nm4 2008/02/12 12:52:51 GMT
Modified files:
exim-doc/doc-txt ChangeLog NewStuff experimental-spec.txt
exim-src/src acl.c expand.c globals.c globals.h
readconf.c spf.c spf.h
Log:
Integrated SPF Best Guess. Fixes: bug #521
Revision Changes Path
1.544 +4 -0 exim/exim-doc/doc-txt/ChangeLog
1.158 +7 -0 exim/exim-doc/doc-txt/NewStuff
1.11 +34 -0 exim/exim-doc/doc-txt/experimental-spec.txt
1.82 +16 -1 exim/exim-src/src/acl.c
1.93 +1 -0 exim/exim-src/src/expand.c
1.81 +1 -0 exim/exim-src/src/globals.c
1.62 +1 -0 exim/exim-src/src/globals.h
1.35 +3 -0 exim/exim-src/src/readconf.c
1.8 +9 -2 exim/exim-src/src/spf.c
1.7 +5 -1 exim/exim-src/src/spf.h
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.543
retrieving revision 1.544
diff -u -r1.543 -r1.544
--- ChangeLog 6 Feb 2008 18:57:46 -0000 1.543
+++ ChangeLog 12 Feb 2008 12:52:51 -0000 1.544
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.543 2008/02/06 18:57:46 fanf2 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.544 2008/02/12 12:52:51 nm4 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -29,6 +29,10 @@
does not use the address's named list lookup cache, since this
contains cached lookups for the whole local part.
+NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
+ Robert Millan. Documentation is in experimental-spec.txt
+
+
Exim version 4.69
-----------------
Index: NewStuff
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- NewStuff 23 Aug 2007 11:01:49 -0000 1.157
+++ NewStuff 12 Feb 2008 12:52:51 -0000 1.158
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.157 2007/08/23 11:01:49 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.158 2008/02/12 12:52:51 nm4 Exp $
New Features in Exim
--------------------
@@ -8,6 +8,13 @@
test from the snapshots or the CVS before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.70
+------------
+
+ 1. Preliminary SPF Best Guess support. Documentation for this is in
+ experimental-spec.txt.
+
+
Version 4.68
------------
Index: experimental-spec.txt
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/experimental-spec.txt,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- experimental-spec.txt 16 Jan 2008 09:36:19 -0000 1.10
+++ experimental-spec.txt 12 Feb 2008 12:52:51 -0000 1.11
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/experimental-spec.txt,v 1.10 2008/01/16 09:36:19 tom Exp $
+$Cambridge: exim/exim-doc/doc-txt/experimental-spec.txt,v 1.11 2008/02/12 12:52:51 nm4 Exp $
From time to time, experimental features may be added to Exim.
While a feature is experimental, there will be a build-time
@@ -799,6 +799,9 @@
draft, this header must be added at the top of the header
list. Please see section 10 on how you can do this.
+ Note: in case of "Best-guess" (see below), the convention is
+ to put this string in a header called X-SPF-Guess: instead.
+
$spf_result
This contains the outcome of the SPF check in string form,
one of pass, fail, softfail, none, neutral, err_perm or
@@ -808,6 +811,37 @@
This contains a string that can be used in a SMTP response
to the calling party. Useful for "fail".
+In addition to SPF, you can also perform checks for so-called
+"Best-guess". Strictly speaking, "Best-guess" is not standard
+SPF, but it is supported by the same framework that enables SPF
+capability. Refer to http://www.openspf.org/FAQ/Best_guess_record
+for a description of what it means.
+
+To access this feature, simply use the spf_guess condition in place
+of the spf one. For example:
+
+/* -----------------
+deny message = $sender_host_address doesn't look trustworthy to me
+ spf_guess = fail
+--------------------- */
+
+In case you decide to reject messages based on this check, you
+should note that although it uses the same framework, "Best-guess"
+is NOT SPF, and therefore you should not mention SPF at all in your
+reject message.
+
+When the spf_guess condition has run, it sets up the same expansion
+variables as when spf condition is run, described above.
+
+Additionally, since Best-guess is not standarized, you may redefine
+what "Best-guess" means to you by redefining spf_guess variable in
+global config. For example, the following:
+
+/* -----------------
+spf_guess = v=spf1 a/16 mx/16 ptr ?all
+--------------------- */
+
+would relax host matching rules to a broader network range.
