signed MFROM
+* Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
+- Fix SPF policy via sendmail access map (case insensitive keys).
+- Auto whitelist senders, train screener on whitelisted messages
+- Optional idx parameter to addheader to invoke smfi_insheader
+- Activate progress when SMFIR_PROGRESS defined
+* Wed Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
+- Keep screened honeypot mail, but optionally discard honeypot only mail.
+- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
+- Consider SMTP AUTH connections internal.
+- Send DSN for SPF errors corrected by extended processing.
+- Send DSN before SCREENED mail is quarantined
+- Option to set SPF policy via sendmail access map.
+- Option to supply Sender header from MAIL FROM when missing.
+- Use logging package to keep log lines atomic.
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-4
+- Limit each CNAME chain independently like PTR and MX
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-3
+- Limit CNAME lookups (regression)
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-2
+- Handle corrupt ZIP attachments
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-1
+- Strict processing limits per SPF RFC
+- Fixed several parsing bugs under RFC 
+- Support official IANA SPF record (type99)
+- Honeypot support (requires pydspam-1.1.9)
+- Extended SPF processing results beyond strict RFC limits
+- Support original SES for local bounce protection (requires pysrs-0.30.10)
+- Callback exception processing option in milter module
+* Thu Jun 16 2005 Stuart Gathman <stuart@bmsi.com> 0.8.1-1
+- Fix zip in zip loop in mime.py
+- Fix HeaderParseError in bms.py header callback
+- Check internal_domains for outgoing mail
+- Fix inconsistent results from send_dsn
+* Mon Jun 06 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-3
+- properly log pydspam exceptions
+* Sat Jun 04 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-2
+- Include default softfail, strike3 templates
+* Wed May 25 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-1
+- Move Milter module to subpackage.
+- DSN support for Three strikes rule and SPF SOFTFAIL
+- Move /*mime*/ and dynip to Milter subpackage
+- Fix SPF unknown mechanism list not cleared
+- Make banned extensions configurable.
+- Option to scan zipfiles for bad extensions.
+* Tue Feb 08 2005 Stuart Gathman <stuart@bmsi.com> 0.7.3-1.EL3
+- Support EL3 and Python2.4 (some scanning/defang support broken)
+* Mon Aug 30 2004 Stuart Gathman <stuart@bmsi.com> 0.7.2-1
+- Fix various SPF bugs
+- Recognize dynamic PTR names, and don't count them as authentication.
+- Three strikes and yer out rule.
+- Block softfail by default unless valid PTR or HELO
+- Return unknown for null mechanism
+- Return unknown for invalid ip address in mechanism
+- Try best guess on HELO also
+- Expand setreply for common errors
+- make rhsbl.m4 hack available for sendmail.mc
+* Sun Aug 22 2004 Stuart Gathman <stuart@bmsi.com> 0.7.1-1
+- Handle modifying mislabeled multipart messages without an exception
+- Support setbacklog, setmlreply
+- allow multi-recipient CBV
+- return TEMPFAIL for SPF softfail
+* Fri Jul 23 2004 Stuart Gathman <stuart@bmsi.com> 0.7.0-1
+- SPF check hello name
+- Move pythonsock to /var/run/milter
+- Move milter.cfg to /etc/mail/pymilter.cfg
+- Check M$ style XML CID records by converting to SPF
+- Recognize, but never match ip6 until we properly support it.
+- Option to reject when no PTR and no SPF
+* Fri Apr 09 2004 Stuart Gathman <stuart@bmsi.com> 0.6.9-1
+- Validate spf.py against test suite, and add Received-SPF support to spf.py
+- Support best_guess for SPF
+- Reject numeric hello names
+- Preserve case of local part in sender
+- Make libmilter timeout a config option
+- Fix setup.py to work with python < 2.2.3
+* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-3
+- Reject invalid SRS immediately for benefit of callback verifiers
+- Fix include bug in spf.py
+* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-2
+- Bug in check_header
+* Mon Apr 05 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-1
+- Don't report spoofed unless rcpt looks like SRS
+- Check for bounce with multiple rcpts
+- Make dspam see Received-SPF headers
+- Make sysv init work with RH9
+* Thu Mar 25 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-3
+- Forgot to make spf_reject_neutral global in bms.py
+* Wed Mar 24 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-2
+- Defang message/rfc822 content_type with boundary 
+- Support SPF delegation
+- Reject neutral SPF result for selected domains
+* Tue Mar 23 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-1
+- SRS forgery check.  Detect thread resource starvation.
+- Properly remove local socket with explicit type.
+- Decode obfuscated subject headers.
+* Wed Mar 11 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-2
+- init script bug with python2.3
+* Wed Mar 10 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-1
+- SPF checking, hello blacklist
+* Mon Mar 08 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-2
+- memory leak in envfrom and envrcpt
+* Mon Mar 01 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-1
+- progress notification
+- memory leak in connect
+- trusted relay
+* Thu Feb 19 2004 Stuart Gathman <stuart@bmsi.com> 0.6.4-2
+- smart alias wildcard patch, compile for sendmail-8.12
+* Thu Dec 04 2003 Stuart Gathman <stuart@bmsi.com> 0.6.4-1
+- many fixes for dspam support
+* Wed Oct 22 2003 Stuart Gathman <stuart@bmsi.com> 0.6.3
+- dspam SCREEN feature
+- streamline dspam false positive handling
+* Mon Sep 01 2003 Stuart Gathman <stuart@bmsi.com> 0.6.1
+- Full dspam support added
+* Mon Aug 26 2003 Stuart Gathman <stuart@bmsi.com>
+- Use New email module
+* Fri Jun 27 2003 Stuart Gathman <stuart@bmsi.com>
+- Add dspam module
@@ -1,20 +1,19 @@
 /* Copyright (C) 2001  James Niemira (niemira@colltech.com, urmane@urmane.org)
- * Portions Copyright (C) 2001,2002,2003,2004,2005,2006,2007
- *   Stuart Gathman (stuart@bmsi.com)
+ * Portions Copyright (C) 2001,2002,2003,2004  Stuart Gathman (stuart@bmsi.com)
 * 
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 2 of the License, or (at your
- * option) any later version.
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
 * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 * milterContext object and thread interface contributed by
 * 	Stuart D. Gathman <stuart@bmsi.com>
@@ -35,21 +34,6 @@ $ python setup.py help
     libraries=["milter","smutil","resolv"]

 * $Log$
- * Revision 1.14  2008/12/04 19:43:00  customdesigned
- * Doc updates.
- *
- * Revision 1.13  2008/11/23 03:06:47  customdesigned
- * Milter support for chgfrom.
- *
- * Revision 1.12  2008/11/21 20:42:52  customdesigned
- * Support smfi_chgfrom and smfi_addrcpt_par.
