int spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr) {
spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
if ( spf_server == NULL ) {
debug_printf("spf: SPF_server_new() failed.\n");
return 0;
}
if (SPF_server_set_rec_dom(spf_server, CS primary_hostname)) {
debug_printf("spf: SPF_server_set_rec_dom() failed.\n");
spf_server = NULL;
return 0;
}
spf_request = SPF_request_new(spf_server);
if (SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)) {
debug_printf("spf: SPF_request_set_ipv4_str() failed.\n");
spf_server = NULL;
spf_request = NULL;
return 0;
}
if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain)) {
debug_printf("spf: SPF_set_helo_dom() failed.\n");
spf_server = NULL;
spf_request = NULL;
return 0;
}
return 1;
}
BOOL
spf_init(uschar *spf_helo_domain, uschar *spf_remote_addr)
{
spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
if (!spf_server)
{
DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
return FALSE;
}
if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
{
DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
primary_hostname);
spf_server = NULL;
return FALSE;
}
spf_request = SPF_request_new(spf_server);
if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
&& SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
)
{
DEBUG(D_receive)
debug_printf("spf: SPF_request_set_ipv4_str() and "
"SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
spf_server = NULL;
spf_request = NULL;
return FALSE;
}
if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
{
DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
spf_helo_domain);
spf_server = NULL;
spf_request = NULL;
return FALSE;
}
return TRUE;
}
int main()
{
int spf;
char *me, *remote, *helo, *sender, *spf_env;
const char *header;
SPF_server_t *spf_server;
SPF_request_t *spf_request;
SPF_response_t *spf_response;
/**
* env variables
**/
if (getenv("RELAYCLIENT") || /* known user */
!(spf_env = getenv("SPF"))) return 0; /* plugin disabled */
spf = atoi(spf_env);
if (spf < 1 || spf > 6) {
if (spf > 6)
fprintf(stderr, "spf: ERROR: invalid value (%d) of SPF variable\n", spf);
return 0;
}
remote = getenv("TCPREMOTEIP");
me = getenv("TCPLOCALHOST");
if (!me) me = getenv("TCPLOCALIP");
if (!remote || !me) { /* should never happen */
fprintf(stderr, "spf: ERROR: can't get tcpserver variables\n");
if(!remote) fprintf(stderr, "spf: can't read TCPREMOTEIP\n");
else fprintf(stderr, "spf: can't read TCPLOCALHOST nor TCPLOCALIP\n");
return 0;
}
sender = getenv("SMTPMAILFROM");
if (!sender) { /* should never happen */
fprintf(stderr, "spf: ERROR: can't get envelope sender address\n");
fprintf(stderr, "spf: can't read SMTPMAILFROM\n");
return 0;
}
if (!*sender) return 0; /* null sender mail */
helo = getenv("SMTPHELOHOST");
/**
* SPF
**/
spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
if (!spf_server) {
fprintf(stderr, "spf: ERROR: can't initialize libspf2\n");
return 0;
}
spf_request = SPF_request_new(spf_server);
if (!spf_request) {
fprintf(stderr, "spf: ERROR: can't initialize libspf2\n");
return 0;
}
if (SPF_request_set_ipv4_str(spf_request, remote)) {
fprintf(stderr, "spf: can't parse TCPREMOTEIP\n");
return 0;
}
SPF_server_set_rec_dom(spf_server, me);
if (helo) SPF_request_set_helo_dom(spf_request, helo);
SPF_request_set_env_from(spf_request, sender);
/* Perform actual lookup */
SPF_request_query_mailfrom(spf_request, &spf_response);
/* check whether mail needn`t to be blocked */
switch (SPF_response_result(spf_response)) {
case SPF_RESULT_PASS: break;
case SPF_RESULT_FAIL: if (spf > 0) { block(spf_response); return 0; } break;
case SPF_RESULT_SOFTFAIL: if (spf > 1) { block(spf_response); return 0; } break;
case SPF_RESULT_NEUTRAL: if (spf > 2) { block(spf_response); return 0; } break;
case SPF_RESULT_NONE: if (spf > 3) { block(spf_response); return 0; } break;
case SPF_RESULT_TEMPERROR:
case SPF_RESULT_PERMERROR: if (spf > 4) { block(spf_response); return 0; } break;
#if 0
case SPF_RESULT_UNKNOWN: if (spf > 5) { block(spf_response); return 0; } break;
case SPF_RESULT_UNMECH: break;
#else
// FIXME: UNKNOWN and UNMECH above map how?
