+return spf_dns_server;
+}
+
+
+
+
+/* Construct the SPF library stack.
+ Return: Boolean success.
+*/
+
+BOOL
+spf_init(void)
+{
+SPF_dns_server_t * dc;
+int debug = 0;
+const uschar *s;
+
+DEBUG(D_receive) debug = 1;
+
+/* We insert our own DNS access layer rather than letting the spf library
+do it, so that our dns access path is used for debug tracing and for the
+testsuite. */
+
+if (!(dc = SPF_dns_exim_new(debug)))
+ {
+ DEBUG(D_receive) debug_printf("spf: SPF_dns_exim_new() failed\n");
+ return FALSE;
+ }
+if (!(dc = SPF_dns_cache_new(dc, NULL, debug, 8)))
+ {
+ DEBUG(D_receive) debug_printf("spf: SPF_dns_cache_new() failed\n");
+ return FALSE;
+ }
+if (!(spf_server = SPF_server_new_dns(dc, debug)))
+ {
+ DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
+ return FALSE;
+ }
+ /* Override the outdated explanation URL.
+ See https://www.mail-archive.com/mailop@mailop.org/msg08019.html
+ Used to work as "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}",
+ but is broken now (May 18th, 2020) */
+if (!(s = expand_string(spf_smtp_comment_template)))
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "expansion of spf_smtp_comment_template failed");
+
+SPF_server_set_explanation(spf_server, CCS s, &spf_response);
+if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
+return TRUE;
+}
+
+
+/* Set up a context that can be re-used for several
+ messages on the same SMTP connection (that come from the
+ same host with the same HELO string).
+
+Return: Boolean success
+*/
+
+BOOL
+spf_conn_init(uschar * spf_helo_domain, uschar * spf_remote_addr)
+{
+DEBUG(D_receive)
+ debug_printf("spf_conn_init: %s %s\n", spf_helo_domain, spf_remote_addr);
+
+if (!spf_server && !spf_init()) return FALSE;
+
+if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
+ {
+ DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
+ primary_hostname);
+ spf_server = NULL;
+ return FALSE;
+ }
+
+spf_request = SPF_request_new(spf_server);
+
+if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
+ && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
+ )
+ {
+ DEBUG(D_receive)
+ debug_printf("spf: SPF_request_set_ipv4_str() and "
+ "SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
+ spf_server = NULL;
+ spf_request = NULL;
+ return FALSE;
+ }
+
+if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
+ {
+ DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
+ spf_helo_domain);
+ spf_server = NULL;
+ spf_request = NULL;
+ return FALSE;
+ }
+
+return TRUE;
+}
+
+
+void
+spf_response_debug(SPF_response_t * spf_response)
+{
+if (SPF_response_messages(spf_response) == 0)
+ debug_printf(" (no errors)\n");
+else for (int i = 0; i < SPF_response_messages(spf_response); i++)
+ {
+ SPF_error_t * err = SPF_response_message(spf_response, i);
+ debug_printf( "%s_msg = (%d) %s\n",
+ (SPF_error_errorp(err) ? "warn" : "err"),
+ SPF_error_code(err),
+ SPF_error_message(err));
+ }