Gitweb:
https://git.exim.org/exim.git/commitdiff/ef546e788203ac3881abe2ddb17f3e24f6524d15
Commit: ef546e788203ac3881abe2ddb17f3e24f6524d15
Parent: 6808e0f19ec9a9544241e26cf1e3179eb86bbd00
Author: Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Fri May 22 17:32:33 2020 +0200
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri May 22 17:34:32 2020 +0200
SPF: Add main config option "spf_smtp_comment_template
---
doc/doc-docbook/spec.xfpt | 41 +++++++++++++++++++++++++++++++++++++++++
doc/doc-txt/ChangeLog | 3 ++-
doc/doc-txt/NewStuff | 7 +++++--
src/src/globals.c | 4 ++++
src/src/globals.h | 4 +++-
src/src/readconf.c | 1 +
src/src/spf.c | 10 +++++++---
7 files changed, 63 insertions(+), 7 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 4147ee2..b1387eb 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -14578,6 +14578,7 @@ listed in more than one group.
.row &%percent_hack_domains%& "recognize %-hack for these domains"
.row &%spamd_address%& "set interface to SpamAssassin"
.row &%strict_acl_vars%& "object to unset ACL variables"
+.row &%spf_smtp_comment_template%& "template for &$spf_smtp_comment$&"
.endtable
@@ -17761,6 +17762,41 @@ See section &<<SECTscanspamass>>& for more details.
This option is available when Exim is compiled with SPF support.
See section &<<SECSPF>>& for more details.
+.new
+.option spf_smtp_comment_template main string&!! "Please%_see%_
http://www.open-spf.org/Why"
+This option is available when Exim is compiled with SPF support. It
+allows the customisation of the SMTP comment that the SPF library
+generates. You are strongly encouraged to link to your own explanative
+site. The following placeholders (along with Exim variables) are allowed
+in the template (this list is compiled from the libspf2 sources):
+.ilist
+&*L*&: Envelope sender's local part.
+.next
+&*S*&: Envelope sender.
+.next
+&*O*&: Envelope sender's domain.
+.next
+&*D*&: Current(?) domain.
+.next
+&*I*&: SMTP client Ip.
+.next
+&*C*&: SMTP client pretty IP.
+.next
+&*T*&: Epoch time (UTC).
+.next
+&*P*&: SMTP client domain name.
+.next
+&*V*&: IP version.
+.next
+&*H*&: EHLO/HELO domain.
+.next
+&*R*&: Receiving domain.
+.endlist
+The capitalized placeholders do proper URL encoding, if you use them
+lowercased, no encoding takes place. A note on using Exim variables: As
+currenty the SPF library is initialized already during the EHLO phase,
+the amount of variables available for expansion is quite limited.
+.wen
.option split_spool_directory main boolean false
@@ -41044,8 +41080,13 @@ variables:
.vitem &$spf_smtp_comment$&
.vindex &$spf_smtp_comment$&
+.vindex &%spf_smtp_comment_template%&
This contains a string that can be used in a SMTP response
to the calling party. Useful for "fail".
+.new
+ The string is generated by the SPF library from the template configured in the main config
+ option &%spf_smtp_comment_template%&.
+.wen
.endlist
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2d7c5e0..585deb0 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -204,7 +204,8 @@ JH/43 Fix possible long line in DSN. Previously when a very long SMTP error
standards on line-length limits. Truncate if needed.
HS/01 Remove parameters of the link to www.open-spf.org. The linked form
- doesn't work.
+ doesn't work. (Additionally add a new main config option to configure the
+ spf_smtp_comment)
Exim version 4.93
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index c29525d..43e170e 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -17,7 +17,7 @@ Version 4.94
3. A msg:defer event.
- 4. Client-side support in the gsasl authenticator. Tested against the
+ 4. Client-side support in the gsasl authenticator. Tested against the
plaintext driver for PLAIN; only against itself for SCRAM-SHA-1 and
SCRAM-SHA-1-PLUS methods.
@@ -71,6 +71,9 @@ Version 4.94
21. bounce_message_file and warn_message_file are now expanded before use.
+22. New main config option spf_smtp_comment_template to customise the
+ $spf_smtp_comment variable
+
Version 4.93
@@ -111,7 +114,7 @@ Version 4.93
15: Support under OpenSSL for writing NSS-style key files for packet-capture
decode. The environment variable SSLKEYLOGFILE is used; if an absolute path
it must indicate a file under the spool directory; if relative the the spool
- directory is prepended. Works on the server side only. Support under
+ directory is prepended. Works on the server side only. Support under
GnuTLS was already there, being done purely by the library (server side
only, and exim must be run as root).
diff --git a/src/src/globals.c b/src/src/globals.c
index ba772c6..fc3086f 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1499,6 +1499,10 @@ uschar *spf_header_comment = NULL;
uschar *spf_received = NULL;
uschar *spf_result = NULL;
uschar *spf_smtp_comment = NULL;
+uschar *spf_smtp_comment_template
+ /* Used to be: "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}" */
+ = US"Please%_see%_http://www.open-spf.org/Why";
+
#endif
FILE *spool_data_file = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 3a8e824..c80c853 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -92,7 +92,7 @@ typedef struct {
uschar *cipher; /* Cipher used */
const uschar *cipher_stdname; /* Cipher used, RFC version */
const uschar *ver; /* TLS version */
-
+
BOOL on_connect; /* For older MTAs that don't STARTTLS */
uschar *on_connect_ports; /* Ports always tls-on-connect */
void *ourcert; /* Certificate we presented, binary */
@@ -982,6 +982,8 @@ extern uschar *spf_received; /* Received-SPF: header */
extern uschar *spf_result; /* spf result in string form */
extern BOOL spf_result_guessed; /* spf result is of best-guess operation */
extern uschar *spf_smtp_comment; /* spf comment to include in SMTP reply */
+extern uschar *spf_smtp_comment_template;
+ /* template to construct the spf comment by libspf2 */
#endif
extern BOOL split_spool_directory; /* TRUE to use multiple subdirs */
extern FILE *spool_data_file; /* handle for -D file */
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 4050601..0d0769c 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -326,6 +326,7 @@ static optionlist optionlist_config[] = {
#endif
#ifdef SUPPORT_SPF
{ "spf_guess", opt_stringptr, {&spf_guess} },
+ { "spf_smtp_comment_template",opt_stringptr, {&spf_smtp_comment_template} },
#endif
{ "split_spool_directory", opt_bool, {&split_spool_directory} },
{ "spool_directory", opt_stringptr, {&spool_directory} },
diff --git a/src/src/spf.c b/src/src/spf.c
index f1a2bed..3e12167 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -218,6 +218,7 @@ spf_init(void)
{
SPF_dns_server_t * dc;
int debug = 0;
+const uschar *s;
DEBUG(D_receive) debug = 1;
@@ -244,9 +245,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug)))
See https://www.mail-archive.com/mailop@mailop.org/msg08019.html
Used to work as "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}",
but is broken now (May 18th, 2020) */
- SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why", &spf_response);
- if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+if (!(s = expand_string(spf_smtp_comment_template)))
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "expansion of spf_smtp_comment_template failed");
+
+SPF_server_set_explanation(spf_server, s, &spf_response);
+if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
return TRUE;
}
