Hi,
This patch implements SPF "best-guess" ACL as described in:
http://www.openspf.org/FAQ/Best_guess_record
--
Robert Millan
My spam trap is honeypot@???. Note: this address is only intended
for spam harvesters. Writing to it will get you added to my black list.
diff -ur exim-4.67.old/src/acl.c exim-4.67/src/acl.c
--- exim-4.67.old/src/acl.c 2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/acl.c 2007-06-25 00:07:36.000000000 +0200
@@ -99,6 +99,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
ACLC_SPF,
+ ACLC_SPF_GUESS,
#endif
ACLC_VERIFY };
@@ -159,6 +160,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
US"spf",
+ US"spf_guess",
#endif
US"verify" };
@@ -285,6 +287,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
TRUE, /* spf */
+ TRUE, /* spf_guess */
#endif
TRUE /* verify */
};
@@ -345,6 +348,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
FALSE, /* spf */
+ FALSE, /* spf_guess */
#endif
FALSE /* verify */
};
@@ -523,6 +527,14 @@
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_NOTSMTP_START),
+
+ (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* spf_guess */
+ (1<<ACL_WHERE_HELO)|
+ (1<<ACL_WHERE_MAILAUTH)|
+ (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START),
#endif
/* Certain types of verify are always allowed, so we let it through
@@ -3060,7 +3072,10 @@
#ifdef EXPERIMENTAL_SPF
case ACLC_SPF:
- rc = spf_process(&arg, sender_address);
+ rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL);
+ break;
+ case ACLC_SPF_GUESS:
+ rc = spf_process(&arg, sender_address, SPF_PROCESS_GUESS);
break;
#endif
diff -ur exim-4.67.old/src/expand.c exim-4.67/src/expand.c
--- exim-4.67.old/src/expand.c 2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/expand.c 2007-06-25 00:07:36.000000000 +0200
@@ -564,6 +564,7 @@
{ "spam_score_int", vtype_stringptr, &spam_score_int },
#endif
#ifdef EXPERIMENTAL_SPF
+ { "spf_guess", vtype_stringptr, &spf_guess },
{ "spf_header_comment", vtype_stringptr, &spf_header_comment },
{ "spf_received", vtype_stringptr, &spf_received },
{ "spf_result", vtype_stringptr, &spf_result },
diff -ur exim-4.67.old/src/globals.c exim-4.67/src/globals.c
--- exim-4.67.old/src/globals.c 2007-04-17 15:06:39.000000000 +0200
+++ exim-4.67/src/globals.c 2007-06-25 00:07:36.000000000 +0200
@@ -1107,6 +1107,7 @@
uschar *spam_score_int = NULL;
#endif
#ifdef EXPERIMENTAL_SPF
+uschar *spf_guess = US"v=spf1 a/24 mx/24 ptr ?all";
uschar *spf_header_comment = NULL;
uschar *spf_received = NULL;
uschar *spf_result = NULL;
diff -ur exim-4.67.old/src/globals.h exim-4.67/src/globals.h
--- exim-4.67.old/src/globals.h 2007-06-24 23:46:08.000000000 +0200
+++ exim-4.67/src/globals.h 2007-06-25 00:07:36.000000000 +0200
@@ -686,6 +686,7 @@
extern uschar *spam_score_int; /* spam_score * 10 (int) */
#endif
#ifdef EXPERIMENTAL_SPF
+extern uschar *spf_guess; /* spf best-guess record */
extern uschar *spf_header_comment; /* spf header comment */
extern uschar *spf_received; /* Received-SPF: header */
extern uschar *spf_result; /* spf result in string form */
diff -ur exim-4.67.old/src/spf.c exim-4.67/src/spf.c
--- exim-4.67.old/src/spf.c 2007-04-17 15:06:40.000000000 +0200
+++ exim-4.67/src/spf.c 2007-06-25 00:07:36.000000000 +0200
@@ -67,7 +67,7 @@
context (if any), retrieves the result, sets up expansion
strings and evaluates the condition outcome. */
-int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
+int spf_process(uschar **listptr, uschar *spf_envelope_sender, int action) {
int sep = 0;
uschar *list = *listptr;
uschar *spf_result_id;
@@ -87,7 +87,10 @@
}
/* get SPF result */
- SPF_request_query_mailfrom(spf_request, &spf_response);
+ if (action == SPF_PROCESS_FALLBACK)
+ SPF_request_query_fallback(spf_request, &spf_response, spf_guess);
+ else
+ SPF_request_query_mailfrom(spf_request, &spf_response);
/* set up expansion items */
spf_header_comment = (uschar *)SPF_response_get_header_comment(spf_response);
@@ -100,6 +103,10 @@
/* We got a result. Now see if we should return OK or FAIL for it */
SPF_EVALUATE:
debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
+
+ if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
+ return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
+
while ((spf_result_id = string_nextinlist(&list, &sep,
spf_result_id_buffer,
sizeof(spf_result_id_buffer))) != NULL) {
diff -ur exim-4.67.old/src/spf.h exim-4.67/src/spf.h
--- exim-4.67.old/src/spf.h 2007-04-17 15:06:40.000000000 +0200
+++ exim-4.67/src/spf.h 2007-06-25 00:07:36.000000000 +0200
@@ -26,6 +26,10 @@
/* prototypes */
int spf_init(uschar *,uschar *);
-int spf_process(uschar **, uschar *);
+int spf_process(uschar **, uschar *, int);
+
+#define SPF_PROCESS_NORMAL 0
+#define SPF_PROCESS_GUESS 1
+#define SPF_PROCESS_FALLBACK 2
#endif