4. SRS (Sender Rewriting Scheme) Support
Index: acl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/acl.c,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- acl.c 17 Jan 2008 13:03:35 -0000 1.81
+++ acl.c 12 Feb 2008 12:52:51 -0000 1.82
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/acl.c,v 1.81 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/acl.c,v 1.82 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -102,6 +102,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
ACLC_SPF,
+ ACLC_SPF_GUESS,
#endif
ACLC_VERIFY };
@@ -165,6 +166,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
US"spf",
+ US"spf_guess",
#endif
US"verify" };
@@ -300,6 +302,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
TRUE, /* spf */
+ TRUE, /* spf_guess */
#endif
TRUE /* verify */
};
@@ -363,6 +366,7 @@
#endif
#ifdef EXPERIMENTAL_SPF
FALSE, /* spf */
+ FALSE, /* spf_guess */
#endif
FALSE /* verify */
};
@@ -547,6 +551,14 @@
(1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_NOTSMTP_START),
+
+ (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* spf_guess */
+ (1<<ACL_WHERE_HELO)|
+ (1<<ACL_WHERE_MAILAUTH)|
+ (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
+ (1<<ACL_WHERE_STARTTLS)|(1<<ACL_WHERE_VRFY)|
+ (1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START),
#endif
/* Certain types of verify are always allowed, so we let it through
@@ -3134,7 +3146,10 @@
#ifdef EXPERIMENTAL_SPF
case ACLC_SPF:
- rc = spf_process(&arg, sender_address);
+ rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL);
+ break;
+ case ACLC_SPF_GUESS:
+ rc = spf_process(&arg, sender_address, SPF_PROCESS_GUESS);
break;
#endif
Index: expand.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/expand.c,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- expand.c 17 Jan 2008 13:03:35 -0000 1.92
+++ expand.c 12 Feb 2008 12:52:51 -0000 1.93
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/expand.c,v 1.92 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/expand.c,v 1.93 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -575,6 +575,7 @@
{ "spam_score_int", vtype_stringptr, &spam_score_int },
#endif
#ifdef EXPERIMENTAL_SPF
+ { "spf_guess", vtype_stringptr, &spf_guess },
{ "spf_header_comment", vtype_stringptr, &spf_header_comment },
{ "spf_received", vtype_stringptr, &spf_received },
{ "spf_result", vtype_stringptr, &spf_result },
Index: globals.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- globals.c 17 Jan 2008 13:03:35 -0000 1.80
+++ globals.c 12 Feb 2008 12:52:51 -0000 1.81
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.c,v 1.80 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.c,v 1.81 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1136,6 +1136,7 @@
uschar *spam_score_int = NULL;
#endif
#ifdef EXPERIMENTAL_SPF
+uschar *spf_guess = US"v=spf1 a/24 mx/24 ptr ?all";
uschar *spf_header_comment = NULL;
uschar *spf_received = NULL;
uschar *spf_result = NULL;
Index: globals.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.h,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- globals.h 17 Jan 2008 13:03:35 -0000 1.61
+++ globals.h 12 Feb 2008 12:52:51 -0000 1.62
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.h,v 1.61 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.h,v 1.62 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -705,6 +705,7 @@
extern uschar *spam_score_int; /* spam_score * 10 (int) */
#endif
#ifdef EXPERIMENTAL_SPF
+extern uschar *spf_guess; /* spf best-guess record */
extern uschar *spf_header_comment; /* spf header comment */
extern uschar *spf_received; /* Received-SPF: header */
extern uschar *spf_result; /* spf result in string form */
Index: readconf.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/readconf.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- readconf.c 17 Jan 2008 13:03:35 -0000 1.34
+++ readconf.c 12 Feb 2008 12:52:51 -0000 1.35
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/readconf.c,v 1.34 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/readconf.c,v 1.35 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -357,6 +357,9 @@
#ifdef WITH_CONTENT_SCAN
{ "spamd_address", opt_stringptr, &spamd_address },
#endif
+#ifdef EXPERIMENTAL_SPF
+ { "spf_guess", opt_stringptr, &spf_guess },
+#endif
{ "split_spool_directory", opt_bool, &split_spool_directory },
{ "spool_directory", opt_stringptr, &spool_directory },
#ifdef LOOKUP_SQLITE
Index: spf.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/spf.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- spf.c 17 May 2007 19:55:10 -0000 1.7
+++ spf.c 12 Feb 2008 12:52:51 -0000 1.8
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/spf.c,v 1.7 2007/05/17 19:55:10 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/spf.c,v 1.8 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -73,7 +73,7 @@
context (if any), retrieves the result, sets up expansion
strings and evaluates the condition outcome. */
-int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
+int spf_process(uschar **listptr, uschar *spf_envelope_sender, int action) {
int sep = 0;
uschar *list = *listptr;
uschar *spf_result_id;
@@ -93,7 +93,10 @@
}
/* get SPF result */
- SPF_request_query_mailfrom(spf_request, &spf_response);
+ if (action == SPF_PROCESS_FALLBACK)
+ SPF_request_query_fallback(spf_request, &spf_response, spf_guess);
+ else
+ SPF_request_query_mailfrom(spf_request, &spf_response);
/* set up expansion items */
spf_header_comment = (uschar *)SPF_response_get_header_comment(spf_response);
@@ -106,6 +109,10 @@
/* We got a result. Now see if we should return OK or FAIL for it */
SPF_EVALUATE:
debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
+
+ if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
+ return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
+
while ((spf_result_id = string_nextinlist(&list, &sep,
spf_result_id_buffer,
sizeof(spf_result_id_buffer))) != NULL) {
Index: spf.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/spf.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- spf.h 27 Jun 2005 15:28:45 -0000 1.6
+++ spf.h 12 Feb 2008 12:52:51 -0000 1.7
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/spf.h,v 1.6 2005/06/27 15:28:45 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/spf.h,v 1.7 2008/02/12 12:52:51 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -26,6 +26,10 @@
/* prototypes */
int spf_init(uschar *,uschar *);
-int spf_process(uschar **, uschar *);
+int spf_process(uschar **, uschar *, int);
+
+#define SPF_PROCESS_NORMAL 0
+#define SPF_PROCESS_GUESS 1
+#define SPF_PROCESS_FALLBACK 2
#endif
