SPF: fix the explanation URL exim-4.93-RC1
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 28 Oct 2019 21:39:24 +0000 (22:39 +0100)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 28 Oct 2019 21:39:24 +0000 (22:39 +0100)
But - I'm not sure if the /Why? API still works as expected. Needs
further testing

doc/doc-docbook/spec.xfpt
src/src/spf.c
test/log/4600

index 7d9281e..bca6689 100644 (file)
@@ -40342,8 +40342,12 @@ for more information of what they mean.
 
 SPF is a mechanism whereby a domain may assert which IP addresses may transmit
 messages with its domain in the envelope from, documented by RFC 7208.
 
 SPF is a mechanism whereby a domain may assert which IP addresses may transmit
 messages with its domain in the envelope from, documented by RFC 7208.
-For more information on SPF see &url(http://www.openspf.org).
-. --- 2018-09-07: still not https
+For more information on SPF see &url(http://www.open-spf.org), a static copy of
+the &url(http://openspf.org).
+. --- 2019-10-28: still not https, open-spf.org is told to be a
+. --- web-archive copy of the now dead openspf.org site
+. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a
+. --- discussion.
 
 Messages sent by a system not authorised will fail checking of such assertions.
 This includes retransmissions done by traditional forwarders.
 
 Messages sent by a system not authorised will fail checking of such assertions.
 This includes retransmissions done by traditional forwarders.
@@ -40406,7 +40410,7 @@ deny spf = fail
      message = $sender_host_address is not allowed to send mail from \
                ${if def:sender_address_domain \
                     {$sender_address_domain}{$sender_helo_name}}.  \
      message = $sender_host_address is not allowed to send mail from \
                ${if def:sender_address_domain \
                     {$sender_address_domain}{$sender_helo_name}}.  \
-               Please see http://www.openspf.org/Why?scope=\
+               Please see http://www.open-spf.org/Why?scope=\
                ${if def:sender_address_domain {mfrom}{helo}};\
                identity=${if def:sender_address_domain \
                              {$sender_address}{$sender_helo_name}};\
                ${if def:sender_address_domain {mfrom}{helo}};\
                identity=${if def:sender_address_domain \
                              {$sender_address}{$sender_helo_name}};\
@@ -40459,9 +40463,9 @@ In addition to SPF, you can also perform checks for so-called
 "Best-guess".  Strictly speaking, "Best-guess" is not standard
 SPF, but it is supported by the same framework that enables SPF
 capability.
 "Best-guess".  Strictly speaking, "Best-guess" is not standard
 SPF, but it is supported by the same framework that enables SPF
 capability.
-Refer to &url(http://www.openspf.org/FAQ/Best_guess_record)
+Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record)
 for a description of what it means.
 for a description of what it means.
-. --- 2018-09-07: still not https:
+. --- 2019-10-28: still not https:
 
 To access this feature, simply use the spf_guess condition in place
 of the spf one.  For example:
 
 To access this feature, simply use the spf_guess condition in place
 of the spf one.  For example:
index 1aa68f1..1955b5d 100644 (file)
@@ -165,6 +165,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug)))
   DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
   return FALSE;
   }
   DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
   return FALSE;
   }
+  /* Quick hack to override the outdated explanation URL.
+  See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
+  SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
+  if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
 return TRUE;
 }
 
 return TRUE;
 }
 
index 195cb4b..1e8af65 100644 (file)
@@ -18,7 +18,7 @@
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=pass smtp.mailfrom=example.com
 1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=pass smtp.mailfrom=example.com
 1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
-1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
 1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>
 1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>