- *
- * Revision 1.11  2007/09/25 02:26:29  customdesigned
- * Update license.
- *
- * Revision 1.10  2006/02/12 02:00:42  customdesigned
- * Resolve FIXME for wrap_close.
- *
 * Revision 1.9  2005/12/23 21:46:36  customdesigned
 * Compile on sendmail-8.12 (ifdef SMFIR_INSHEADER)
 *
@@ -191,10 +175,10 @@ $ python setup.py help
 #endif
 #define _FFR_MULTILINE (MAX_ML_REPLY > 1)

-//#include <pthread.h>	// shouldn't be needed - use Python API
-#include <Python.h>		// Python C API
-#include <libmilter/mfapi.h>	// libmilter API
-#include <netinet/in.h>		// socket API
+#include <pthread.h>
+#include <netinet/in.h>
+#include <Python.h>
+#include <libmilter/mfapi.h>


 /* See if we have IPv4 and/or IPv6 support in this OS and in
@@ -261,10 +245,10 @@ typedef struct {
  PyThreadState *t;	/* python thread state */
 } milter_ContextObject;

-/* Return a borrowed reference to the python Context.  Called by callbacks
-   invoked by libmilter.  Create a new Context if needed.  The new
-   Python Context is owned by the SMFICTX. The python interpreter is locked on
-   successful return, otherwise not. */
+/* Return a borrowed reference to the python Context.  Create a
+   new Context if needed.  The new Python Context is owned by
+   the SMFICTX. The python interpreter is locked on successful
+   return, otherwise not. */
 static milter_ContextObject *
 _get_context(SMFICTX *ctx) {
  milter_ContextObject *self = smfi_getpriv(ctx);
@@ -298,8 +282,7 @@ _get_context(SMFICTX *ctx) {
  return self;
 }

-/* Find the SMFICTX from a Python Context.  Called by context methods invoked
-   from python.  The interpreter must be locked. */ 
+/* Find the SMFICTX from a Python Context. The interpreter must be locked. */
 static SMFICTX *
 _find_context(PyObject *c) {
  SMFICTX *ctx = NULL;
@@ -352,7 +335,6 @@ static char milter_set_flags__doc__[] =
 Set flags for filter capabilities; OR of one or more of:\n\
 ADDHDRS - filter may add headers\n\
 CHGBODY - filter may replace body\n\
-CHGFROM - filter may replace body\n\
 ADDRCPT - filter may add recipients\n\
 DELRCPT - filter may delete recipients\n\
 CHGHDRS - filter may change/delete headers";
@@ -1027,30 +1009,6 @@ milter_addheader(PyObject *self, PyObject *args) {
 #endif
 }

-#ifdef SMFIF_CHGFROM
-static char milter_chgfrom__doc__[] =
-"chgfrom(sender,params) -> None\n\
-Change the envelope sender (MAIL From) of the current message.\n\
-A filter which calls smfi_chgfrom must have set the CHGFROM flag\n\
-in set_flags() before calling register.\n\
-This function can only be called from the EOM callback.";
-static PyObject *
-milter_chgfrom(PyObject *self, PyObject *args) {
-  char *sender;
-  char *params;
-  SMFICTX *ctx;
-  PyThreadState *t;
-  
-  if (!PyArg_ParseTuple(args, "s|z:chgfrom", &sender, &params))
-    return NULL;
-  ctx = _find_context(self);
-  if (ctx == NULL) return NULL;
-  t = PyEval_SaveThread();
-  return _thread_return(t,smfi_chgfrom(ctx, sender, params),
-			 "cannot change sender");
-}
-#endif
-
 static char milter_chgheader__doc__[] =
 "chgheader(field, int, value) -> None\n\
 Change/delete a header in the message. \n\
@@ -1080,33 +1038,22 @@ milter_chgheader(PyObject *self, PyObject *args) {
 }

 static char milter_addrcpt__doc__[] =
-"addrcpt(string,params=None) -> None\n\
+"addrcpt(string) -> None\n\
 Add a recipient to the envelope.  It must be in the same format\n\
 as is passed to the envrcpt callback in the first tuple element.\n\
-If params is used, you must pass ADDRCPT_PAR to set_flags().\n\
 This function can only be called from the EOM callback.";

 static PyObject *
 milter_addrcpt(PyObject *self, PyObject *args) {
  char *rcpt;
-  char *params = 0;
  SMFICTX *ctx;
  PyThreadState *t;
-  int rc;
  
-  if (!PyArg_ParseTuple(args, "s|z:addrcpt", &rcpt)) return NULL;
+  if (!PyArg_ParseTuple(args, "s:addrcpt", &rcpt)) return NULL;
  ctx = _find_context(self);
  if (ctx == NULL) return NULL;
  t = PyEval_SaveThread();
-  if (params)
-#ifdef SMFIF_ADDRCPT_PAR
-    rc = smfi_addrcpt_par(ctx,rcpt,params);
-#else
-    rc = MI_FAILURE;
-#endif
-  else
-    rc = smfi_addrcpt(ctx,rcpt);
-  return _thread_return(t,rc, "cannot add recipient");
+  return _thread_return(t,smfi_addrcpt(ctx, rcpt), "cannot add recipient");
 }

 static char milter_delrcpt__doc__[] =
@@ -1247,9 +1194,6 @@ static PyMethodDef context_methods[] = {
 #endif
 #ifdef SMFIR_PROGRESS
  { "progress",  milter_progress,  METH_VARARGS, milter_progress__doc__},
-#endif
-#ifdef SMFIF_CHGFROM
-  { "chgfrom",  milter_chgfrom,  METH_VARARGS, milter_chgfrom__doc__},
 #endif
  { NULL, NULL }
 };
@@ -1351,9 +1295,6 @@ initmilter(void) {
   setitem(d,"CHGBODY",  SMFIF_CHGBODY);
   setitem(d,"MODBODY",  SMFIF_MODBODY);
   setitem(d,"ADDRCPT",  SMFIF_ADDRCPT);
-#ifdef SMFIF_ADDRCPT_PAR
-   setitem(d,"ADDRCPT_PAR",  SMFIF_ADDRCPT_PAR);
-#endif
   setitem(d,"DELRCPT",  SMFIF_DELRCPT);
   setitem(d,"CHGHDRS",  SMFIF_CHGHDRS);
   setitem(d,"V1_ACTS",  SMFI_V1_ACTS);
@@ -1361,9 +1302,6 @@ initmilter(void) {
   setitem(d,"CURR_ACTS",  SMFI_CURR_ACTS);
 #ifdef SMFIF_QUARANTINE
   setitem(d,"QUARANTINE",SMFIF_QUARANTINE);
-#endif
-#ifdef SMFIF_CHGFROM
-   setitem(d,"CHGFROM",SMFIF_CHGFROM);
 #endif
   setitem(d,"CONTINUE",  SMFIS_CONTINUE);
   setitem(d,"REJECT",  SMFIS_REJECT);
@@ -0,0 +1,39 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (sender verification)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+Your sender policy (or lack thereof) indicated that the above email was not
+sent via an authorized SMTP server, but may still be legitimate.  Since there
+is no positive confirmation that the message is really from you, we have
+to give it extra scrutiny - including verifying that the sender really
+exists by sending you this DSN.  We will remember this sender and not
+bother you again for a while.  You can avoid this message entirely for
+legitimate mail by using an authorized SMTP server.  Contact your mail
+administrator and ask how to configure your email client to use an
+authorized server.
