X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7b3a77e5b3464fa2533bd82f644c9145c1f11f71..cc55f4208e997ee8cdd87bf2a141be0c615488f9:/src/src/spf.c

diff --git a/src/src/spf.c b/src/src/spf.c
index 0d2316e2e..c4c5ef761 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -1,12 +1,12 @@
-/* $Cambridge: exim/src/src/spf.c,v 1.7 2007/05/17 19:55:10 tom Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
 /* Experimental SPF support.
-   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
-   License: GPL */
+   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
+   License: GPL
+   Copyright (c) The Exim Maintainers 2017
+*/
 
 /* Code for calling spf checks via libspf-alt. Called from acl.c. */
 
@@ -15,14 +15,17 @@
 
 /* must be kept in numeric order */
 static spf_result_id spf_result_id_list[] = {
-  { US"invalid", 0},
-  { US"neutral", 1 },
-  { US"pass", 2 },
-  { US"fail", 3 },
-  { US"softfail", 4 },
-  { US"none", 5 },
-  { US"err_temp", 6 },
-  { US"err_perm", 7 }
+  /* name		value */
+  { US"invalid",	0},
+  { US"neutral",	1 },
+  { US"pass",		2 },
+  { US"fail",		3 },
+  { US"softfail",	4 },
+  { US"none",		5 },
+  { US"err_temp",	6 },  /* Deprecated Apr 2014 */
+  { US"err_perm",	7 },  /* Deprecated Apr 2014 */
+  { US"temperror",	6 }, /* RFC 4408 defined */
+  { US"permerror",	7 }  /* RFC 4408 defined */
 };
 
 SPF_server_t    *spf_server = NULL;
@@ -43,23 +46,24 @@ int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) {
     return 0;
   }
 
-  if (SPF_server_set_rec_dom(spf_server, primary_hostname)) {
-    debug_printf("spf: SPF_server_set_rec_dom() failed.\n");
+  if (SPF_server_set_rec_dom(spf_server, CS primary_hostname)) {
+    debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n", primary_hostname);
     spf_server = NULL;
     return 0;
   }
 
   spf_request = SPF_request_new(spf_server);
 
-  if (SPF_request_set_ipv4_str(spf_request, spf_remote_addr)) {
-    debug_printf("spf: SPF_request_set_ipv4_str() failed.\n");
+  if (SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
+      && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)) {
+    debug_printf("spf: SPF_request_set_ipv4_str() and SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
     spf_server = NULL;
     spf_request = NULL;
     return 0;
   }
 
-  if (SPF_request_set_helo_dom(spf_request, spf_helo_domain)) {
-    debug_printf("spf: SPF_set_helo_dom() failed.\n");
+  if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain)) {
+    debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n", spf_helo_domain);
     spf_server = NULL;
     spf_request = NULL;
     return 0;
@@ -73,9 +77,9 @@ int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) {
    context (if any), retrieves the result, sets up expansion
    strings and evaluates the condition outcome. */
 
-int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
+int spf_process(const uschar **listptr, uschar *spf_envelope_sender, int action) {
   int sep = 0;
-  uschar *list = *listptr;
+  const uschar *list = *listptr;
   uschar *spf_result_id;
   uschar spf_result_id_buffer[128];
   int rc = SPF_RESULT_PERMERROR;
@@ -86,26 +90,33 @@ int spf_process(uschar **listptr, uschar *spf_envelope_sender) {
     goto SPF_EVALUATE;
   };
 
-  if (SPF_request_set_env_from(spf_request, spf_envelope_sender)) {
+  if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender)) {
     /* Invalid sender address. This should be a real rare occurence */
     rc = SPF_RESULT_PERMERROR;
     goto SPF_EVALUATE;
   }
 
   /* get SPF result */
-  SPF_request_query_mailfrom(spf_request, &spf_response);
+  if (action == SPF_PROCESS_FALLBACK)
+    SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
+  else
+    SPF_request_query_mailfrom(spf_request, &spf_response);
 
   /* set up expansion items */
-  spf_header_comment     = (uschar *)SPF_response_get_header_comment(spf_response);
-  spf_received           = (uschar *)SPF_response_get_received_spf(spf_response);
-  spf_result             = (uschar *)SPF_strresult(SPF_response_result(spf_response));
-  spf_smtp_comment       = (uschar *)SPF_response_get_smtp_comment(spf_response);
+  spf_header_comment     = US SPF_response_get_header_comment(spf_response);
+  spf_received           = US SPF_response_get_received_spf(spf_response);
+  spf_result             = US SPF_strresult(SPF_response_result(spf_response));
+  spf_smtp_comment       = US SPF_response_get_smtp_comment(spf_response);
 
   rc = SPF_response_result(spf_response);
 
   /* We got a result. Now see if we should return OK or FAIL for it */
   SPF_EVALUATE:
   debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
+
+  if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
+    return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
+
   while ((spf_result_id = string_nextinlist(&list, &sep,
                                      spf_result_id_buffer,
                                      sizeof(spf_result_id_buffer))) != NULL) {