[exim.git] / src / src / spf.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* SPF support.
   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
   License: GPL
   Copyright (c) The Exim Maintainers 2015 - 2019
*/

/* Code for calling spf checks via libspf-alt. Called from acl.c. */

#include "exim.h"
#ifdef SUPPORT_SPF

/* must be kept in numeric order */
static spf_result_id spf_result_id_list[] = {
  /* name		value */
  { US"invalid",	0},
  { US"neutral",	1 },
  { US"pass",		2 },
  { US"fail",		3 },
  { US"softfail",	4 },
  { US"none",		5 },
  { US"temperror",	6 }, /* RFC 4408 defined */
  { US"permerror",	7 }  /* RFC 4408 defined */
};

SPF_server_t    *spf_server = NULL;
SPF_request_t   *spf_request = NULL;
SPF_response_t  *spf_response = NULL;
SPF_response_t  *spf_response_2mx = NULL;

SPF_dns_rr_t  * spf_nxdomain = NULL;


static SPF_dns_rr_t *
SPF_dns_exim_lookup(SPF_dns_server_t *spf_dns_server,
const char *domain, ns_type rr_type, int should_cache)
{
dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
SPF_dns_rr_t * spfrr;
unsigned found = 0;

SPF_dns_rr_t srr = {
  .domain = CS domain,			/* query information */
  .domain_buf_len = 0,
  .rr_type = rr_type,

  .rr_buf_len = 0,			/* answer information */
  .rr_buf_num = 0, /* no free of s */
  .utc_ttl = 0,

  .hook = NULL,				/* misc information */
  .source = spf_dns_server
};

DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain);

if (dns_lookup(dnsa, US domain, rr_type, NULL) == DNS_NOMATCH)
  {
  SPF_dns_rr_dup(&spfrr, spf_nxdomain);
  return spfrr;
}

for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
  if (rr->type == rr_type) found++;

srr.num_rr = found;
srr.rr = store_malloc(sizeof(SPF_dns_rr_data_t) * found);
srr.herrno = h_errno,

found = 0;
for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
  if (rr->type == rr_type)
    {
    const uschar * s = rr->data;

    srr.ttl = rr->ttl;
    switch(rr_type)
      {
      case T_MX:
	s += 2;			/* skip the MX precedence field */
      case T_PTR:
	{
	uschar * buf = store_malloc(256);
	(void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
	  (DN_EXPAND_ARG4_TYPE)buf, 256);
	s = buf;
	break;
	}

      case T_TXT:
	{
	gstring * g = NULL;
	uschar chunk_len;

	if (strncmpic(rr->data+1, US"v=spf1", 6) != 0)
	  {
	  HDEBUG(D_host_lookup) debug_printf("not an spf record\n");
	  continue;
	  }

	for (int off = 0; off < rr->size; off += chunk_len)
	  {
	  if (!(chunk_len = s[off++])) break;
	  g = string_catn(g, s+off, chunk_len);
	  }
	if (!g)
	  continue;
	gstring_release_unused(g);
	s = string_copy_malloc(string_from_gstring(g));
	break;
	}

      case T_A:
      case T_AAAA:
      default:
	{
	uschar * buf = store_malloc(dnsa->answerlen + 1);
	s = memcpy(buf, s, dnsa->answerlen + 1);
	break;
	}
      }
    DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", s);
    srr.rr[found++] = (void *) s;
    }

/* spfrr->rr must have been malloc()d for this */
SPF_dns_rr_dup(&spfrr, &srr);
return spfrr;
}


SPF_dns_server_t *
SPF_dns_exim_new(int debug)
{
SPF_dns_server_t * spf_dns_server = store_malloc(sizeof(SPF_dns_server_t));

DEBUG(D_receive) debug_printf("SPF_dns_exim_new\n");

memset(spf_dns_server, 0, sizeof(SPF_dns_server_t));
spf_dns_server->destroy      = NULL;
spf_dns_server->lookup       = SPF_dns_exim_lookup;
spf_dns_server->get_spf      = NULL;
spf_dns_server->get_exp      = NULL;
spf_dns_server->add_cache    = NULL;
spf_dns_server->layer_below  = NULL;
spf_dns_server->name         = "exim";
spf_dns_server->debug        = debug;