// INVALID should not ever occur, it indicates a bug.
case SPF_RESULT_INVALID: if (spf > 5) { block(spf_response); return 0; } break;
#endif
}
/* add header */
header = SPF_response_get_received_spf(spf_response);
if (header)
printf("H%s\n", header);
else {
fprintf(stderr, "spf: libspf2 library failed to produce Received-SPF header\n",
SPF_strerror(SPF_response_errcode(spf_response)));
/* Example taken from libspf2: */
/*
fprintf ( stderr, "spf: diag: result = %s (%d)\n",
SPF_strresult(SPF_response_result(spf_response)),
SPF_response_result(spf_response));
fprintf ( stderr, "spf: diag: err = %s (%d)\n",
SPF_strerror(SPF_response_errcode(spf_response)),
SPF_response_errcode(spf_response));
for (i = 0; i < SPF_response_messages(spf_response); i++) {
SPF_error_t *err = SPF_response_message(spf_response, i);
fprintf ( stderr, "spf: diag: %s_msg = (%d) %s\n",
(SPF_error_errorp(err) ? "warn" : "err"),
SPF_error_code(err),
SPF_error_message(err));
}
*/
}
SPF_response_free(spf_response);
SPF_request_free(spf_request);
SPF_server_free(spf_server);
return 0;
}
int main( int argc, char *argv[] )
{
SPF_client_options_t *opts;
SPF_client_request_t *req = NULL;
SPF_server_t *spf_server = NULL;
SPF_request_t *spf_request = NULL;
SPF_response_t *spf_response = NULL;
SPF_response_t *spf_response_2mx = NULL;
SPF_errcode_t err;
int opt_keep_comments = 0;
#ifdef TO_MX
char *p, *p_end;
#endif
int request_limit=0;
int major, minor, patch;
int res = 0;
int c;
const char *partial_result;
char *result = NULL;
int result_len = 0;
char hostname[255];
char pf_result[100];
struct hostent *fullhostname;
/* Figure out our name */
progname = strrchr(argv[0], '/');
if (progname != NULL)
++progname;
else
progname = argv[0];
/*open syslog*/
openlog(progname, LOG_PID|LOG_CONS|LOG_NDELAY|LOG_NOWAIT, LOG_MAIL);
/* Redefine libSPF2 output routines to go to syslog */
SPF_error_handler = SPF_error_syslog;
SPF_warning_handler = SPF_warning_syslog;
SPF_info_handler = SPF_info_syslog;
SPF_debug_handler = SPF_debug_syslog;
opts = (SPF_client_options_t *)malloc(sizeof(SPF_client_options_t));
memset(opts, 0, sizeof(SPF_client_options_t));
/*
* check the arguments
*/
for (;;) {
int option_index; /* Largely unused */
c = getopt_long_only (argc, argv, "f:i:s:h:r:lt::gemcnd::kz:a:v",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'l':
opts->localpolicy = optarg;
break;
case 't':
if (optarg == NULL)
opts->use_trusted = 1;
else
opts->use_trusted = atoi(optarg);
break;
case 'g':
opts->fallback = optarg;
break;
case 'e':
opts->explanation = optarg;
break;
case 'm':
opts->max_lookup = atoi(optarg);
break;
case 'c': /* "clean" */
opts->sanitize = atoi(optarg);
break;
case 'n': /* name of host doing SPF checking */
opts->rec_dom = optarg;
break;
case 'a':
unimplemented('a');
break;
case 'z':
unimplemented('z');
break;
case 'v':
fprintf( stderr, "policyd-spf-fs version information:\n" );
fprintf( stderr, "policyd-spf-fs version: $Rev: 27 $\n");
fprintf( stderr, "SPF test system version: %s\n",
SPF_TEST_VERSION );
fprintf( stderr, "Compiled with SPF library version: %d.%d.%d\n",
SPF_LIB_VERSION_MAJOR, SPF_LIB_VERSION_MINOR,
SPF_LIB_VERSION_PATCH );
SPF_get_lib_version( &major, &minor, &patch );
fprintf( stderr, "Running with SPF library version: %d.%d.%d\n",
major, minor, patch );
fprintf( stderr, "\n" );
FAIL_ERROR;
break;
case 0:
case '?':
help();
FAIL_ERROR;
break;
case 'k':
opt_keep_comments = 1;
break;
case 'd':
if (optarg == NULL)
opts->debug = 1;
else
opts->debug = atoi( optarg );
break;
default:
fprintf( stderr, "Error: getopt returned character code 0%o ??\n", c);
FAIL_ERROR;
}
}
if (optind != argc) {
help();
FAIL_ERROR;
}
if (!opts->rec_dom) {
gethostname(hostname, 255);
fullhostname = gethostbyname(hostname);
if (opts->debug > 1)
syslog(LOG_DEBUG, "Hostname: %s\n",fullhostname->h_name);
opts->rec_dom = fullhostname->h_name;
}
/*
* set up the SPF configuration
*/
spf_server = SPF_server_new(SPF_DNS_CACHE, opts->debug > 2 ? opts->debug-2 : 0);
if ( opts->rec_dom )
SPF_server_set_rec_dom( spf_server, opts->rec_dom );
if ( opts->sanitize )
SPF_server_set_sanitize( spf_server, opts->sanitize );
