SPF: fix the explanation URL
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 28 Oct 2019 21:39:24 +0000 (22:39 +0100)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 28 Oct 2019 21:39:24 +0000 (22:39 +0100)
But - I'm not sure if the /Why? API still works as expected. Needs
further testing

doc/doc-docbook/spec.xfpt
src/src/spf.c
test/log/4600

index 7d9281e4013f6f8de65edaca0d473d55540022ec..bca6689b69e9be18ce516344723c7eec285c2133 100644 (file)
@@ -40342,8 +40342,12 @@ for more information of what they mean.
 
 SPF is a mechanism whereby a domain may assert which IP addresses may transmit
 messages with its domain in the envelope from, documented by RFC 7208.
 
 SPF is a mechanism whereby a domain may assert which IP addresses may transmit
 messages with its domain in the envelope from, documented by RFC 7208.
-For more information on SPF see &url(http://www.openspf.org).
-. --- 2018-09-07: still not https
+For more information on SPF see &url(http://www.open-spf.org), a static copy of
+the &url(http://openspf.org).
+. --- 2019-10-28: still not https, open-spf.org is told to be a
+. --- web-archive copy of the now dead openspf.org site
+. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a
+. --- discussion.
 
 Messages sent by a system not authorised will fail checking of such assertions.
 This includes retransmissions done by traditional forwarders.
 
 Messages sent by a system not authorised will fail checking of such assertions.
 This includes retransmissions done by traditional forwarders.
@@ -40406,7 +40410,7 @@ deny spf = fail
      message = $sender_host_address is not allowed to send mail from \
                ${if def:sender_address_domain \
                     {$sender_address_domain}{$sender_helo_name}}.  \
      message = $sender_host_address is not allowed to send mail from \
                ${if def:sender_address_domain \
                     {$sender_address_domain}{$sender_helo_name}}.  \
-               Please see http://www.openspf.org/Why?scope=\
+               Please see http://www.open-spf.org/Why?scope=\
                ${if def:sender_address_domain {mfrom}{helo}};\
                identity=${if def:sender_address_domain \
                              {$sender_address}{$sender_helo_name}};\
                ${if def:sender_address_domain {mfrom}{helo}};\
                identity=${if def:sender_address_domain \
                              {$sender_address}{$sender_helo_name}};\
@@ -40459,9 +40463,9 @@ In addition to SPF, you can also perform checks for so-called
 "Best-guess".  Strictly speaking, "Best-guess" is not standard
 SPF, but it is supported by the same framework that enables SPF
 capability.
 "Best-guess".  Strictly speaking, "Best-guess" is not standard
 SPF, but it is supported by the same framework that enables SPF
 capability.
-Refer to &url(http://www.openspf.org/FAQ/Best_guess_record)
+Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record)
 for a description of what it means.
 for a description of what it means.
-. --- 2018-09-07: still not https:
+. --- 2019-10-28: still not https:
 
 To access this feature, simply use the spf_guess condition in place
 of the spf one.  For example:
 
 To access this feature, simply use the spf_guess condition in place
 of the spf one.  For example:
index 1aa68f18115f94aa451aee187446e0d3f12d681f..1955b5d968cf7646142a0b7c665cf38f8c70dc82 100644 (file)
@@ -165,6 +165,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug)))
   DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
   return FALSE;
   }
   DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
   return FALSE;
   }
+  /* Quick hack to override the outdated explanation URL.
+  See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
+  SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
+  if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
 return TRUE;
 }
 
 return TRUE;
 }
 
index 195cb4b7b87cad77ce1995f4c2fe102d1501208a..1e8af6531879b5fc5f60665d5fd09dc9a5af7ef1 100644 (file)
@@ -18,7 +18,7 @@
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=pass smtp.mailfrom=example.com
 1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=pass smtp.mailfrom=example.com
 1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
-1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
 1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>
 1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n  spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>