/* XXX This might have to return NO_DATA sometimes. */

spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
  "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
if (!spf_nxdomain)
  {
  free(spf_dns_server);
  return NULL;
  }

return spf_dns_server;
}


/* Construct the SPF library stack.
   Return: Boolean success.
*/

BOOL
spf_init(void)
{
SPF_dns_server_t * dc;
int debug = 0;

DEBUG(D_receive) debug = 1;

/* We insert our own DNS access layer rather than letting the spf library
do it, so that our dns access path is used for debug tracing and for the
testsuite. */

if (!(dc = SPF_dns_exim_new(debug)))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_dns_exim_new() failed\n");
  return FALSE;
  }
if (!(dc = SPF_dns_cache_new(dc, NULL, debug, 8)))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_dns_cache_new() failed\n");
  return FALSE;
  }
if (!(spf_server = SPF_server_new_dns(dc, debug)))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
  return FALSE;
  }
  /* Quick hack to override the outdated explanation URL.
  See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
  SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
  if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));

return TRUE;
}


/* Set up a context that can be re-used for several
   messages on the same SMTP connection (that come from the
   same host with the same HELO string).

Return: Boolean success
*/

BOOL
spf_conn_init(uschar * spf_helo_domain, uschar * spf_remote_addr)
{
DEBUG(D_receive)
  debug_printf("spf_conn_init: %s %s\n", spf_helo_domain, spf_remote_addr);

if (!spf_server && !spf_init()) return FALSE;

if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
    primary_hostname);
  spf_server = NULL;
  return FALSE;
  }

spf_request = SPF_request_new(spf_server);

if (  SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
   && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
   )
  {
  DEBUG(D_receive)
    debug_printf("spf: SPF_request_set_ipv4_str() and "
      "SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
  spf_server = NULL;
  spf_request = NULL;
  return FALSE;
  }

if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
    spf_helo_domain);
  spf_server = NULL;
  spf_request = NULL;
  return FALSE;
  }

return TRUE;
}


/* spf_process adds the envelope sender address to the existing
   context (if any), retrieves the result, sets up expansion
   strings and evaluates the condition outcome.

Return: OK/FAIL  */

int
spf_process(const uschar **listptr, uschar *spf_envelope_sender, int action)
{
int sep = 0;
const uschar *list = *listptr;
uschar *spf_result_id;
int rc = SPF_RESULT_PERMERROR;

DEBUG(D_receive) debug_printf("spf_process\n");

if (!(spf_server && spf_request))
  /* no global context, assume temp error and skip to evaluation */
  rc = SPF_RESULT_PERMERROR;

else if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender))
  /* Invalid sender address. This should be a real rare occurrence */
  rc = SPF_RESULT_PERMERROR;

else
  {
  /* get SPF result */
  if (action == SPF_PROCESS_FALLBACK)
    {
    SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
    spf_result_guessed = TRUE;
    }
  else
    SPF_request_query_mailfrom(spf_request, &spf_response);

  /* set up expansion items */
  spf_header_comment     = US SPF_response_get_header_comment(spf_response);
  spf_received           = US SPF_response_get_received_spf(spf_response);
  spf_result             = US SPF_strresult(SPF_response_result(spf_response));
  spf_smtp_comment       = US SPF_response_get_smtp_comment(spf_response);

  rc = SPF_response_result(spf_response);
  }

/* We got a result. Now see if we should return OK or FAIL for it */
DEBUG(D_acl) debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);

if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
  return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);

while ((spf_result_id = string_nextinlist(&list, &sep, NULL, 0)))
  {
  BOOL negate, result;

  if ((negate = spf_result_id[0] == '!'))
    spf_result_id++;

  result = Ustrcmp(spf_result_id, spf_result_id_list[rc].name) == 0;
  if (negate != result) return OK;
  }

/* no match */
return FAIL;
}


gstring *
authres_spf(gstring * g)
{
uschar * s;
if (!spf_result) return g;

g = string_append(g, 2, US";\n\tspf=", spf_result);
if (spf_result_guessed)
  g = string_cat(g, US" (best guess record for domain)");

s = expand_string(US"$sender_address_domain");
return s && *s
  ? string_append(g, 2, US" smtp.mailfrom=", s)
  : string_cat(g, US" smtp.mailfrom=<>");
}