+
+If you never sent the above message, then your domain has been forged.
+Your mail admin needs to publish a strict SPF record so that I can reject
+those forgeries instead of bugging you about them.  
+
+See http://openspf.org for details.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,35 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: Critical SPF configuration error
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+	%(rcpt)s
+
+Subject: %(subject)s 
+Received-SPF: %(spf_result)s
+
+Your spf record has a permanent error.  The error was:
+
+	%(perm_error)s
+
+We will reinterpret your record using "lax" processing heuristics
+which may result in your mail being accepted anyway.  But you or your
+mail administrator need to fix your SPF record as soon as possible.
+
+We are sending you this message to alert you to the fact that
+you have problems with your email configuration.
+
+If you need further assistance, please do not hesitate to
+contact me again.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -1,100 +0,0 @@
-%define __python python2.4
-%define version 0.8.12
-%define release 1%{?dist}.py24
-%define libdir %{_libdir}/pymilter
-%define name pymilter
-%define redhat7 0
-
-Summary: Python interface to sendmail milter API
-Name: %{name}
-Version: %{version}
-Release: %{release}
-Source: %{name}-%{version}.tar.gz
-#Patch: %{name}-%{version}.patch
-License: GPLv2+
-Group: Development/Libraries
-BuildRoot: %{_tmppath}/%{name}-buildroot
-Vendor: Stuart D. Gathman <stuart@bmsi.com>
-Url: http://www.bmsi.com/python/milter.html
-Requires: %{__python} >= 2.4, sendmail >= 8.13
-BuildRequires: %{__python}-devel >= 2.4, sendmail-devel >= 8.13
-
-%description
-This is a python extension module to enable python scripts to
-attach to sendmail's libmilter functionality.  Additional python
-modules provide for navigating and modifying MIME parts, sending
-DSNs, and doing CBV.
-
-%prep
-%setup -q
-#patch -p0 -b .bms
-
-%build
-%if %{redhat7} 
-  LDFLAGS="-s"
-%else # Redhat builds debug packages after 7.3
-  LDFLAGS="-g"
-%endif
-env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{__python} setup.py build
-
-%install
-rm -rf $RPM_BUILD_ROOT
-%{__python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
-mkdir -p $RPM_BUILD_ROOT/var/run/milter
-mkdir -p $RPM_BUILD_ROOT%{libdir}
-%ifos aix4.1
-cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-#!/bin/sh
-cd /var/log/milter
-exec /usr/local/bin/python bms.py >>milter.log 2>&1
-EOF
-%else # not aix4.1
-cp start.sh $RPM_BUILD_ROOT%{libdir}
-ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-/^python=/
-c
-python="%{__python}"
-.
-w
-q
-EOF
-%endif
-chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
-%if !%{redhat7}
-#grep '.pyc$' INSTALLED_FILES | sed -e 's/c$/o/' >>INSTALLED_FILES
-%endif
-
-# start.sh is used by spfmilter and milter, and could be used by
-# other milters running on redhat
-%files -f INSTALLED_FILES
-%defattr(-,root,root)
-%doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
-%config %{libdir}/start.sh
-%dir %attr(0755,mail,mail) /var/run/milter
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%changelog
-* Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.8.12-1
- Split pymilter into its own CVS module
- Support chgfrom and addrcpt_par
- Support NS records in Milter.dns
-* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
- /var/run/milter directory must be owned by mail
-* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
- improved parsing into email and fullname (still 2 self test failures)
- implement no-DSN CBV, reduce full DSNs
-* Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
- Use ifarch hack to build milter and milter-spf packages as noarch
- Remove spf dependency from dsn.py, add dns.py
-* Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
- move AddrCache, parse_addr, iniplist to Milter package
- move parse_header to Milter.utils
- fix plock for missing source and can't change owner/group
- split out pymilter and pymilter-spf packages
- move milter apps to /usr/lib/pymilter
-* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
- SPF moved to pyspf RPM
-* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
- Support CBV timeout
@@ -0,0 +1,42 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: DELIVERY STATUS (POSSIBLE SPAM)
+Auto-Submitted: auto-generated (content analysis)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+A statistical analysis of your message has classified it as junk mail,
+and it has been quarantined.  Eventually, the recipients will review
+their quarantined mail and may notice your message.  If your message is
+important, please contact them via other means.  You may also try sending
+them a simple plain text message.
+
+If you never sent the above message, then your domain, %(sender_domain)s,
+was forged - i.e. used without your knowlege or authorization by
+someone attempting to steal your mail identity.  This is a very
+serious problem, and you need to provide authentication for your
+SMTP (email) servers to prevent criminals from forging your
+domain.  The simplest step is usually to publish an SPF record
+with your Sender Policy.  
