[exim-cvs] SPF: fix the explanation URL

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] SPF: fix the explanation URL
Gitweb: https://git.exim.org/exim.git/commitdiff/05e4f4dea8e993a6ad0f4e6cba092226155bc6e1
Commit:     05e4f4dea8e993a6ad0f4e6cba092226155bc6e1
Parent:     83d18f011e399f82d9583abe20d9c5dc850778c2
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Mon Oct 28 22:39:24 2019 +0100
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Mon Oct 28 22:39:24 2019 +0100


    SPF: fix the explanation URL


    But - I'm not sure if the /Why? API still works as expected. Needs
    further testing
---
 doc/doc-docbook/spec.xfpt | 14 +++++++++-----
 src/src/spf.c             |  6 ++++++
 test/log/4600             |  2 +-
 3 files changed, 16 insertions(+), 6 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7d9281e..bca6689 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -40342,8 +40342,12 @@ for more information of what they mean.

SPF is a mechanism whereby a domain may assert which IP addresses may transmit
messages with its domain in the envelope from, documented by RFC 7208.
-For more information on SPF see &url(http://www.openspf.org).
-. --- 2018-09-07: still not https
+For more information on SPF see &url(http://www.open-spf.org), a static copy of
+the &url(http://openspf.org).
+. --- 2019-10-28: still not https, open-spf.org is told to be a
+. --- web-archive copy of the now dead openspf.org site
+. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a
+. --- discussion.

 Messages sent by a system not authorised will fail checking of such assertions.
 This includes retransmissions done by traditional forwarders.
@@ -40406,7 +40410,7 @@ deny spf = fail
      message = $sender_host_address is not allowed to send mail from \
                ${if def:sender_address_domain \
                     {$sender_address_domain}{$sender_helo_name}}.  \
-               Please see http://www.openspf.org/Why?scope=\
+               Please see http://www.open-spf.org/Why?scope=\
                ${if def:sender_address_domain {mfrom}{helo}};\
                identity=${if def:sender_address_domain \
                              {$sender_address}{$sender_helo_name}};\
@@ -40459,9 +40463,9 @@ In addition to SPF, you can also perform checks for so-called
 "Best-guess".  Strictly speaking, "Best-guess" is not standard
 SPF, but it is supported by the same framework that enables SPF
 capability.
-Refer to &url(http://www.openspf.org/FAQ/Best_guess_record)
+Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record)
 for a description of what it means.
-. --- 2018-09-07: still not https:
+. --- 2019-10-28: still not https:


 To access this feature, simply use the spf_guess condition in place
 of the spf one.  For example:
diff --git a/src/src/spf.c b/src/src/spf.c
index 1aa68f1..1955b5d 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -165,6 +165,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug)))
   DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
   return FALSE;
   }
+  /* Quick hack to override the outdated explanation URL.
+  See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
+  SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
+  if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
 return TRUE;
 }


diff --git a/test/log/4600 b/test/log/4600
index 195cb4b..1e8af65 100644
--- a/test/log/4600
+++ b/test/log/4600
@@ -18,7 +18,7 @@
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n    spf=pass smtp.mailfrom=example.com
 1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
-1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
 1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@???; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n    spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@???> rejected RCPT <fred@???>