#endif
Commit	Line	Data
8523533c TK	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
8e669ac1	4
b8e97684	5	/* SPF support.
5a66c31b	6	Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
80fea873	7	License: GPL
b8e97684	8	Copyright (c) The Exim Maintainers 2015 - 2019
80fea873	9	*/
8e669ac1	10
8523533c TK	11	/* Code for calling spf checks via libspf-alt. Called from acl.c. */
	12
	13	#include "exim.h"
7952eef9	14	#ifdef SUPPORT_SPF
8523533c	15
6d06cf48 TK	16	/* must be kept in numeric order */
6d06cf48 TK	17	static spf_result_id spf_result_id_list[] = {
f2ed27cf JH	18	/* name value */
	19	{ US"invalid", 0},
	20	{ US"neutral", 1 },
	21	{ US"pass", 2 },
	22	{ US"fail", 3 },
	23	{ US"softfail", 4 },
	24	{ US"none", 5 },
f2ed27cf JH	25	{ US"temperror", 6 }, /* RFC 4408 defined */
f2ed27cf JH	26	{ US"permerror", 7 } /* RFC 4408 defined */
6d06cf48 TK	27	};
6d06cf48 TK	28
384152a6 TK	29	SPF_server_t *spf_server = NULL;
	30	SPF_request_t *spf_request = NULL;
	31	SPF_response_t *spf_response = NULL;
	32	SPF_response_t *spf_response_2mx = NULL;
8523533c	33
b8e97684 JH	34	SPF_dns_rr_t * spf_nxdomain = NULL;
	35
	36
	37
	38	static SPF_dns_rr_t *
	39	SPF_dns_exim_lookup(SPF_dns_server_t *spf_dns_server,
	40	const char *domain, ns_type rr_type, int should_cache)
	41	{
8743d3ac	42	dns_answer * dnsa = store_get_dns_answer();
b8e97684 JH	43	dns_scan dnss;
b8e97684 JH	44	SPF_dns_rr_t * spfrr;
4533e306 JH	45	unsigned found = 0;
	46
	47	SPF_dns_rr_t srr = {
	48	.domain = CS domain, /* query information */
	49	.domain_buf_len = 0,
	50	.rr_type = rr_type,
	51
	52	.rr_buf_len = 0, /* answer information */
	53	.rr_buf_num = 0, /* no free of s */
	54	.utc_ttl = 0,
	55
	56	.hook = NULL, /* misc information */
	57	.source = spf_dns_server
	58	};
b8e97684	59
4a3709fb	60	DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain);
b8e97684	61
4533e306 JH	62	if (dns_lookup(dnsa, US domain, rr_type, NULL) == DNS_NOMATCH)
	63	{
	64	SPF_dns_rr_dup(&spfrr, spf_nxdomain);
	65	return spfrr;
	66	}
	67
	68	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
	69	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
	70	if (rr->type == rr_type) found++;
	71
	72	srr.num_rr = found;
	73	srr.rr = store_malloc(sizeof(SPF_dns_rr_data_t) * found);
	74	srr.herrno = h_errno,
	75
	76	found = 0;
	77	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
	78	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
	79	if (rr->type == rr_type)
	80	{
	81	const uschar * s = rr->data;
	82
	83	srr.ttl = rr->ttl;
	84	switch(rr_type)
b8e97684	85	{
4533e306 JH	86	case T_MX:
	87	s += 2; /* skip the MX precedence field */
	88	case T_PTR:
b8e97684	89	{
4533e306 JH	90	uschar * buf = store_malloc(256);
	91	(void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
	92	(DN_EXPAND_ARG4_TYPE)buf, 256);
	93	s = buf;
	94	break;
	95	}
	96
	97	case T_TXT:
	98	{
	99	gstring * g = NULL;
	100	uschar chunk_len;
4a3709fb	101
4533e306	102	if (strncmpic(rr->data+1, US"v=spf1", 6) != 0)
4a3709fb	103	{
4533e306 JH	104	HDEBUG(D_host_lookup) debug_printf("not an spf record\n");
4533e306 JH	105	continue;
4a3709fb WB	106	}
4a3709fb WB	107
4533e306	108	for (int off = 0; off < rr->size; off += chunk_len)
4a3709fb	109	{
4533e306 JH	110	if (!(chunk_len = s[off++])) break;
4533e306 JH	111	g = string_catn(g, s+off, chunk_len);
4a3709fb	112	}
4533e306 JH	113	if (!g)
	114	continue;
	115	gstring_release_unused(g);
	116	s = string_copy_malloc(string_from_gstring(g));
	117	break;
b8e97684	118	}
b8e97684	119
4533e306 JH	120	case T_A:
	121	case T_AAAA:
	122	default:
	123	{