+
+For more information, see: http://www.openspf.org
+
+Your mail admin needs to publish a strict SPF record so that I can reject
+those forgeries instead of bugging you with them.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,38 @@
+# Analyze milter log to find abusers
+
+fp = open('/var/log/milter/milter.log','r')
+subdict = {}
+ipdict = {}
+spamcnt = {}
+for line in fp:
+  a = line.split(None,4)
+  if len(a) < 4: continue
+  dt,tm,id,op = a[:4]
+  if op == 'Subject:':
+    if len(a) > 4: subdict[id] = a[4].rstrip()
+  elif op == 'connect':
+    ipdict[id] = a[4].rstrip()
+  elif op in ('eom','dspam'):
+    if id in subdict: del subdict[id]
+    if id in ipdict: del ipdict[id]
+  elif op in ('REJECT:','DSPAM:','SPAM:','abort'):
+    if id in subdict:
+      if id in ipdict:
+        ip = ipdict[id]
+	del ipdict[id]
+	f,host,raw = ip.split(None,2)
+	if host in spamcnt:
+	  spamcnt[host] += 1
+	else:
+	  spamcnt[host] = 1
+      else: ip = ''
+      print dt,tm,op,a[4].rstrip(),subdict[id]
+      del subdict[id]
+    else:
+      print line.rstrip()
+print len(subdict),'leftover entries'
+
+spamlist = filter(lambda x: x[1] > 1,spamcnt.items())
+spamlist.sort(lambda x,y: x[1] - y[1])
+for ip,cnt in spamlist:
+  print cnt,ip
@@ -0,0 +1,138 @@
+# Analyze milter log to find abusers
+import traceback
+import sys
+
+def parse_addr(a):
+  beg = a.find('<')
+  end = a.find('>')
+  if beg >= 0:
+    if end > beg: return a[beg+1:end]
+  return a
+
+class Connection(object):
+  def __init__(self,dt,tm,id,ip=None,conn=None):
+    self.dt = dt
+    self.tm = tm
+    self.id = id
+    if ip:
+      _,self.host,self.ip = ip.split(None,2)
+    elif conn:
+      self.ip = conn.ip
+      self.host = conn.host
+      self.helo = conn.helo
+    self.subject = None
+    self.rcpt = []
+    self.mfrom = None
+    self.helo = None
+    self.innoc = []
+    self.whitelist = False
+
+def connections(fp):
+  conndict = {}
+  termdict = {}
+  for line in fp:
+    if line.startswith('{'): continue
+    a = line.split(None,4)
+    if len(a) < 4: continue
+    dt,tm,id,op = a[:4]
+    if (id,op) == ('bms','milter'):
+      # FIXME: optionally yield all partial connections in conndict
+      conndict = {}
+      termdict = {}
+      continue
+    if id[0] == '[' and id[-1] == ']':
+      try:
+	key = int(id[1:-1])
+      except:
+        print >>sys.stderr,'bad id:',line.rstrip()
+	continue
+    else: continue
+    if op == 'connect':
+      ip = a[4].rstrip()
+      conn = Connection(dt,tm,id,ip=ip)
+      conndict[key] = conn
+    elif op in (
+	'DISCARD:','TAG:','CBV:','Large','No',
+	'NOTE:','From:','Sender:','TRAIN:'):
+      continue
+    else:
+      op = op.lower()
+      try:
+	conn = conndict[key]
+      except KeyError:
+        try:
+	  conn = termdict[key]
+	  del termdict[key]
+	  conndict[key] = conn
+	except KeyError:
+	  print >>sys.stderr,'key error:',line.rstrip()
+	  continue
+      try:
+	if op == 'subject:':
+	  if len(a) > 4:
+	    conn.subject = a[4].rstrip()
+	elif op == 'innoc:':
+	  conn.innoc.append(a[4].rstrip())
+	elif op == 'whitelist':
+	  conn.whitelist = True
+	elif op == 'x-mailer:':
+	  if len(a) > 4:
+	    conn.mailer = a[4].rstrip()
+        elif op == 'x-guessed-spf:':
+          conn.spfguess = a[4]
+	elif op == 'received-spf:':
+	  conn.spfres,conn.spfmsg = a[4].rstrip().split(None,1)
+	elif op == 'received:':
+	  conn.received = a[4].rstrip()
+	elif op == 'temp':
+	  _,conn.tempfile = a[4].rstrip().split(None,1)
+	elif op == 'srs':
+	  _,conn.srsrcpt = a[4].rstrip().split(None,1)
+	elif op == 'mail':
+	  _,conn.mfrom = a[4].rstrip().split(None,1)
+	elif op == 'rcpt':
+	  _,rcpt = a[4].rstrip().split(None,1)
+	  conn.rcpt.append(rcpt)
+	elif op == 'hello':
+	  _,conn.helo = a[4].rstrip().split(None,1)
+	elif op in ('eom','dspam','abort'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('reject:','dspam:','tempfail:','reject','fail:','honeypot:'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  conn.resmsg = a[4].rstrip()
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('fp:','spam:'):
+	  del conndict[key]
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	else:
+	  print >>sys.stderr,'unknown op:',line.rstrip()
+      except Exception:
+	print >>sys.stderr,'error:',line.rstrip()
+        traceback.print_exc()
+
+if __name__ == '__main__':
+  import gzip
+  for fn in sys.argv[1:]:
+    if fn.endswith('.gz'):
+      fp = gzip.open(fn)
+    else:
+      fp = open(fn)
+    for conn in connections(fp):
+      if conn.rcpt and conn.mfrom:
+        for r in conn.rcpt:
+	  if r.lower().find('iancarter') > 0: break
+	else:
+	  if conn.mfrom.lower().find('iancarter') < 0: continue
+	print >>sys.stderr,conn.result,conn.dt,conn.tm,conn.id,conn.subject,parse_addr(conn.mfrom),
+	for a in conn.rcpt:
+	  print parse_addr(a),
+	print
@@ -0,0 +1,44 @@
+divert(-1)
+#
+# Copyright (c) 2002 Derek J. Balling
+#	All rights reserved.
+#
+# Permission to use granted for all purposes. If modifications are made
+# they are requested to be sent to <dredd@megacity.org> for inclusion in future
+# versions 
+#
+# Allows (hopefully) for checking of access.db whitelisting now. This ONLY
+# works on sendmail-8.12.x ... use on any other version may require tinkering
+# by you the downloader.
+#
+# Incorporates many changes by Sergey S. Mokryshev <mokr@mokr.net>
+#
+#
+
+divert(0)
+ifdef(`_RHSBL_R_',`dnl',`dnl
+VERSIONID(`$Id$')
+define(`_RHSBL_R_',`')
+ifdef(`_DNSBL_R_',`dnl',`dnl
+LOCAL_CONFIG
+# map for DNS based blacklist lookups based on the sender RHS
+Kdnsbl host -T<TMP>')')
+divert(-1)
+define(`_RHSBL_SRV_', `_ARG_')dnl
+define(`_RHSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{RHS} " refused by blackhole site '_RHSBL_SRV_`"',`_ARG2_')')dnl
+define(`_RHSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{RHS} " at '_RHSBL_SRV_`"',`_ARG3_')')dnl
+
+MAILER_DEFINITIONS
+
+SLocal_check_mail
+# DNS based RHS spam list blackholes.bmsi.com
+R$*			$: <?> $>CanonAddr $1
+R<?> $*<@$+.>		$: <?> $1<@$2.> $| $>SearchList <+ rhs> $| <F:$1@$2> <D:$2> <>
+R<?> $* $| <$={Accept}>	$: OKSOFAR
+R<?> $*<@$+.> $| $*	$: <?> $(dnsbl $2._RHSBL_SRV_. $: OK $) $(macro {RHS} $@ $2 $)
+R<?> OK			$: OKSOFAR
+R<?> $*<@$*>		$: OKSOFAR
+ifelse(len(X`'_ARG3_),`1',
+`R<?>$+<TMP>		$: TMPOK',
+`R<?>$+<TMP>		$#error $@ 4.7.1 $: _RHSBL_MSG_TMP_')
