[hcoop/debian/exim4.git] / src / spf.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Experimental SPF support.
   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
   License: GPL
   Copyright (c) The Exim Maintainers 2015 - 2018
*/

/* Code for calling spf checks via libspf-alt. Called from acl.c. */

#include "exim.h"
#ifdef SUPPORT_SPF

/* must be kept in numeric order */
static spf_result_id spf_result_id_list[] = {
  /* name		value */
  { US"invalid",	0},
  { US"neutral",	1 },
  { US"pass",		2 },
  { US"fail",		3 },
  { US"softfail",	4 },
  { US"none",		5 },
  { US"temperror",	6 }, /* RFC 4408 defined */
  { US"permerror",	7 }  /* RFC 4408 defined */
};

SPF_server_t    *spf_server = NULL;
SPF_request_t   *spf_request = NULL;
SPF_response_t  *spf_response = NULL;
SPF_response_t  *spf_response_2mx = NULL;


/* spf_init sets up a context that can be re-used for several
   messages on the same SMTP connection (that come from the
   same host with the same HELO string)

Return: Boolean success */

BOOL
spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr)
{
spf_server = SPF_server_new(SPF_DNS_CACHE, 0);

if (!spf_server)
  {
  DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
  return FALSE;
  }

if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
    primary_hostname);
  spf_server = NULL;
  return FALSE;
  }

spf_request = SPF_request_new(spf_server);

if (  SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
   && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
   )
  {
  DEBUG(D_receive)
    debug_printf("spf: SPF_request_set_ipv4_str() and "
      "SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
  spf_server = NULL;
  spf_request = NULL;
  return FALSE;
  }

if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
  {
  DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
    spf_helo_domain);
  spf_server = NULL;
  spf_request = NULL;
  return FALSE;
  }

return TRUE;
}


/* spf_process adds the envelope sender address to the existing
   context (if any), retrieves the result, sets up expansion
   strings and evaluates the condition outcome.

Return: OK/FAIL  */

int
spf_process(const uschar **listptr, uschar *spf_envelope_sender, int action)
{
int sep = 0;
const uschar *list = *listptr;
uschar *spf_result_id;
int rc = SPF_RESULT_PERMERROR;

if (!(spf_server && spf_request))
  /* no global context, assume temp error and skip to evaluation */
  rc = SPF_RESULT_PERMERROR;

else if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender))
  /* Invalid sender address. This should be a real rare occurrence */
  rc = SPF_RESULT_PERMERROR;

else
  {
  /* get SPF result */
  if (action == SPF_PROCESS_FALLBACK)
    {
    SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
    spf_result_guessed = TRUE;
    }
  else
    SPF_request_query_mailfrom(spf_request, &spf_response);

  /* set up expansion items */
  spf_header_comment     = US SPF_response_get_header_comment(spf_response);
  spf_received           = US SPF_response_get_received_spf(spf_response);
  spf_result             = US SPF_strresult(SPF_response_result(spf_response));
  spf_smtp_comment       = US SPF_response_get_smtp_comment(spf_response);

  rc = SPF_response_result(spf_response);
  }

/* We got a result. Now see if we should return OK or FAIL for it */
DEBUG(D_acl) debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);

if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
  return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);

while ((spf_result_id = string_nextinlist(&list, &sep, NULL, 0)))
  {
  BOOL negate, result;

  if ((negate = spf_result_id[0] == '!'))
    spf_result_id++;

  result = Ustrcmp(spf_result_id, spf_result_id_list[rc].name) == 0;
  if (negate != result) return OK;
  }

/* no match */
return FAIL;
}


gstring *
authres_spf(gstring * g)
{
uschar * s;
if (!spf_result) return g;

g = string_append(g, 2, US";\n\tspf=", spf_result);
if (spf_result_guessed)
  g = string_cat(g, US" (best guess record for domain)");

s = expand_string(US"$sender_address_domain");
return s && *s
  ? string_append(g, 2, US" smtp.mailfrom=", s)
  : string_cat(g, US" smtp.mailfrom=<>");
}