	124	uschar * buf = store_malloc(dnsa->answerlen + 1);
	125	s = memcpy(buf, s, dnsa->answerlen + 1);
	126	break;
	127	}
b8e97684	128	}
4533e306 JH	129	DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", s);
	130	srr.rr[found++] = (void *) s;
	131	}
b8e97684	132
4533e306 JH	133	/* spfrr->rr must have been malloc()d for this */
4533e306 JH	134	SPF_dns_rr_dup(&spfrr, &srr);
b8e97684 JH	135	return spfrr;
	136	}
	137
	138
	139
	140	SPF_dns_server_t *
	141	SPF_dns_exim_new(int debug)
	142	{
4533e306	143	SPF_dns_server_t * spf_dns_server = store_malloc(sizeof(SPF_dns_server_t));
b8e97684 JH	144
	145	DEBUG(D_receive) debug_printf("SPF_dns_exim_new\n");
	146
b8e97684	147	memset(spf_dns_server, 0, sizeof(SPF_dns_server_t));
b8e97684 JH	148	spf_dns_server->destroy = NULL;
	149	spf_dns_server->lookup = SPF_dns_exim_lookup;
	150	spf_dns_server->get_spf = NULL;
	151	spf_dns_server->get_exp = NULL;
	152	spf_dns_server->add_cache = NULL;
	153	spf_dns_server->layer_below = NULL;
	154	spf_dns_server->name = "exim";
	155	spf_dns_server->debug = debug;
	156
	157	/* XXX This might have to return NO_DATA sometimes. */
	158
	159	spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
	160	"", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
	161	if (!spf_nxdomain)
	162	{
	163	free(spf_dns_server);
	164	return NULL;
	165	}
	166
	167	return spf_dns_server;
	168	}
	169
	170
eb52e2cb	171
8e669ac1	172
73ec116f JH	173	/* Construct the SPF library stack.
	174	Return: Boolean success.
	175	*/
8e669ac1	176
eb52e2cb	177	BOOL
73ec116f	178	spf_init(void)
eb52e2cb	179	{
b8e97684	180	SPF_dns_server_t * dc;
73ec116f	181	int debug = 0;
b8e97684	182
73ec116f	183	DEBUG(D_receive) debug = 1;
b8e97684 JH	184
	185	/* We insert our own DNS access layer rather than letting the spf library
	186	do it, so that our dns access path is used for debug tracing and for the
	187	testsuite. */
8e669ac1	188
b8e97684 JH	189	if (!(dc = SPF_dns_exim_new(debug)))
	190	{
	191	DEBUG(D_receive) debug_printf("spf: SPF_dns_exim_new() failed\n");
	192	return FALSE;
	193	}
	194	if (!(dc = SPF_dns_cache_new(dc, NULL, debug, 8)))
	195	{
	196	DEBUG(D_receive) debug_printf("spf: SPF_dns_cache_new() failed\n");
	197	return FALSE;
	198	}
	199	if (!(spf_server = SPF_server_new_dns(dc, debug)))
eb52e2cb JH	200	{
	201	DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
	202	return FALSE;
8523533c	203	}
05e4f4de HSHR	204	/* Quick hack to override the outdated explanation URL.
	205	See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
	206	SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
	207	if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
	208	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
	209
73ec116f JH	210	return TRUE;
	211	}
	212
	213
	214	/* Set up a context that can be re-used for several
	215	messages on the same SMTP connection (that come from the
	216	same host with the same HELO string).
	217
	218	Return: Boolean success
	219	*/
	220
	221	BOOL
	222	spf_conn_init(uschar * spf_helo_domain, uschar * spf_remote_addr)
	223	{
	224	DEBUG(D_receive)
	225	debug_printf("spf_conn_init: %s %s\n", spf_helo_domain, spf_remote_addr);
	226
	227	if (!spf_server && !spf_init()) return FALSE;
8523533c	228
eb52e2cb JH	229	if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
	230	{
	231	DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
	232	primary_hostname);
	233	spf_server = NULL;
	234	return FALSE;
7b3a77e5 TK	235	}
7b3a77e5 TK	236
eb52e2cb JH	237	spf_request = SPF_request_new(spf_server);
	238
	239	if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