+R<?>$+			$#error $@ 5.7.1 $: _RHSBL_MSG_
@@ -6,7 +6,6 @@ from distutils.core import setup, Extension
 # on slackware and debian, leave it out entirely.  It depends
 # on how libmilter was built by the sendmail package.
 libs = ["milter", "smutil"]
-libdirs = ["/usr/lib/libmilter"]    # needed for Debian

 # patch distutils if it can't cope with the "classifiers" or
 # "download_url" keywords
@@ -16,7 +15,7 @@ if sys.version < '2.2.3':
  DistributionMetadata.download_url = None

 # NOTE: importing Milter to obtain version fails when milter.so not built
-setup(name = "pymilter", version = '0.8.12',
+setup(name = "pymilter", version = '0.8.8',
 	description="Python interface to sendmail milter API",
 	long_description="""\
 This is a python extension module to enable python scripts to
@@ -34,7 +33,6 @@ sending DSNs or doing CBVs.
 	packages = ['Milter'],
 	ext_modules=[
 	  Extension("milter", ["miltermodule.c"],
-            library_dirs=libdirs,
 	    libraries=libs,
 	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
 	    define_macros = [ ('MAX_ML_REPLY',32) ]
@@ -0,0 +1,28 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+Your sender policy indicated that the above email was likely forged and that
+feedback was desired for debugging.  If you are sending from a foreign ISP,
+then you may need to follow your home ISPs instructions for configuring
+your outgoing mail server.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,20 @@
+[milter]
+# The socket used to communicate with sendmail
+socketname = /var/run/milter/spfmiltersock
+# Name of the milter given to sendmail
+name = pyspffilter
+# Trusted relays such as secondary MXes that should not have SPF checked.
+;trusted_relay =
+# Internal networks that should not have SPF checked.
+internal_connect = 127.0.0.1,192.168.0.0/16,10.0.0.0/8
+
+# See http://www.openspf.com for more info on SPF.
+[spf]
+# Use sendmail access map or similar format for detailed spf policy.
+# SPF entries in the access map will override defaults.
+access_file = /etc/mail/access.db
+# Connections that get an SPF pass for a pretend MAIL FROM of 
+# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
+# This is for non-SRS forwarders.  It is a simple implementation that
+# is inefficient for more than a few entries.
+;trusted_forwarder = careerbuilder.com
@@ -0,0 +1,253 @@
+# A simple SPF milter.
+# You must install pyspf for this to work.
+
+# http://www.sendmail.org/doc/sendmail-current/libmilter/docs/installation.html
+
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2007 Business Management Systems, Inc.
+# This code is under GPL.  See COPYING for details.
+
+import sys
+import Milter
+import spf
+import syslog
+import anydbm
+from Milter.config import MilterConfigParser
+from Milter.utils import iniplist,parse_addr
+
+syslog.openlog('spfmilter',0,syslog.LOG_MAIL)
+
+class Config(object):
+  "Hold configuration options."
+  pass
+
+def read_config(list):
+  "Return new config object."
+  cp = MilterConfigParser()
+  cp.read(list)
+  if cp.has_option('milter','datadir'):
+        os.chdir(cp.get('milter','datadir'))
+  conf = Config()
+  conf.socketname = cp.getdefault('milter','socketname', '/tmp/spfmiltersock')
+  conf.miltername = cp.getdefault('milter','name','pyspffilter')
+  conf.trusted_relay = cp.getlist('milter','trusted_relay')
+  conf.internal_connect = cp.getlist('milter','internal_connect')
+  conf.trusted_forwarder = cp.getlist('spf','trusted_relay')
+  conf.access_file = cp.getdefault('spf','access_file',None)
+  return conf
+
+class SPFPolicy(object):
+  "Get SPF policy by result from sendmail style access file."
+  def __init__(self,sender,access_file=None):
+    self.sender = sender
+    self.domain = sender.split('@')[-1].lower()
+    if access_file:
+      try: acf = anydbm.open(access_file,'r')
+      except: acf = None
+    else: acf = None
+    self.acf = acf
+
+  def getPolicy(self,pfx):
+    acf = self.acf
+    if not acf: return None
+    try:
+      return acf[pfx + self.sender]
+    except KeyError:
+      try:
+	return acf[pfx + self.domain]
+      except KeyError:
+	try:
+	  return acf[pfx]
+	except KeyError:
+	  return None
+  
+class spfMilter(Milter.Milter):
+  "Milter to check SPF.  Each connection gets its own instance."
+
+  def log(self,*msg):
+    syslog.syslog('[%d] %s' % (self.id,' '.join([str(m) for m in msg])))
+
+  def __init__(self):
+    self.mailfrom = None
+    self.id = Milter.uniqueID()
+    # we don't want config used to change during a connection
+    self.conf = config
+
+  # addheader can only be called from eom().  This accumulates added headers
+  # which can then be applied by alter_headers()
+  def add_header(self,name,val,idx=-1):
+    self.new_headers.append((name,val,idx))
+    self.log('%s: %s' % (name,val))
+
+  def connect(self,hostname,unused,hostaddr):
+    self.internal_connection = False
+    self.trusted_relay = False
+    self.hello_name = None
+    # sometimes people put extra space in sendmail config, so we strip
+    self.receiver = self.getsymval('j').strip()
+    if hostaddr and len(hostaddr) > 0:
+      ipaddr = hostaddr[0]
+      if iniplist(ipaddr,self.conf.internal_connect):
+	self.internal_connection = True
+      if iniplist(ipaddr,self.conf.trusted_relay):
+        self.trusted_relay = True
+    else: ipaddr = ''
+    self.connectip = ipaddr
+    if self.internal_connection:
+      connecttype = 'INTERNAL'
+    else:
+      connecttype = 'EXTERNAL'
+    if self.trusted_relay:
+      connecttype += ' TRUSTED'
+    self.log("connect from %s at %s %s" % (hostname,hostaddr,connecttype))
+    return Milter.CONTINUE
+
+  def hello(self,hostname):
+    self.hello_name = hostname
+    self.log("hello from %s" % hostname)
+    return Milter.CONTINUE
+
+  # multiple messages can be received on a single connection
+  # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
+  # of each message.
+  def envfrom(self,f,*str):
+    self.log("mail from",f,str)
+    if not self.hello_name:
+      self.log('REJECT: missing HELO')
+      self.setreply('550','5.7.1',"It's polite to say helo first.")
