Experimental mode: Handle A: MX: INCLUDE: in SPF

git-svn: trunk@3149
18 years ago · 36f79c6078
parent 30ca616f0b
commit 36f79c6078
2 changed files with 46 additions and 6 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+Sun Jul 15 10:26:49 BST 2007 (njh)
+----------------------------------
+  * clamav-milter:	Experimental mode: Handle A: MX: INCLUDE: in SPF
+
 Sun Jul 15 09:25:07 BST 2007 (njh)
 ----------------------------------
  * clamav-milter:	Experimental mode: Remove simple string search in SPF
--- a/clamav-milter/clamav-milter.c
+++ b/clamav-milter/clamav-milter.c
@ -6131,8 +6131,9 @@ resolve(const char *host, table_t *t)
 * Currently only handles ip4, a and mx fields in the DNS record
 * Having said that, this is NOT a replacement for spf-milter, it is NOT
 *	an SPF system, we ONLY use SPF records to reduce phish false positives
- * TODO: ptr include hostnames
+ * TODO: ptr
 * TODO: IPv6?
+ * TODO: cache queries
 */
 static void
 spf(struct privdata *privdata)
@ -6225,11 +6226,6 @@ spf(struct privdata *privdata)

 			logg("%s(%s): SPF record %s\n",
 				host, privdata->ip, txt);
-			/*
-			 * This is where the beef of the check will go. This
-			 * trivial check is of little real benefit, but it
-			 * won't create false positives.
-			 */
 #ifdef HAVE_INET_NTOP
 			/* IPv4 address ? */
 			if(inet_pton(AF_INET, privdata->ip, &remote_ip) <= 0) {
@ -6290,6 +6286,46 @@ spf(struct privdata *privdata)
 							(void *)privdata);
 						tableDestroy(t);
 					}
+				} else if(strncmp(record, "a:", 2) == 0) {
+					const char *ahost = &record[2];
+
+					if(*ahost && (strcmp(ahost, host) != 0)) {
+						table_t *t = resolve(ahost, NULL);
+
+						if(t) {
+							tableIterate(t, spf_ip,
+								(void *)privdata);
+							tableDestroy(t);
+						}
+					}
+				} else if(strncmp(record, "mx:", 3) == 0) {
+					const char *mxhost = &record[3];
+
+					if(*mxhost && (strcmp(mxhost, host) != 0)) {
+						table_t *t = mx(mxhost, NULL);
+
+						if(t) {
+							tableIterate(t, spf_ip,
+								(void *)privdata);
+							tableDestroy(t);
+						}
+					}
+				} else if(strncmp(record, "include:", 8) == 0) {
+					const char *inchost = &record[8];
+
+					if(*inchost && (strcmp(inchost, host) != 0)) {
+						/*
+						 * FIXME: loops: a.com includes
+						 *	b.com which includes
+						 *	a.com
+						 */
+						const char *real_from = privdata->from;
+						privdata->from = cli_malloc(strlen(inchost) + 3);
+						sprintf(privdata->from, "n@%s", inchost);
+						spf(privdata);
+						free(privdata->from);
+						privdata->from = real_from;
+					}
 				}
 				free(record);
 				if(privdata->spf_ok)