[exim-dev] [PATCH] SPF "best-guess"

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Robert Millan
Datum:  
To: exim-dev
Betreff: [exim-dev] [PATCH] SPF "best-guess"

Hi,

This patch implements SPF "best-guess" ACL as described in:

http://www.openspf.org/FAQ/Best_guess_record

--
Robert Millan

My spam trap is honeypot@???. Note: this address is only intended
for spam harvesters. Writing to it will get you added to my black list.
diff -ur exim-4.67.old/src/acl.c exim-4.67/src/acl.c
--- exim-4.67.old/src/acl.c    2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/acl.c    2007-06-25 00:07:36.000000000 +0200
@@ -99,6 +99,7 @@
 #endif
 #ifdef EXPERIMENTAL_SPF
        ACLC_SPF,
+       ACLC_SPF_GUESS,
 #endif
        ACLC_VERIFY };


@@ -159,6 +160,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
US"spf",
+ US"spf_guess",
#endif
US"verify" };

@@ -285,6 +287,7 @@
 #endif
 #ifdef EXPERIMENTAL_SPF
   TRUE,    /* spf */
+  TRUE,    /* spf_guess */
 #endif
   TRUE     /* verify */
 };
@@ -345,6 +348,7 @@
 #endif
 #ifdef EXPERIMENTAL_SPF
   FALSE,   /* spf */
+  FALSE,   /* spf_guess */
 #endif
   FALSE    /* verify */
 };
@@ -523,6 +527,14 @@
     (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
     (1<<ACL_WHERE_NOTSMTP)|
     (1<<ACL_WHERE_NOTSMTP_START),
+
+  (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|      /* spf_guess */
+    (1<<ACL_WHERE_HELO)|
+    (1<<ACL_WHERE_MAILAUTH)|
+    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+    (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+    (1<<ACL_WHERE_NOTSMTP)|
+    (1<<ACL_WHERE_NOTSMTP_START),
   #endif


/* Certain types of verify are always allowed, so we let it through
@@ -3060,7 +3072,10 @@

     #ifdef EXPERIMENTAL_SPF
     case ACLC_SPF:
-      rc = spf_process(&arg, sender_address);
+      rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL);
+    break;
+    case ACLC_SPF_GUESS:
+      rc = spf_process(&arg, sender_address, SPF_PROCESS_GUESS);
     break;
     #endif


diff -ur exim-4.67.old/src/expand.c exim-4.67/src/expand.c
--- exim-4.67.old/src/expand.c    2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/expand.c    2007-06-25 00:07:36.000000000 +0200
@@ -564,6 +564,7 @@
   { "spam_score_int",      vtype_stringptr,   &spam_score_int },
 #endif
 #ifdef EXPERIMENTAL_SPF
+  { "spf_guess",           vtype_stringptr,   &spf_guess },
   { "spf_header_comment",  vtype_stringptr,   &spf_header_comment },
   { "spf_received",        vtype_stringptr,   &spf_received },
   { "spf_result",          vtype_stringptr,   &spf_result },
diff -ur exim-4.67.old/src/globals.c exim-4.67/src/globals.c
--- exim-4.67.old/src/globals.c    2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/globals.c    2007-06-25 00:07:36.000000000 +0200
@@ -1107,6 +1107,7 @@
 uschar *spam_score_int         = NULL;
 #endif
 #ifdef EXPERIMENTAL_SPF
+uschar *spf_guess              = US"v=spf1 a/24 mx/24 ptr ?all";
 uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
diff -ur exim-4.67.old/src/globals.h exim-4.67/src/globals.h
--- exim-4.67.old/src/globals.h    2007-06-24 23:46:08.000000000 +0200
+++ exim-4.67/src/globals.h    2007-06-25 00:07:36.000000000 +0200
@@ -686,6 +686,7 @@
 extern uschar *spam_score_int;         /* spam_score * 10 (int) */
 #endif
 #ifdef EXPERIMENTAL_SPF
+extern uschar *spf_guess;              /* spf best-guess record */
 extern uschar *spf_header_comment;     /* spf header comment */
 extern uschar *spf_received;           /* Received-SPF: header */
 extern uschar *spf_result;             /* spf result in string form */
diff -ur exim-4.67.old/src/spf.c exim-4.67/src/spf.c
--- exim-4.67.old/src/spf.c    2007-04-17 15:06:40.000000000 +0200
+++ exim-4.67/src/spf.c    2007-06-25 00:07:36.000000000 +0200
@@ -67,7 +67,7 @@
    context (if any), retrieves the result, sets up expansion
    strings and evaluates the condition outcome. */


-int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
+int spf_process(uschar **listptr, uschar *spf_envelope_sender, int action) {
int sep = 0;
uschar *list = *listptr;
uschar *spf_result_id;
@@ -87,7 +87,10 @@
}

   /* get SPF result */
-  SPF_request_query_mailfrom(spf_request, &spf_response);
+  if (action == SPF_PROCESS_FALLBACK)
+    SPF_request_query_fallback(spf_request, &spf_response, spf_guess);
+  else
+    SPF_request_query_mailfrom(spf_request, &spf_response);


   /* set up expansion items */
   spf_header_comment     = (uschar *)SPF_response_get_header_comment(spf_response);
@@ -100,6 +103,10 @@
   /* We got a result. Now see if we should return OK or FAIL for it */
   SPF_EVALUATE:
   debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
+
+  if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
+    return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
+
   while ((spf_result_id = string_nextinlist(&list, &sep,
                                      spf_result_id_buffer,
                                      sizeof(spf_result_id_buffer))) != NULL) {
diff -ur exim-4.67.old/src/spf.h exim-4.67/src/spf.h
--- exim-4.67.old/src/spf.h    2007-04-17 15:06:40.000000000 +0200
+++ exim-4.67/src/spf.h    2007-06-25 00:07:36.000000000 +0200
@@ -26,6 +26,10 @@


 /* prototypes */
 int spf_init(uschar *,uschar *);
-int spf_process(uschar **, uschar *);
+int spf_process(uschar **, uschar *, int);
+
+#define SPF_PROCESS_NORMAL    0
+#define SPF_PROCESS_GUESS    1
+#define SPF_PROCESS_FALLBACK    2


#endif