From 79e5ebf9e9bb833ce004be65c04b2f8eea91c337 Mon Sep 17 00:00:00 2001 From: Wolfgang Breyha Date: Thu, 2 Jan 2020 13:27:25 +0000 Subject: [PATCH] SPF: shortcircuit SPF RR lookups. Bug 1294 --- doc/doc-txt/ChangeLog | 6 ++++++ src/src/spf.c | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e1e1e3bf0..b904aa99c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -77,6 +77,12 @@ JH/17 Logging: when the deliver_time selector ise set, include the DT= field JH/18 Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. +WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library + are now specifically given a HOST_NOT_FOUND response without hitting the + system resolver. The library goes on to do the now-standard TXT lookup. + Use of dnsdb lookups is not affected. + + Exim version 4.93 ----------------- diff --git a/src/src/spf.c b/src/src/spf.c index 9b053ccf9..fd9831c43 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -72,6 +72,18 @@ int dns_rc; DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain); +/* Shortcircuit SPF RR lookups by returning HOST_NOT_FOUND (shortest code path +in libspf2). They were obsoleted by RFC 6686/7208 years ago. see bug #1294 +*/ + +if (rr_type == T_SPF) + { + HDEBUG(D_host_lookup) debug_printf("faking HOST_NOT_FOUND for SPF RR(99) lookup\n"); + srr.herrno = HOST_NOT_FOUND; + SPF_dns_rr_dup(&spfrr, &srr); + return spfrr; + } + switch (dns_rc = dns_lookup(dnsa, US domain, rr_type, NULL)) { case DNS_SUCCEED: srr.herrno = NETDB_SUCCESS; break; -- 2.30.2