if ( opts->max_lookup )
SPF_server_set_max_dns_mech(spf_server, opts->max_lookup);
if (opts->localpolicy) {
err = SPF_server_set_localpolicy( spf_server, opts->localpolicy, opts->use_trusted, &spf_response);
if ( err ) {
response_print_errors("Error setting local policy",
spf_response, err);
WARN_ERROR;
}
FREE_RESPONSE(spf_response);
}
if ( !opts->explanation ) {
opts->explanation = DEFAULT_EXPLANATION;
}
err = SPF_server_set_explanation( spf_server, opts->explanation, &spf_response );
if ( err ) {
response_print_errors("Error setting default explanation",
spf_response, err);
WARN_ERROR;
}
FREE_RESPONSE(spf_response);
/*
* process the SPF request
*/
request_limit=0;
while ( request_limit < REQUEST_LIMIT ) {
request_limit++;
if (request_limit == 0) {
free(req);
}
req = (SPF_client_request_t *)malloc(sizeof(SPF_client_request_t));
memset(req, 0, sizeof(SPF_client_request_t));
if (read_request_from_pf(opts, req)) {
syslog(LOG_WARNING, "IO Closed while reading, exiting");
EXIT_OK;
}
if (opts->debug > 1)
syslog(LOG_DEBUG, "Reincarnation %d\n", request_limit);
/* We have to do this here else we leak on CONTINUE_ERROR */
FREE_REQUEST(spf_request);
FREE_RESPONSE(spf_response);
spf_request = SPF_request_new(spf_server);
if (SPF_request_set_ipv4_str(spf_request, req->ip) && SPF_request_set_ipv6_str(spf_request, req->ip)) {
syslog(LOG_WARNING, "Invalid IP address.\n" );
CONTINUE_ERROR;
}
if (req->helo) {
if (SPF_request_set_helo_dom( spf_request, req->helo ) ) {
syslog(LOG_WARNING, "Invalid HELO domain.\n" );
CONTINUE_ERROR;
}
}
if (strchr(req->sender, '@') > 0) {
if (SPF_request_set_env_from( spf_request, req->sender ) ) {
syslog(LOG_WARNING, "Invalid envelope from address.\n" );
CONTINUE_ERROR;
}
} else { /* This is something we can not check*/
CONTINUE_DUNNO("no valid email address found");
}
err = SPF_request_query_mailfrom(spf_request, &spf_response);
if (opts->debug > 1)
response_print("Main query", spf_response);
if (err) {
if (opts->debug > 1)
response_print_errors("Failed to query MAIL-FROM",
spf_response, err);
CONTINUE_DUNNO("no SPF record found");
}
if (result != NULL)
result[0] = '\0';
APPEND_RESULT(SPF_response_result(spf_response));
#ifdef TO_MX /* This code returns usualy neutral and oferwrites a fail from the above spf code
which is not what we like. So we disable it for the time deing ... */
if (req->rcpt_to != NULL && *req->rcpt_to != '\0' ) {
p = req->rcpt_to;
p_end = p + strcspn(p, ",;");
/* This is some incarnation of 2mx mode. */
while (SPF_response_result(spf_response)!=SPF_RESULT_PASS) {
if (*p_end)
*p_end = '\0';
else
p_end = NULL; /* Note this is last rcpt */
err = SPF_request_query_rcptto(spf_request,
&spf_response_2mx, p);
if (opts->debug > 1)
response_print("2mx query", spf_response_2mx);
if (err) {
response_print_errors("Failed to query RCPT-TO",
spf_response, err);
CONTINUE_ERROR;
}
/* append the result */
APPEND_RESULT(SPF_response_result(spf_response_2mx));
spf_response = SPF_response_combine(spf_response,
spf_response_2mx);
if (!p_end)
break;
p = p_end + 1;
}
}
#endif /* TO_MX */
/* We now have an option to call SPF_request_query_fallback */
if (opts->fallback) {
err = SPF_request_query_fallback(spf_request,
&spf_response, opts->fallback);
if (opts->debug > 1)
response_print("fallback query", spf_response_2mx);
if (err) {
response_print_errors("Failed to query best-guess",
spf_response, err);
CONTINUE_ERROR;
}
/* append the result */
APPEND_RESULT(SPF_response_result(spf_response_2mx));
spf_response = SPF_response_combine(spf_response,
spf_response_2mx);
}
/* printf( "R: %s\nSC: %s\nHC: %s\nRS: %s\n",
result,
X_OR_EMPTY(SPF_response_get_smtp_comment(spf_response)),
X_OR_EMPTY(SPF_response_get_header_comment(spf_response)),
X_OR_EMPTY(SPF_response_get_received_spf(spf_response))
);
*/
pf_response(opts, spf_response, req);
res = SPF_response_result(spf_response);
fflush(stdout);
}
error:
FREE(result, free);
FREE_RESPONSE(spf_response);
FREE_REQUEST(spf_request);
FREE(spf_server, SPF_server_free);
syslog(LOG_INFO, "Terminating with result %d, Reincarnation: %d\n", res, request_limit);
return res;
}