+      return Milter.REJECT
+    self.mailfrom = f
+    self.new_headers = []
+    t = parse_addr(f)
+    if len(t) == 2: t[1] = t[1].lower()
+    self.canon_from = '@'.join(t)
+    if not (self.internal_connection or self.trusted_relay) and self.connectip:
+      rc = self.check_spf()
+      if rc != Milter.CONTINUE: return rc
+    return Milter.CONTINUE
+
+  def envrcpt(self,f,*str):
+    return Milter.CONTINUE
+
+  def header(self,name,hval):
+    return Milter.CONTINUE
+
+  def eoh(self):
+    return Milter.CONTINUE
+
+  def eom(self):
+    for name,val,idx in self.new_headers:
+      try:
+	self.addheader(name,val,idx)
+      except:
+	self.addheader(name,val)	# older sendmail can't insheader
+    return Milter.CONTINUE
+
+  def close(self):
+    return Milter.CONTINUE
+
+  def check_spf(self):
+    receiver = self.receiver
+    for tf in self.conf.trusted_forwarder:
+      q = spf.query(self.connectip,'',tf,receiver=receiver,strict=False)
+      res,code,txt = q.check()
+      if res == 'pass':
+        self.log("TRUSTED_FORWARDER:",tf)
+        break
+    else:
+      q = spf.query(self.connectip,self.canon_from,self.hello_name,
+	  receiver=receiver,strict=False)
+      q.set_default_explanation(
+	'SPF fail: see http://openspf.org/why.html?sender=%s&ip=%s' % (q.s,q.i))
+      res,code,txt = q.check()
+    if res not in ('pass','temperror'):
+      if self.mailfrom != '<>':
+	# check hello name via spf unless spf pass
+	h = spf.query(self.connectip,'',self.hello_name,receiver=receiver)
+	hres,hcode,htxt = h.check()
+	if hres in ('deny','fail','neutral','softfail'):
+	  self.log('REJECT: hello SPF: %s 550 %s' % (hres,htxt))
+	  self.setreply('550','5.7.1',htxt,
+	    "The hostname given in your MTA's HELO response is not listed",
+	    "as a legitimate MTA in the SPF records for your domain.  If you",
+	    "get this bounce, the message was not in fact a forgery, and you",
+	    "should IMMEDIATELY notify your email administrator of the problem."
+	  )
+	  return Milter.REJECT
+      else:
+        hres,hcode,htxt = res,code,txt
+    else: hres = None
+
+    p = SPFPolicy(q.s,self.conf.access_file)
+
+    if res == 'fail':
+      policy = p.getPolicy('spf-fail:')
+      if not policy or policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'5.7.1',txt)
+	# A proper SPF fail error message would read:
+	# forger.biz [1.2.3.4] is not allowed to send mail with the domain
+	# "forged.org" in the sender address.  Contact <postmaster@forged.org>.
+	return Milter.REJECT
+    if res == 'softfail':
+      policy = p.getPolicy('spf-softfail:')
+      if policy and policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'5.7.1',txt)
+	# A proper SPF fail error message would read:
+	# forger.biz [1.2.3.4] is not allowed to send mail with the domain
+	# "forged.org" in the sender address.  Contact <postmaster@forged.org>.
+	return Milter.REJECT
+    elif res == 'permerror':
+      policy = p.getPolicy('spf-permerror:')
+      if not policy or policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	# latest SPF draft recommends 5.5.2 instead of 5.7.1
+	self.setreply(str(code),'5.5.2',txt,
+	  'There is a fatal syntax error in the SPF record for %s' % q.o,
+	  'We cannot accept mail from %s until this is corrected.' % q.o
+	)
+	return Milter.REJECT
+    elif res == 'temperror':
+      policy = p.getPolicy('spf-temperror:')
+      if not policy or policy == 'REJECT':
+	self.log('TEMPFAIL: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'4.3.0',txt)
+	return Milter.TEMPFAIL
+    elif res == 'neutral' or res == 'none':
+      policy = p.getPolicy('spf-neutral:')
+      if policy and policy == 'REJECT':
+        self.log('REJECT NEUTRAL:',q.s)
+	self.setreply('550','5.7.1',
+  "%s requires and SPF PASS to accept mail from %s. [http://openspf.org]"
+	  % (receiver,q.s))
+	return Milter.REJECT
+    elif res == 'pass':
+      policy = p.getPolicy('spf-pass:')
+      if policy and policy == 'REJECT':
+        self.log('REJECT PASS:',q.s)
+	self.setreply('550','5.7.1',
+		"%s has been blacklisted by %s." % (q.s,receiver))
+	return Milter.REJECT
+    self.add_header('Received-SPF',q.get_header(res,receiver),0)
+    if hres and q.h != q.o:
+      self.add_header('X-Hello-SPF',hres,0)
+    return Milter.CONTINUE
+
+if __name__ == "__main__":
+  Milter.factory = spfMilter
+  Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
+  global config
+  config = read_config(['spfmilter.cfg','/etc/mail/spfmilter.cfg'])
+  miltername = config.miltername
+  socketname = config.socketname
+  print """To use this with sendmail, add the following to sendmail.cf:
+
+O InputMailFilters=%s
+X%s,        S=local:%s
+
+See the sendmail README for libmilter.
+sample spfmilter startup""" % (miltername,miltername,socketname)
+  sys.stdout.flush()
+  Milter.runmilter("pyspffilter",socketname,240)
+  print "sample spfmilter shutdown"
@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# spfmilter	This shell script takes care of starting and stopping spfmilter.
+#
+# chkconfig: 2345 80 30
+# description: a process that checks SPF for messages sent through sendmail.
+# processname: spfmilter
+# config: /etc/mail/spfmilter.cfg
+# pidfile: /var/run/milter/spfmilter.pid
+
+python="python2.4"
+
+pidof() {
+	set - ""
+	if set - `ps -e -o pid,cmd | grep "${python} spfmilter.py"` &&
+	  [ "$2" != "grep" ]; then
+	  echo $1
+	  return 0
+	fi
+	return 1
+}
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+[ -x /usr/lib/pymilter/start.sh ] || exit 0
+
+RETVAL=0
+prog="spfmilter"
+
+start() {
+	# Start daemons.
+
+	echo -n "Starting $prog: "
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /usr/lib/pymilter/start.sh spfmilter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/spfmilter
+	return $RETVAL
+}
+
+stop() {
+	# Stop daemons.
+	echo -n "Shutting down $prog: "
+	killproc milter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/spfmilter
+	return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart|reload)
+	stop
+	start
+	RETVAL=$?
+	;;
+  condrestart)
+	if [ -f /var/lock/subsys/spfmilter ]; then
+	    stop
+	    start
+	    RETVAL=$?
