SPF: shortcircuit SPF RR lookups. Bug 1294

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e1e1e3bf0a564d74d19681322cb801721aa42005..b904aa99cd5188b3bf2b786824b1d1cf70bda3f5 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -77,6 +77,12 @@ JH/17 Logging: when the deliver_time selector ise set, include the DT= field
 JH/18 Authentication: the gsasl driver not provides the $authN variables in time
       for the expansion of the server_scram_iter and server_scram_salt options.
 
+WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library
+      are now specifically given a HOST_NOT_FOUND response without hitting the
+      system resolver.  The library goes on to do the now-standard TXT lookup.
+      Use of dnsdb lookups is not affected.
+      
+
 
 Exim version 4.93
 -----------------

diff --git a/src/src/spf.c b/src/src/spf.c
index 9b053ccf98e0f563444b917532897b2f0c27c70b..fd9831c43470ed84ceda9ec271c38fbff81c0ffb 100644 (file)
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -72,6 +72,18 @@ int dns_rc;
 
 DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain);
 
+/* Shortcircuit SPF RR lookups by returning HOST_NOT_FOUND (shortest code path
+in libspf2).  They were obsoleted by RFC 6686/7208 years ago. see bug #1294
+*/
+
+if (rr_type == T_SPF)
+  {
+  HDEBUG(D_host_lookup) debug_printf("faking HOST_NOT_FOUND for SPF RR(99) lookup\n");
+  srr.herrno = HOST_NOT_FOUND;
+  SPF_dns_rr_dup(&spfrr, &srr);
+  return spfrr;
+  }
+
 switch (dns_rc = dns_lookup(dnsa, US domain, rr_type, NULL))
   {
   case DNS_SUCCEED:    srr.herrno = NETDB_SUCCESS;     break;