#endif
Commit	Line	Data
420a0d19 CE	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
	5	/* Experimental SPF support.
	6	Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
2ea97746 CE	7	License: GPL
	8	Copyright (c) The Exim Maintainers 2015 - 2018
	9	*/
420a0d19 CE	10
	11	/* Code for calling spf checks via libspf-alt. Called from acl.c. */
	12
	13	#include "exim.h"
2ea97746	14	#ifdef SUPPORT_SPF
420a0d19 CE	15
	16	/* must be kept in numeric order */
	17	static spf_result_id spf_result_id_list[] = {
2ea97746 CE	18	/* name value */
	19	{ US"invalid", 0},
	20	{ US"neutral", 1 },
	21	{ US"pass", 2 },
	22	{ US"fail", 3 },
	23	{ US"softfail", 4 },
	24	{ US"none", 5 },
	25	{ US"temperror", 6 }, /* RFC 4408 defined */
	26	{ US"permerror", 7 } /* RFC 4408 defined */
420a0d19 CE	27	};
	28
	29	SPF_server_t *spf_server = NULL;
	30	SPF_request_t *spf_request = NULL;
	31	SPF_response_t *spf_response = NULL;
	32	SPF_response_t *spf_response_2mx = NULL;
	33
2ea97746	34
420a0d19 CE	35	/* spf_init sets up a context that can be re-used for several
420a0d19 CE	36	messages on the same SMTP connection (that come from the
2ea97746	37	same host with the same HELO string)
420a0d19	38
2ea97746	39	Return: Boolean success */
420a0d19	40
2ea97746 CE	41	BOOL
	42	spf_init(uschar spf_helo_domain, uschar spf_remote_addr)
	43	{
	44	spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
420a0d19	45
2ea97746 CE	46	if (!spf_server)
	47	{
	48	DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
	49	return FALSE;
420a0d19 CE	50	}
420a0d19 CE	51
2ea97746 CE	52	if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
	53	{
	54	DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
	55	primary_hostname);
	56	spf_server = NULL;
	57	return FALSE;
420a0d19 CE	58	}
420a0d19 CE	59
2ea97746 CE	60	spf_request = SPF_request_new(spf_server);
	61
	62	if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
	63	&& SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
	64	)
	65	{
	66	DEBUG(D_receive)
	67	debug_printf("spf: SPF_request_set_ipv4_str() and "
	68	"SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
	69	spf_server = NULL;
	70	spf_request = NULL;
	71	return FALSE;
420a0d19 CE	72	}
420a0d19 CE	73
2ea97746 CE	74	if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
	75	{
	76	DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
	77	spf_helo_domain);
	78	spf_server = NULL;
	79	spf_request = NULL;
	80	return FALSE;
420a0d19 CE	81	}
420a0d19 CE	82
2ea97746	83	return TRUE;
420a0d19 CE	84	}
	85
	86
	87	/* spf_process adds the envelope sender address to the existing
	88	context (if any), retrieves the result, sets up expansion
2ea97746 CE	89	strings and evaluates the condition outcome.
	90
	91	Return: OK/FAIL */
	92
	93	int
	94	spf_process(const uschar *listptr, uschar spf_envelope_sender, int action)
	95	{
	96	int sep = 0;
	97	const uschar list = listptr;
	98	uschar *spf_result_id;
	99	int rc = SPF_RESULT_PERMERROR;
	100
	101	if (!(spf_server && spf_request))
	102	/* no global context, assume temp error and skip to evaluation */
	103	rc = SPF_RESULT_PERMERROR;
420a0d19	104
2ea97746 CE	105	else if (SPF_request_set_env_from(spf_request, CS spf_envelope_sender))
	106	/* Invalid sender address. This should be a real rare occurrence */
	107	rc = SPF_RESULT_PERMERROR;
	108
	109	else
	110	{
420a0d19 CE	111	/* get SPF result */
420a0d19 CE	112	if (action == SPF_PROCESS_FALLBACK)
2ea97746	113	{
420a0d19	114	SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
2ea97746 CE	115	spf_result_guessed = TRUE;
2ea97746 CE	116	}
420a0d19 CE	117	else
	118	SPF_request_query_mailfrom(spf_request, &spf_response);
	119
	120	/* set up expansion items */
2ea97746 CE	121	spf_header_comment = US SPF_response_get_header_comment(spf_response);
	122	spf_received = US SPF_response_get_received_spf(spf_response);
	123	spf_result = US SPF_strresult(SPF_response_result(spf_response));
	124	spf_smtp_comment = US SPF_response_get_smtp_comment(spf_response);
420a0d19 CE	125
420a0d19 CE	126	rc = SPF_response_result(spf_response);
2ea97746 CE	127	}
	128
	129	/* We got a result. Now see if we should return OK or FAIL for it */
	130	DEBUG(D_acl) debug_printf("SPF result is %s (%d)\n", SPF_strresult(rc), rc);
	131
	132	if (action == SPF_PROCESS_GUESS && (!strcmp (SPF_strresult(rc), "none")))
	133	return spf_process(listptr, spf_envelope_sender, SPF_PROCESS_FALLBACK);
	134
	135	while ((spf_result_id = string_nextinlist(&list, &sep, NULL, 0)))
	136	{
	137	BOOL negate, result;
420a0d19	138
2ea97746 CE	139	if ((negate = spf_result_id[0] == '!'))
	140	spf_result_id++;
	141
	142	result = Ustrcmp(spf_result_id, spf_result_id_list[rc].name) == 0;
	143	if (negate != result) return OK;
	144	}
	145
	146	/* no match */
	147	return FAIL;
	148	}
	149
	150
	151
	152	gstring *
	153	authres_spf(gstring * g)
	154	{
	155	uschar * s;
	156	if (!spf_result) return g;
	157
	158	g = string_append(g, 2, US";\n\tspf=", spf_result);
	159	if (spf_result_guessed)
	160	g = string_cat(g, US" (best guess record for domain)");
	161
	162	s = expand_string(US"$sender_address_domain");
	163	return s && *s
	164	? string_append(g, 2, US" smtp.mailfrom=", s)
	165	: string_cat(g, US" smtp.mailfrom=<>");
420a0d19 CE	166	}
420a0d19 CE	167
2ea97746	168
420a0d19	169	#endif