# lookup string-expansion
#
-# It is rather difficult to properly test spf. We use libspf2 to do the work, and it
-# does the DNS lookups, so we cannot intercept them in the testsuite's usual fashion
-# to provide values for testcases.
-#
-# For now just check that what should be working syntax does not cause us to fall over.
-# Be careful with envelope-domains used for testcases, as real DNS lookups will be done.
-#
-exim -bd -DSERVER=server -oX PORT_D
+exim -bd -DSERVER=server -oX PORT_D:PORT_S
****
-client HOSTIPV4 PORT_D
+client 127.0.0.1 PORT_D
??? 220
helo testclient
??? 250
??? 250
quit
****
-client 127.0.0.1 PORT_D
+client 127.0.0.1 PORT_S
??? 220
helo testclient
??? 250
****
#
killdaemon
+#
+# SERVFAIL -> temperror
+# A multiple spf-RR return should get permerror
+# - and not crash with non-spf txt records
+# v=spf1 is casr-insensitive
+exim -be
+temperror ${lookup {fred@test.again.dns} spf {HOSTIPV4}}
+permerror ${lookup {fred@double.example.com} spf {8.8.8.8}}
+permerror ${lookup {fred@doubleplus.example.com} spf {8.8.8.8}}
+pass ${lookup {fred@uppercase.example.com} spf {HOSTIPV4}}
+****