[pmg-devel] [PATCH pmg-api v2] Fix #2224: override reference to openspf.org

Stoiko Ivanov s.ivanov at proxmox.com
Mon Sep 2 17:35:34 CEST 2019

This is a fix for a small cosmetic issue, which keeps coming up on our various
pmgpolicy as user of 'Mail::SPF::Server' logs lines referencing the (now
defunct) url: http://www.openspf.org/Why

By overriding 'default_authority_explanation' [0] the logs now contain a simple
logmessage without any reference to an external url.

All macros used before are used in the new message as well, so the information
content stays the same.

Given that we are (by far) not the only users of this module I additionally
opened an issue upstream [1] (and linked it to the debian bug-report [2]).

Tested by providing a SPF policy not allowing the ip of the sender in my
testsetup and observing the logs.

[0] https://metacpan.org/pod/Mail::SPF::Server
[1] https://rt.cpan.org/Public/Bug/Display.html?id=130413
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930032

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
Changes v1->v2:
* included all macro-expansions used before, as suggested by Fabian's feedback.

My initial patch dropped the macros, because all relevant information is
written within a few lines of context bey postfix anyways (at least my workflow
in that case never relied on the openspf link, but rather on taking the domain
from a line above and using `drill` to find the issue. However keeping the
macros has the upside that all information is preserved, even for users who
aggregate the logs on a per-application basis

 src/bin/pmgpolicy | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index 59d28f7..ebc24ce 100755
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -377,7 +377,8 @@ sub child_init_hook {
 	$self->{dns_resolver} = Net::DNS::Resolver->new(%dnsargs);
 	$self->{spf_server} = Mail::SPF::Server->new(
-	    hostname => $self->{fqdn}, dns_resolver => $self->{dns_resolver});
+	    hostname => $self->{fqdn}, dns_resolver => $self->{dns_resolver},
+	    default_authority_explanation => 'Rejected by SPF: %{C} is not a designated mailserver for %{S} (context %{_scope}, on %{R})');
     if (my $err = $@) {
 	$self->log(0, $err);

More information about the pmg-devel mailing list