From 0ea0fca404813e6c568b02b1d1d068983d055b5d Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 1 Aug 2020 21:16:19 +0100
Subject: [PATCH] SPF: enhance A-R result

---
 doc/doc-txt/ChangeLog      |  4 ++++
 src/src/spf.c              |  6 +++++-
 test/log/4600              |  7 ++++++-
 test/scripts/4600-SPF/4600 | 15 +++++++++++++--
 test/stdout/4600           | 16 +++++++++++++++-
 5 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 60627364d..59d2ad659 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -92,6 +92,10 @@ JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase().  Previously when the
       rewrite with the "h" flag, by using the "-F" command-line option, or
       by using a "name=" option on a control=submission ACL modifier.
 
+JH/19 SPF: change the Authentication-Results expansion component to give
+      smtp.helo when the sender domain is empty.  Previously it gave
+      "smtp.mailfrom=<>"
+
 
 Exim version 4.94
 -----------------
diff --git a/src/src/spf.c b/src/src/spf.c
index 48f26f315..3a1912a91 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -402,8 +402,12 @@ if (spf_result_guessed)
   g = string_cat(g, US" (best guess record for domain)");
 
 s = expand_string(US"$sender_address_domain");
+if (s && *s)
+  return string_append(g, 2, US" smtp.mailfrom=", s);
+
+s = sender_helo_name;
 return s && *s
-  ? string_append(g, 2, US" smtp.mailfrom=", s)
+  ? string_append(g, 2, US" smtp.helo=", s)
   : string_cat(g, US" smtp.mailfrom=<>");
 }
 
diff --git a/test/log/4600 b/test/log/4600
index de8432e49..065cd544c 100644
--- a/test/log/4600
+++ b/test/log/4600
@@ -1,6 +1,6 @@
 
 ******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S port PORT_N
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S port PORT_D2
 1999-03-02 09:44:33 spf_result         pass
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
 1999-03-02 09:44:33 spf_smtp_comment   
@@ -28,3 +28,8 @@
 1999-03-02 09:44:33 spf_received       
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex
 1999-03-02 09:44:33 H=(testclient) [127.0.0.1] F=<c@example.com> rejected RCPT <fred@test.ex>
+1999-03-02 09:44:33 spf_result         pass
+1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
+1999-03-02 09:44:33 spf_smtp_comment   
+1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=postmaster@example.com; helo=example.com;
+1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=pass smtp.helo=example.com
diff --git a/test/scripts/4600-SPF/4600 b/test/scripts/4600-SPF/4600
index 8490288e1..cb67d19ae 100644
--- a/test/scripts/4600-SPF/4600
+++ b/test/scripts/4600-SPF/4600
@@ -7,7 +7,7 @@
 # so the testsuite intercept to fakedns works.  Be careful of names and addresses
 # used, as nonhandled lookups are passed on to real DNS.
 #
-exim -bd -DSERVER=server -oX PORT_D:PORT_S:PORT_N
+exim -bd -DSERVER=server -oX PORT_D:PORT_S:PORT_D2
 ****
 client 127.0.0.1 PORT_S
 ??? 220
@@ -49,7 +49,7 @@ rcpt to:<fred@test.ex>
 ??? 550
 quit
 ****
-client 127.0.0.1 PORT_N
+client 127.0.0.1 PORT_D2
 ??? 220
 helo testclient
 ??? 250
@@ -60,4 +60,15 @@ rcpt to:<fred@test.ex>
 quit
 ****
 #
+client 127.0.0.1 PORT_S
+??? 220
+helo example.com
+??? 250
+mail from:<>
+??? 250
+rcpt to:<fred@test.ex>
+??? 250
+quit
+****
+#
 killdaemon
diff --git a/test/stdout/4600 b/test/stdout/4600
index 030d1ebd4..a0d3eed8b 100644
--- a/test/stdout/4600
+++ b/test/stdout/4600
@@ -54,7 +54,7 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
 <<< 550 Administrative prohibition
 >>> quit
 End of script
-Connecting to 127.0.0.1 port 1223 ... connected
+Connecting to 127.0.0.1 port 1226 ... connected
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 >>> helo testclient
@@ -68,3 +68,17 @@ Connecting to 127.0.0.1 port 1223 ... connected
 <<< 550 Administrative prohibition
 >>> quit
 End of script
+Connecting to 127.0.0.1 port 1224 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> helo example.com
+??? 250
+<<< 250 myhost.test.ex Hello example.com [127.0.0.1]
+>>> mail from:<>
+??? 250
+<<< 250 OK
+>>> rcpt to:<fred@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+End of script
-- 
2.30.2