+	fi
+	;;
+  status)
+	status spfmilter
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|condrestart|status}"
+	exit 1
+esac
+
+exit $RETVAL
@@ -10,5 +10,7 @@ else
  cd /usr/lib/pymilter
 fi

-${python} ${script}.py &
+cd /var/log/milter
+exec >>${appname}.log 2>&1
+${python} ${appname}.py &
 echo $! >/var/run/milter/${appname}.pid
@@ -0,0 +1,69 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: Critical mail server configuration error
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+	%(rcpt)s
+
+Subject: %(subject)s 
+
+Someone at IP address %(connectip)s sent an email claiming
+to be from %(sender)s.  
+
+If that wasn't you, then your domain, %(sender_domain)s,
+was forged - i.e. used without your knowlege or authorization by
+someone attempting to steal your mail identity.  This is a very
+serious problem, and you need to provide authentication for your
+SMTP (email) servers to prevent criminals from forging your
+domain.  The simplest step is usually to publish an SPF record
+with your Sender Policy.  
+
+For more information, see: http://openspf.org
+
+I hate to annoy you with a DSN (Delivery Status
+Notification) from a possibly forged email, but since you
+have not published a sender policy, there is no other way
+of bringing this to your attention.
+
+If it *was* you that sent the email, then your email domain
+or configuration is in error.  If you don't know anything
+about mail servers, then pass this on to your SMTP (mail)
+server administrator.  We have accepted the email anyway, in
+case it is important, but we couldn't find anything about
+the mail submitter at %(connectip)s to distinguish it from a
+zombie (compromised/infected computer - usually a Windows
+PC).  There was no PTR record for its IP address (PTR names
+that contain the IP address don't count).  RFC2821 requires
+that your hello name be a FQN (Fully Qualified domain Name,
+i.e. at least one dot) that resolves to the IP address of
+the mail sender.  In addition, just like for PTR, we don't
+accept a helo name that contains the IP, since this doesn't
+help to identify you.  The hello name you used,
+%(heloname)s, was invalid.
+
+Furthermore, there was no SPF record for the sending domain
+%(sender_domain)s.  We even tried to find its IP in any A or
+MX records for your domain, but that failed also.  We really
+should reject mail from anonymous mail clients, but in case
+it is important, we are accepting it anyway.
+
+We are sending you this message to alert you to the fact that
+
+Either - Someone is forging your domain.
+Or - You have problems with your email configuration.
+Or - Possibly both.
+
+If you need further assistance, please do not hesitate to
+contact me again.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -1,4 +1,5 @@
 import unittest
+import testbms
 import testmime
 import testsample
 import testutils
@@ -6,6 +7,7 @@ import os

 def suite(): 
  s = unittest.TestSuite()
+  s.addTest(testbms.suite())
  s.addTest(testmime.suite())
  s.addTest(testsample.suite())
  s.addTest(testutils.suite())
@@ -0,0 +1,323 @@
+import unittest
+import doctest
+import Milter
+import bms
+import mime
+import rfc822
+import StringIO
+import email
+import sys
+#import pdb
+
+class TestMilter(bms.bmsMilter):
+
+  def __init__(self):
+    bms.bmsMilter.__init__(self)
+    self.logfp = open("test/milter.log","a")
+    self._delrcpt = []	# record deleted rcpts for testing
+    self._addrcpt = []	# record added rcpts for testing
+
+  def log(self,*msg):
+    for i in msg: print >>self.logfp, i,
+    print >>self.logfp
+
+  def getsymval(self,name):
+    if name == 'j': return 'test.milter.org'
+    return ''
+
+  def replacebody(self,chunk):
+    if self._body:
+      self._body.write(chunk)
+      self.bodyreplaced = True
+    else:
+      raise IOError,"replacebody not called from eom()"
+
+  # FIXME: rfc822 indexing does not really reflect the way chg/add header
+  # work for a milter
+  def chgheader(self,field,idx,value):
+    if not self._body:
+      raise IOError,"chgheader not called from eom()"
+    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
+    if value == '':
+      del self._msg[field]
+    else:
+      self._msg[field] = value
+    self.headerschanged = True
+
+  def addheader(self,field,value):
+    if not self._body:
+      raise IOError,"addheader not called from eom()"
+    self.log('addheader: %s=%s' % (field,value))
+    self._msg[field] = value
+    self.headerschanged = True
+
+  def delrcpt(self,rcpt):
+    if not self._body:
+      raise IOError,"delrcpt not called from eom()"
+    self._delrcpt.append(rcpt)
+
+  def addrcpt(self,rcpt):
+    if not self._body:
+      raise IOError,"addrcpt not called from eom()"
+    self._addrcpt.append(rcpt)
+
+  def setreply(self,rcode,xcode,msg):
+    self.reply = (rcode,xcode,msg)
+
+  def feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com"):
+    self._body = None
+    self.bodyreplaced = False
+    self.headerschanged = False
+    self.reply = None
+    msg = rfc822.Message(fp)
+    rc = self.envfrom('<%s>'%sender)
+    if rc != Milter.CONTINUE: return rc
+    rc = self.envrcpt('<%s>'%rcpt)
+    if rc != Milter.CONTINUE: return rc
+    line = None
+    for h in msg.headers:
+      if h[:1].isspace():
+	line = line + h
+	continue
+      if not line:
+	line = h
+	continue
+      s = line.split(': ',1)
+      if len(s) > 1: val = s[1].strip()
+      else: val = ''
+      rc = self.header(s[0],val)
+      if rc != Milter.CONTINUE: return rc
+      line = h
+    if line:
+      s = line.split(': ',1)
+      rc = self.header(s[0],s[1])
+      if rc != Milter.CONTINUE: return rc
+    rc = self.eoh()
+    if rc != Milter.CONTINUE: return rc
+    while 1:
+      buf = fp.read(8192)
+      if len(buf) == 0: break
+      rc = self.body(buf)
+      if rc != Milter.CONTINUE: return rc
+    self._msg = msg
+    self._body = StringIO.StringIO()
+    rc = self.eom()
+    if self.bodyreplaced:
+      body = self._body.getvalue()
+    else:
+      msg.rewindbody()
+      body = msg.fp.read()
+    self._body = StringIO.StringIO()
+    self._body.writelines(msg.headers)
+    self._body.write('\n')
+    self._body.write(body)
+    return rc
+
+  def feedMsg(self,fname,sender="spam@adv.com",rcpt="victim@lamb.com"):
+    fp = open('test/'+fname,'r')
+    rc = self.feedFile(fp,sender,rcpt)
+    fp.close()
+    return rc
+
+  def connect(self,host='localhost'):
+    self._body = None
+    self.bodyreplaced = False
+    rc =  bms.bmsMilter.connect(self,host,1,('1.2.3.4',1234)) 
