From 6808e0f19ec9a9544241e26cf1e3179eb86bbd00 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Mon, 18 May 2020 22:40:24 +0200 Subject: [PATCH] SPF: Remove the parameters of the broken explanation link The complete www.open-spf.org is a static copy of the formerly working openspf.org page. The explanation form doesn't work anymore. --- doc/doc-docbook/spec.xfpt | 7 +++++-- doc/doc-txt/ChangeLog | 3 +++ src/src/spf.c | 10 ++++++---- test/log/4600 | 2 +- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 12c03df64..4147ee205 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -41000,13 +41000,16 @@ deny spf = fail message = $sender_host_address is not allowed to send mail from \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}}. \ - Please see http://www.open-spf.org/Why?scope=\ - ${if def:sender_address_domain {mfrom}{helo}};\ + Please see http://www.open-spf.org/Why;\ identity=${if def:sender_address_domain \ {$sender_address}{$sender_helo_name}};\ ip=$sender_host_address .endd +Note: The above mentioned URL may not be as helpful as expected. You are +encouraged to replace the link with a link to a site with more +explanations. + When the spf condition has run, it sets up several expansion variables: diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1682a78b7..2d7c5e014 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -203,6 +203,9 @@ JH/43 Fix possible long line in DSN. Previously when a very long SMTP error response was received it would be used unchecked in a fail-DSN, violating standards on line-length limits. Truncate if needed. +HS/01 Remove parameters of the link to www.open-spf.org. The linked form + doesn't work. + Exim version 4.93 ----------------- diff --git a/src/src/spf.c b/src/src/spf.c index f120f722c..f1a2bed72 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -91,7 +91,7 @@ switch (dns_rc = dns_lookup(dnsa, US domain, rr_type, NULL)) case DNS_NODATA: srr.herrno = NO_DATA; break; case DNS_FAIL: default: srr.herrno = NO_RECOVERY; break; - } + } for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) @@ -240,9 +240,11 @@ if (!(spf_server = SPF_server_new_dns(dc, debug))) DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n"); return FALSE; } - /* Quick hack to override the outdated explanation URL. - See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */ - SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response); + /* Override the outdated explanation URL. + See https://www.mail-archive.com/mailop@mailop.org/msg08019.html + Used to work as "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", + but is broken now (May 18th, 2020) */ + SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why", &spf_response); if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response))); diff --git a/test/log/4600 b/test/log/4600 index 1e8af6531..de8432e49 100644 --- a/test/log/4600 +++ b/test/log/4600 @@ -18,7 +18,7 @@ 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=example.com 1999-03-02 09:44:33 spf_result neutral (guess ) 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com -1999-03-02 09:44:33 spf_smtp_comment Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism +1999-03-02 09:44:33 spf_smtp_comment Please see http://www.open-spf.org/Why : Reason: mechanism 1999-03-02 09:44:33 spf_received Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient; 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F= rejected RCPT -- 2.30.2