	240	&& SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
	241	)
	242	{
	243	DEBUG(D_receive)
	244	debug_printf("spf: SPF_request_set_ipv4_str() and "
	245	"SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
	246	spf_server = NULL;
	247	spf_request = NULL;
	248	return FALSE;
8523533c TK	249	}
8523533c TK	250
eb52e2cb JH	251	if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
	252	{
	253	DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
	254	spf_helo_domain);
	255	spf_server = NULL;
	256	spf_request = NULL;
	257	return FALSE;
8523533c	258	}
8e669ac1	259
eb52e2cb	260	return TRUE;
8523533c TK	261	}
	262
	263
	264	/* spf_process adds the envelope sender address to the existing
	265	context (if any), retrieves the result, sets up expansion
eb52e2cb	266	strings and evaluates the condition outcome.
f9ba5e22	267
eb52e2cb JH	268	Return: OK/FAIL */
	269
	270	int
	271	spf_process(const uschar *listptr, uschar spf_envelope_sender, int action)
	272	{
	273	int sep = 0;
	274	const uschar list = listptr;
	275	uschar *spf_result_id;
	276	int rc = SPF_RESULT_PERMERROR;
	277
b8e97684 JH	278	DEBUG(D_receive) debug_printf("spf_process\n");
b8e97684 JH	279
eb52e2cb JH	280	if (!(spf_server && spf_request))
	281	/* no global context, assume temp error and skip to evaluation */
	282	rc = SPF_RESULT_PERMERROR;
	283
	284	else if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender))
aded2255	285	/* Invalid sender address. This should be a real rare occurrence */
eb52e2cb JH	286	rc = SPF_RESULT_PERMERROR;
	287
	288	else
	289	{
8523533c	290	/* get SPF result */
65a7d8c3	291	if (action == SPF_PROCESS_FALLBACK)
87e9d061	292	{
7156b1ef	293	SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
87e9d061 JH	294	spf_result_guessed = TRUE;
87e9d061 JH	295	}
65a7d8c3 NM	296	else
65a7d8c3 NM	297	SPF_request_query_mailfrom(spf_request, &spf_response);
8523533c TK	298
8523533c TK	299	/* set up expansion items */
5903c6ff JH	300	spf_header_comment = US SPF_response_get_header_comment(spf_response);
	301	spf_received = US SPF_response_get_received_spf(spf_response);
	302	spf_result = US SPF_strresult(SPF_response_result(spf_response));
	303	spf_smtp_comment = US SPF_response_get_smtp_comment(spf_response);
8523533c	304
384152a6	305	rc = SPF_response_result(spf_response);
eb52e2cb JH	306	}
	307
	308	/* We got a result. Now see if we should return OK or FAIL for it */
	309	DEBUG(D_acl) debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
	310
	311	if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
	312	return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
	313
	314	while ((spf_result_id = string_nextinlist(&list, &sep, NULL, 0)))
	315	{
	316	BOOL negate, result;
	317
	318	if ((negate = spf_result_id[0] == '!'))
	319	spf_result_id++;
	320
	321	result = Ustrcmp(spf_result_id, spf_result_id_list[rc].name) == 0;
	322	if (negate != result) return OK;
	323	}
8523533c	324
eb52e2cb JH	325	/* no match */
eb52e2cb JH	326	return FAIL;
8523533c TK	327	}
8523533c TK	328
dfbcb5ac JH	329
	330
	331	gstring *
	332	authres_spf(gstring * g)
	333	{
87e9d061	334	uschar * s;
dfbcb5ac JH	335	if (!spf_result) return g;
dfbcb5ac JH	336
87e9d061 JH	337	g = string_append(g, 2, US";\n\tspf=", spf_result);
	338	if (spf_result_guessed)
	339	g = string_cat(g, US" (best guess record for domain)");
	340
	341	s = expand_string(US"$sender_address_domain");
	342	return s && *s
	343	? string_append(g, 2, US" smtp.mailfrom=", s)
	344	: string_cat(g, US" smtp.mailfrom=<>");
dfbcb5ac JH	345	}
	346
	347
8523533c	348	#endif