+    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
+      self.close()
+      return rc
+    rc = self.hello('spamrelay')
+    if rc != Milter.CONTINUE:
+      self.close()
+    return rc
+
+class BMSMilterTestCase(unittest.TestCase):
+
+  def testDefang(self,fname='virus1'):
+    milter = TestMilter()
+    rc = milter.connect('testDefang')
+    self.assertEqual(rc,Milter.CONTINUE)
+    rc = milter.feedMsg(fname)
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open('test/'+fname+".tstout","w").write(fp.getvalue())
+    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
+    fp.seek(0)
+    msg = mime.message_from_file(fp)
+    str = msg.get_payload(1).get_payload()
+    milter.log(str)
+    milter.close()
+
+  # test some spams that crashed our parser
+  def testParse(self,fname='spam7'):
+    milter = TestMilter()
+    milter.connect('testParse')
+    rc = milter.feedMsg(fname)
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    fp = milter._body
+    open('test/'+fname+".tstout","w").write(fp.getvalue())
+    milter.connect('pro-send.com')
+    rc = milter.feedMsg('spam8')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    rc = milter.feedMsg('bounce')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    rc = milter.feedMsg('bounce1')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    milter.close()
+
+  def testDefang2(self):
+    milter = TestMilter()
+    milter.connect('testDefang2')
+    rc = milter.feedMsg('samp1')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    rc = milter.feedMsg("virus3")
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open("test/virus3.tstout","w").write(fp.getvalue())
+    #self.failUnless(fp.getvalue() == open("test/virus3.out","r").read())
+    rc = milter.feedMsg("virus6")
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.failUnless(milter.headerschanged,"Message headers not adjusted")
+    fp = milter._body
+    open("test/virus6.tstout","w").write(fp.getvalue())
+    milter.close()
+
+  def testDefang3(self):
+    milter = TestMilter()
+    milter.connect('testDefang3')
+    # test script removal on complex HTML attachment
+    rc = milter.feedMsg('amazon')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open("test/amazon.tstout","w").write(fp.getvalue())
+    # test defanging Klez virus
+    rc = milter.feedMsg("virus13")
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open("test/virus13.tstout","w").write(fp.getvalue())
+    # test script removal on quoted-printable HTML attachment
+    # sgmllib can't handle the <![if cond]> syntax
+    rc = milter.feedMsg('spam44')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failIf(milter.bodyreplaced,"Message body replaced")
+    fp = milter._body
+    open("test/spam44.tstout","w").write(fp.getvalue())
+    milter.close()
+ 
+  def testRFC822(self):
+    milter = TestMilter()
+    milter.connect('testRFC822')
+    # test encoded rfc822 attachment
+    #pdb.set_trace()
+    rc = milter.feedMsg('test8')
+    self.assertEqual(rc,Milter.ACCEPT)
+    # python2.4 doesn't scan encoded message attachments
+    if sys.hexversion < 0x02040000:
+      self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    #self.failIf(milter.bodyreplaced,"Message body replaced")
+    fp = milter._body
+    open("test/test8.tstout","w").write(fp.getvalue())
+    rc = milter.feedMsg('virus7')
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    #self.failIf(milter.bodyreplaced,"Message body replaced")
+    fp = milter._body
+    open("test/virus7.tstout","w").write(fp.getvalue())
+
+  def testSmartAlias(self):
+    milter = TestMilter()
+    milter.connect('testSmartAlias')
+    # test smart alias feature
+    key = ('foo@example.com','baz@bat.com')
+    bms.smart_alias[key] = ['ham@eggs.com']
+    rc = milter.feedMsg('test8',key[0],key[1])
+    self.assertEqual(rc,Milter.ACCEPT)
+    self.failUnless(milter._delrcpt == ['<baz@bat.com>'])
+    self.failUnless(milter._addrcpt == ['<ham@eggs.com>'])
+    # python2.4 email does not decode message attachments, so script
+    # is not replaced
+    if sys.hexversion < 0x02040000:
+      self.failUnless(milter.bodyreplaced,"Message body not replaced")
+
+  def testBadBoundary(self):
+    milter = TestMilter()
+    milter.connect('testBadBoundary')
+    # test rfc822 attachment with invalid boundaries
+    #pdb.set_trace()
+    rc = milter.feedMsg('bound')
+    if sys.hexversion < 0x02040000:
+      # python2.4 adds invalid boundaries to decects list and makes
+      # payload a str
+      self.assertEqual(rc,Milter.REJECT)
+      self.assertEqual(milter.reply[0],'554')
+    #self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.failIf(milter.bodyreplaced,"Message body replaced")
+    fp = milter._body
+    open("test/bound.tstout","w").write(fp.getvalue())
+
+  def testCompoundFilename(self):
+    milter = TestMilter()
+    milter.connect('testCompoundFilename')
+    # test rfc822 attachment with invalid boundaries
+    #pdb.set_trace()
+    rc = milter.feedMsg('test1')
+    self.assertEqual(rc,Milter.ACCEPT)
+    #self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.failIf(milter.bodyreplaced,"Message body replaced")
+    fp = milter._body
+    open("test/test1.tstout","w").write(fp.getvalue())
+
+  def testFindsrs(self):
+    if not bms.srs:
+      import SRS
+      bms.srs = SRS.new(secret='test')
+    sender = bms.srs.forward('foo@bar.com','mail.example.com')
+    sndr = bms.findsrs(StringIO.StringIO(
+"""Received: from [1.16.33.86] (helo=mail.example.com)
+	by bastion4.mail.zen.co.uk with smtp (Exim 4.50) id 1H3IBC-00013b-O9
+	for foo@bar.com; Sat, 06 Jan 2007 20:30:17 +0000
+X-Mailer: "PyMilter-0.8.5"
+	<%s> foo
+MIME-Version: 1.0
+Content-Type: text/plain
+To: foo@bar.com
+From: postmaster@mail.example.com
+""" % sender
+    ))
+    self.assertEqual(sndr,'foo@bar.com')
+
+#  def testReject(self):
+#    "Test content based spam rejection."
+#    milter = TestMilter()
+#    milter.connect('gogo-china.com')
+#    rc = milter.feedMsg('big5');
+#    self.failUnless(rc == Milter.REJECT)
+#    milter.close();
+
+def suite(): 
+  s = unittest.makeSuite(BMSMilterTestCase,'test')
+  s.addTest(doctest.DocTestSuite(bms))
+  return s
+
+if __name__ == '__main__':
+  if len(sys.argv) > 1:
+    for fname in sys.argv[1:]:
+      milter = TestMilter()
+      milter.connect('main')
+      fp = open(fname,'r')
+      rc = milter.feedFile(fp)
+      fp = milter._body
+      sys.stdout.write(fp.getvalue())
+  else:
+    #unittest.main()
+    unittest.TextTestRunner().run(suite())