Merge pull request #11 from bigio/synthetic-mfrom

create a synthetic mfrom when mfrom is empty
fastmail · Jun 17, 2024 · 6d8646c · 6d8646c
2 parents be5e85e + e25d1b7
commit 6d8646c
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 11 deletions.
diff --git a/bin/spfd b/bin/spfd
@@ -261,9 +261,9 @@ and C<temperror>, respectively, in order to comply with RFC 4408 terminology.
 
 =item *
 
-SPF checks with an empty identity are no longer supported.  In the case of an
-empty C<MAIL FROM> SMTP transaction parameter, perform a check with the C<helo>
-scope directly.
+In the case of an empty C<MAIL FROM> SMTP transaction parameter (C<<
+MAIL FROM:<> >>), the identity checked will be postmaster@helo name as specified
+in RFC 7208.
 
 =back
 

diff --git a/bin/spfquery b/bin/spfquery
@@ -626,8 +626,10 @@ if (
     exit(255);
 }
 
-if (defined($identity) and $identity eq '') {
-    STDERR->print("Error: Empty identities are not supported. See spfquery(1).\n");
+if (defined($identity) and $identity eq '' and defined $helo_identity) {
+    $identity = 'postmaster@' . $helo_identity;
+} elsif (defined($identity) and $identity eq '') {
+    STDERR->print("Error: Empty identities are not supported without specifying HELO.\n");
     exit(255);
 }
 

diff --git a/lib/Mail/SPF/Request.pm b/lib/Mail/SPF/Request.pm
@@ -152,7 +152,8 @@ The given identity is the C<MAIL FROM> parameter of an SMTP transaction (RFC
 the formal definition of the C<MAIL FROM> scope.
 
 I<Note>:  In the case of an empty C<MAIL FROM> SMTP transaction parameter (C<<
-MAIL FROM:<> >>), you should perform a check with the C<helo> scope instead.
+MAIL FROM:<> >>), the identity checked will be postmaster@helo name as specified
+in RFC 7208.
 
 =item B<'pra'>
 
@@ -175,9 +176,10 @@ I<Required>.  A string denoting the sender identity whose authorization should
 be checked.  This is a domain name for the C<helo> scope, and an e-mail address
 for the C<mfrom> and C<pra> scopes.
 
-I<Note>:  An empty identity must not be passed.  In the case of an empty C<MAIL
-FROM> SMTP transaction parameter, you should perform a check with the C<helo>
-scope instead.
+I<Note>:  An empty identity should not be passed, in the case of an empty
+C<MAIL FROM> SMTP transaction parameter (C<<MAIL FROM:<> >>),
+the identity checked will be postmaster@helo name as specified
+in RFC 7208.
 
 =item B<ip_address>
 
@@ -256,8 +258,12 @@ sub new {
     # Identity:
     defined($self->{identity})
         or throw Mail::SPF::EOptionRequired("Missing required 'identity' option");
-    length($self->{identity})
-        or throw Mail::SPF::EInvalidOptionValue("'identity' option must not be empty");
+    if(not length($self->{identity}) and (defined $self->{helo_identity})) {
+      # if identity is <>, try with postmaster@helo as specified in RFC 7208 section 2.4
+      $self->{identity} = 'postmaster@' . $self->{helo_identity};
+    } elsif(not length($self->{identity})) {
+      throw Mail::SPF::EInvalidOptionValue("'identity' option must not be empty without specifying HELO");
+    }
 
     # Extract domain and localpart from identity:
     if (