From: Heiko Schlittermann (HS12-RIPE) Date: Fri, 22 May 2020 15:32:33 +0000 (+0200) Subject: SPF: Add main config option "spf_smtp_comment_template X-Git-Tag: exim-4.94-RC2^0 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/ef546e788203ac3881abe2ddb17f3e24f6524d15 SPF: Add main config option "spf_smtp_comment_template --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4147ee205..b1387eb49 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -14578,6 +14578,7 @@ listed in more than one group. .row &%percent_hack_domains%& "recognize %-hack for these domains" .row &%spamd_address%& "set interface to SpamAssassin" .row &%strict_acl_vars%& "object to unset ACL variables" +.row &%spf_smtp_comment_template%& "template for &$spf_smtp_comment$&" .endtable @@ -17761,6 +17762,41 @@ See section &<>& for more details. This option is available when Exim is compiled with SPF support. See section &<>& for more details. +.new +.option spf_smtp_comment_template main string&!! "Please%_see%_http://www.open-spf.org/Why" +This option is available when Exim is compiled with SPF support. It +allows the customisation of the SMTP comment that the SPF library +generates. You are strongly encouraged to link to your own explanative +site. The following placeholders (along with Exim variables) are allowed +in the template (this list is compiled from the libspf2 sources): +.ilist +&*L*&: Envelope sender's local part. +.next +&*S*&: Envelope sender. +.next +&*O*&: Envelope sender's domain. +.next +&*D*&: Current(?) domain. +.next +&*I*&: SMTP client Ip. +.next +&*C*&: SMTP client pretty IP. +.next +&*T*&: Epoch time (UTC). +.next +&*P*&: SMTP client domain name. +.next +&*V*&: IP version. +.next +&*H*&: EHLO/HELO domain. +.next +&*R*&: Receiving domain. +.endlist +The capitalized placeholders do proper URL encoding, if you use them +lowercased, no encoding takes place. A note on using Exim variables: As +currenty the SPF library is initialized already during the EHLO phase, +the amount of variables available for expansion is quite limited. +.wen .option split_spool_directory main boolean false @@ -41044,8 +41080,13 @@ variables: .vitem &$spf_smtp_comment$& .vindex &$spf_smtp_comment$& +.vindex &%spf_smtp_comment_template%& This contains a string that can be used in a SMTP response to the calling party. Useful for "fail". +.new + The string is generated by the SPF library from the template configured in the main config + option &%spf_smtp_comment_template%&. +.wen .endlist diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2d7c5e014..585deb042 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -204,7 +204,8 @@ JH/43 Fix possible long line in DSN. Previously when a very long SMTP error standards on line-length limits. Truncate if needed. HS/01 Remove parameters of the link to www.open-spf.org. The linked form - doesn't work. + doesn't work. (Additionally add a new main config option to configure the + spf_smtp_comment) Exim version 4.93 diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index c29525d50..43e170e11 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -17,7 +17,7 @@ Version 4.94 3. A msg:defer event. - 4. Client-side support in the gsasl authenticator. Tested against the + 4. Client-side support in the gsasl authenticator. Tested against the plaintext driver for PLAIN; only against itself for SCRAM-SHA-1 and SCRAM-SHA-1-PLUS methods. @@ -71,6 +71,9 @@ Version 4.94 21. bounce_message_file and warn_message_file are now expanded before use. +22. New main config option spf_smtp_comment_template to customise the + $spf_smtp_comment variable + Version 4.93 @@ -111,7 +114,7 @@ Version 4.93 15: Support under OpenSSL for writing NSS-style key files for packet-capture decode. The environment variable SSLKEYLOGFILE is used; if an absolute path it must indicate a file under the spool directory; if relative the the spool - directory is prepended. Works on the server side only. Support under + directory is prepended. Works on the server side only. Support under GnuTLS was already there, being done purely by the library (server side only, and exim must be run as root). diff --git a/src/src/globals.c b/src/src/globals.c index ba772c631..fc3086f72 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1499,6 +1499,10 @@ uschar *spf_header_comment = NULL; uschar *spf_received = NULL; uschar *spf_result = NULL; uschar *spf_smtp_comment = NULL; +uschar *spf_smtp_comment_template + /* Used to be: "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}" */ + = US"Please%_see%_http://www.open-spf.org/Why"; + #endif FILE *spool_data_file = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 3a8e824cf..c80c8532f 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -92,7 +92,7 @@ typedef struct { uschar *cipher; /* Cipher used */ const uschar *cipher_stdname; /* Cipher used, RFC version */ const uschar *ver; /* TLS version */ - + BOOL on_connect; /* For older MTAs that don't STARTTLS */ uschar *on_connect_ports; /* Ports always tls-on-connect */ void *ourcert; /* Certificate we presented, binary */ @@ -982,6 +982,8 @@ extern uschar *spf_received; /* Received-SPF: header */ extern uschar *spf_result; /* spf result in string form */ extern BOOL spf_result_guessed; /* spf result is of best-guess operation */ extern uschar *spf_smtp_comment; /* spf comment to include in SMTP reply */ +extern uschar *spf_smtp_comment_template; + /* template to construct the spf comment by libspf2 */ #endif extern BOOL split_spool_directory; /* TRUE to use multiple subdirs */ extern FILE *spool_data_file; /* handle for -D file */ diff --git a/src/src/readconf.c b/src/src/readconf.c index 40506010c..0d0769c88 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -326,6 +326,7 @@ static optionlist optionlist_config[] = { #endif #ifdef SUPPORT_SPF { "spf_guess", opt_stringptr, {&spf_guess} }, + { "spf_smtp_comment_template",opt_stringptr, {&spf_smtp_comment_template} }, #endif { "split_spool_directory", opt_bool, {&split_spool_directory} }, { "spool_directory", opt_stringptr, {&spool_directory} }, diff --git a/src/src/spf.c b/src/src/spf.c index f1a2bed72..3e121678c 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -218,6 +218,7 @@ spf_init(void) { SPF_dns_server_t * dc; int debug = 0; +const uschar *s; DEBUG(D_receive) debug = 1; @@ -244,9 +245,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug))) See https://www.mail-archive.com/mailop@mailop.org/msg08019.html Used to work as "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", but is broken now (May 18th, 2020) */ - SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why", &spf_response); - if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response))); +if (!(s = expand_string(spf_smtp_comment_template))) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "expansion of spf_smtp_comment_template failed"); + +SPF_server_set_explanation(spf_server, s, &spf_response); +if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response))); return TRUE; }