Re: [exim-dev] [PATCH] Add support for SPF records in dnsdb …

Pàgina inicial
Delete this message
Reply to this message
Autor: Janne Snabb
Data:  
A: Phil Pennock
CC: exim-dev
Assumpte: Re: [exim-dev] [PATCH] Add support for SPF records in dnsdb lookups
On Thu, 17 May 2012, Phil Pennock wrote:

> Seems sane, is going in, though we might want to revisit behaviour
> defaults, as I believe that SPF has very explicit instructions on how to
> join together multiple strings in one RR.


Yes, thank you! How about something like this additional patch?

Multiple strings in the same SPF record should be concatenated without
a separator. Attached patch makes this the default for SPF. (The default
for TXT remains as previously: take the first string and ignore the rest,
which is a bit strange, but should probably stay that way for backwards
compatibility.)

Multiple SPF records is an error, but I did not add any code for
catching it. Maybe it should be handled by whoever is asking for the
SPF record? (By using match to see if there is a newline in the result
and reject it in that case?)

---
 doc/doc-docbook/spec.xfpt |    7 ++++---
 src/src/lookups/dnsdb.c   |    8 ++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b650fc3..2a81042 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6790,10 +6790,11 @@ white space is ignored.
.cindex "TXT record" "in &(dnsdb)& lookup"
.cindex "SPF record" "in &(dnsdb)& lookup"
.new
-For TXT and SPF records with multiple items of data, only the first item is returned,
+For TXT records with multiple items of data, only the first item is returned,
unless a separator for them is specified using a comma after the separator
-character followed immediately by the TXT/SPF record item separator. To concatenate
-items without a separator, use a semicolon instead.
+character followed immediately by the TXT record item separator. To concatenate
+items without a separator, use a semicolon instead. For SPF records the
+default behaviour is to concatenate multiple items without using a separator.
.wen
.code
${lookup dnsdb{>\n,: txt=a.b.example}}
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index 3fd9f98..920f166 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -163,6 +163,14 @@ if (*keystring == '>')
while (isspace(*keystring)) keystring++;
}

+/* SPF strings should be concatenated without a separator, thus make
+ it the default if not defined (see RFC 4408 section 3.1.3).
+ Multiple SPF records are forbidden (section 3.1.2) but are currently
+ not handled specially, thus they are concatenated with \n by default. */
+
+if (type == T_SPF && outsep2 == NULL)
+ outsep2 = US"";
+
/* Check for a defer behaviour keyword. */

if (strncmpic(keystring, US"defer_", 6) == 0)
--
1.7.9.5