X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fspf.c;h=7167f5778c511d1f90c1dd1f3951ee9119b939cf;hb=0ad2e0fcde2f23e3809687095bddb31f9af4896e;hp=6fd7445615ceb95a86087bbcceb1640dc860bfeb;hpb=384152a6b0cce686255894a502e4b88743abd356;p=exim.git

diff --git a/src/src/spf.c b/src/src/spf.c
index 6fd744561..7167f5778 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -1,11 +1,9 @@
-/* $Cambridge: exim/src/src/spf.c,v 1.4 2005/05/24 08:15:02 tom Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
 /* Experimental SPF support.
-   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
+   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
    License: GPL */
 
 /* Code for calling spf checks via libspf-alt. Called from acl.c. */
@@ -13,6 +11,20 @@
 #include "exim.h"
 #ifdef EXPERIMENTAL_SPF
 
+/* must be kept in numeric order */
+static spf_result_id spf_result_id_list[] = {
+  { US"invalid", 0},
+  { US"neutral", 1 },
+  { US"pass", 2 },
+  { US"fail", 3 },
+  { US"softfail", 4 },
+  { US"none", 5 },
+  { US"err_temp", 6 },  /* Deprecated Apr 2014 */
+  { US"err_perm", 7 },  /* Deprecated Apr 2014 */
+  { US"temperror", 6 }, /* RFC 4408 defined */
+  { US"permerror", 7 }  /* RFC 4408 defined */
+};
+
 SPF_server_t    *spf_server = NULL;
 SPF_request_t   *spf_request = NULL;
 SPF_response_t  *spf_response = NULL;
@@ -23,26 +35,32 @@ SPF_response_t  *spf_response_2mx = NULL;
    same host with the same HELO string) */
 
 int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) {
-  uschar *p;
 
-  spf_server = SPF_server_new(SPF_DNS_CACHE, 1);
+  spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
 
   if ( spf_server == NULL ) {
     debug_printf("spf: SPF_server_new() failed.\n");
     return 0;
   }
 
+  if (SPF_server_set_rec_dom(spf_server, CS primary_hostname)) {
+    debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n", primary_hostname);
+    spf_server = NULL;
+    return 0;
+  }
+
   spf_request = SPF_request_new(spf_server);
 
-  if (SPF_request_set_ipv4_str(spf_request, spf_remote_addr)) {
-    debug_printf("spf: SPF_request_set_ipv4_str() failed.\n");
+  if (SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
+      && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)) {
+    debug_printf("spf: SPF_request_set_ipv4_str() and SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
     spf_server = NULL;
     spf_request = NULL;
     return 0;
   }
 
-  if (SPF_request_set_helo_dom(spf_request, spf_helo_domain)) {
-    debug_printf("spf: SPF_set_helo_dom() failed.\n");
+  if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain)) {
+    debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n", spf_helo_domain);
     spf_server = NULL;
     spf_request = NULL;
     return 0;
@@ -56,7 +74,7 @@ int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) {
    context (if any), retrieves the result, sets up expansion
    strings and evaluates the condition outcome. */
 
-int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
+int spf_process(uschar **listptr, uschar *spf_envelope_sender, int action) {
   int sep = 0;
   uschar *list = *listptr;
   uschar *spf_result_id;
@@ -69,14 +87,17 @@ int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
     goto SPF_EVALUATE;
   };
 
-  if (SPF_request_set_env_from(spf_request, spf_envelope_sender)) {
+  if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender)) {
     /* Invalid sender address. This should be a real rare occurence */
     rc = SPF_RESULT_PERMERROR;
     goto SPF_EVALUATE;
   }
 
   /* get SPF result */
-  SPF_request_query_mailfrom(spf_request, &spf_response);
+  if (action == SPF_PROCESS_FALLBACK)
+    SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
+  else
+    SPF_request_query_mailfrom(spf_request, &spf_response);
 
   /* set up expansion items */
   spf_header_comment     = (uschar *)SPF_response_get_header_comment(spf_response);
@@ -89,6 +110,10 @@ int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
   /* We got a result. Now see if we should return OK or FAIL for it */
   SPF_EVALUATE:
   debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
+
+  if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
+    return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
+
   while ((spf_result_id = string_nextinlist(&list, &sep,
                                      spf_result_id_buffer,
                                      sizeof(spf_result_id_buffer))) != NULL) {
@@ -112,4 +137,3 @@ int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
 }
 
 #endif
-