+ int priority, weight, port;
+ uschar s[264];
+ uschar *p = (uschar *)(rr->data);
+
+ if (type == T_MXH)
+ {
+ /* mxh ignores the priority number and includes only the hostnames */
+ GETSHORT(priority, p);
+ }
+ else if (type == T_MX)
+ {
+ GETSHORT(priority, p);
+ sprintf(CS s, "%d%c", priority, *outsep2);
+ yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ }
+ else if (type == T_SRV)
+ {
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+ sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2,
+ weight, *outsep2, port, *outsep2);
+ yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ }
+ else if (type == T_CSA)
+ {
+ /* See acl_verify_csa() for more comments about CSA. */
+
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+
+ if (priority != 1) continue; /* CSA version must be 1 */
+
+ /* If the CSA record we found is not the one we asked for, analyse
+ the subdomain assertions in the port field, else analyse the direct
+ authorization status in the weight field. */
+
+ if (found != domain)
+ {
+ if (port & 1) *s = 'X'; /* explicit authorization required */
+ else *s = '?'; /* no subdomain assertions here */
+ }
+ else
+ {
+ if (weight < 2) *s = 'N'; /* not authorized */
+ else if (weight == 2) *s = 'Y'; /* authorized */
+ else if (weight == 3) *s = '?'; /* unauthorizable */
+ else continue; /* invalid */
+ }
+
+ s[1] = ' ';
+ yield = string_cat(yield, &size, &ptr, s, 2);
+ }
+
+ /* GETSHORT() has advanced the pointer to the target domain. */
+
+ rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
+ (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));
+
+ /* If an overlong response was received, the data will have been
+ truncated and dn_expand may fail. */
+
+ if (rc < 0)
+ {
+ log_write(0, LOG_MAIN, "host name alias list truncated: type=%s "
+ "domain=%s", dns_text_type(type), domain);
+ break;
+ }
+ else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));