[Feature] SPF: Allow to disable AAAA checks in configuration

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)
diff --git a/src/libserver/spf.c b/src/libserver/spf.c

index d362a72938a6a5c1a42afbb4538ab9b4a7682087..b085467db0905f47a49fe5771258394d222bfa8c 100644 (file)
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -66,6 +66,7 @@ struct rspamd_spf_library_ctx {
         guint max_dns_nesting;
         guint max_dns_requests;
         guint min_cache_ttl;
+       gboolean disable_ipv6;
  };
  
  struct rspamd_spf_library_ctx *spf_lib_ctx = NULL;
@@ -144,6 +145,7 @@ RSPAMD_CONSTRUCTOR(rspamd_spf_lib_ctx_ctor) {
         spf_lib_ctx->max_dns_nesting = SPF_MAX_NESTING;
         spf_lib_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS;
         spf_lib_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL;
+       spf_lib_ctx->disable_ipv6 = FALSE;
  }
  
  RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) {
@@ -152,20 +154,40 @@ RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) {
  }
  
  void
-spf_library_config (gint max_dns_nesting, gint max_dns_requests,
-                                                gint min_cache_ttl)
+spf_library_config (const ucl_object_t *obj)
  {
-       if (max_dns_nesting >= 0) {
-               spf_lib_ctx->max_dns_nesting = max_dns_nesting;
+       const ucl_object_t *value;
+       guint64 ival;
+       bool bval;
+
+       if (obj == NULL) {
+               /* No specific config */
+               return;
+       }
+
+       if ((value = ucl_object_find_key (obj, "min_cache_ttl")) != NULL) {
+               if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+                       spf_lib_ctx->min_cache_ttl = ival;
+               }
         }
  
-       if (max_dns_requests >= 0) {
-               spf_lib_ctx->max_dns_requests = max_dns_requests;
+       if ((value = ucl_object_find_key (obj, "max_dns_nesting")) != NULL) {
+               if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+                       spf_lib_ctx->max_dns_nesting = ival;
+               }
         }
  
-       if (min_cache_ttl >= 0) {
-               spf_lib_ctx->min_cache_ttl = min_cache_ttl;
+       if ((value = ucl_object_find_key (obj, "max_dns_requests")) != NULL) {
+               if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+                       spf_lib_ctx->max_dns_requests = ival;
+               }
+       }
+       if ((value = ucl_object_find_key (obj, "disable_ipv6")) != NULL) {
+               if (ucl_object_toboolean_safe (value, &bval)) {
+                       spf_lib_ctx->disable_ipv6 = bval;
+               }
         }
+
  }
  
  static gboolean start_spf_parse (struct spf_record *rec,
@@ -767,11 +789,16 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
                                                         cb->rec->requests_inflight++;
                                                 }
  
-                                               if (rspamd_dns_resolver_request_task_forced (task,
-                                                               spf_record_dns_callback, (void *) cb,
-                                                               RDNS_REQUEST_AAAA,
-                                                               elt_data->content.mx.name)) {
-                                                       cb->rec->requests_inflight++;
+                                               if (!spf_lib_ctx->disable_ipv6) {
+                                                       if (rspamd_dns_resolver_request_task_forced (task,
+                                                                       spf_record_dns_callback, (void *) cb,
+                                                                       RDNS_REQUEST_AAAA,
+                                                                       elt_data->content.mx.name)) {
+                                                               cb->rec->requests_inflight++;
+                                                       }
+                                               }
+                                               else {
+                                                       msg_debug_spf ("skip AAAA request for MX resolution");
                                                 }
                                         }
                                         else {
@@ -792,7 +819,7 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
                                                 /* Validate returned records prior to making A requests */
                                                 if (spf_check_ptr_host (cb,
                                                                 elt_data->content.ptr.name)) {
-                                                       msg_debug_spf ("resolve %s after resolving of PTR",
+                                                       msg_debug_spf ("resolve PTR %s after resolving of PTR",
                                                                         elt_data->content.ptr.name);
                                                         if (rspamd_dns_resolver_request_task_forced (task,
                                                                         spf_record_dns_callback, (void *) cb,
@@ -800,11 +827,17 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
                                                                         elt_data->content.ptr.name)) {
                                                                 cb->rec->requests_inflight++;
                                                         }
-                                                       if (rspamd_dns_resolver_request_task_forced (task,
-                                                                       spf_record_dns_callback, (void *) cb,
-                                                                       RDNS_REQUEST_AAAA,
-                                                                       elt_data->content.ptr.name)) {
-                                                               cb->rec->requests_inflight++;
+
+                                                       if (!spf_lib_ctx->disable_ipv6) {
+                                                               if (rspamd_dns_resolver_request_task_forced (task,
+                                                                               spf_record_dns_callback, (void *) cb,
+                                                                               RDNS_REQUEST_AAAA,
+                                                                               elt_data->content.ptr.name)) {
+                                                                       cb->rec->requests_inflight++;
+                                                               }
+                                                       }
+                                                       else {
+                                                               msg_debug_spf ("skip AAAA request for PTR resolution");
                                                         }
                                                 }
                                                 else {
@@ -1149,11 +1182,15 @@ parse_spf_a (struct spf_record *rec,
                 cb->addr = addr;
                 cb->cur_action = SPF_RESOLVE_AAA;
                 cb->resolved = resolved;
-               msg_debug_spf ("resolve aaa %s", host);
  
-               if (rspamd_dns_resolver_request_task_forced (task,
-                               spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) {
-                       rec->requests_inflight++;
+               if (!spf_lib_ctx->disable_ipv6) {
+                       if (rspamd_dns_resolver_request_task_forced (task,
+                                       spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) {
+                               rec->requests_inflight++;
+                       }
+               }
+               else {
+                       msg_debug_spf ("skip AAAA request for a record resolution");
                 }
  
                 return TRUE;
diff --git a/src/libserver/spf.h b/src/libserver/spf.h

index cd8eaffac75abca31de8b458839a9eff07bd5158..e9ebbbdf9a91d30a6f72836e315404c94cf64de2 100644 (file)
--- a/src/libserver/spf.h
+++ b/src/libserver/spf.h
@@ -117,8 +117,7 @@ gchar *spf_addr_mask_to_string (struct spf_addr *addr);
  struct spf_addr *spf_addr_match_task (struct rspamd_task *task,
                                                                           struct spf_resolved *rec);
  
-void spf_library_config (gint max_dns_nesting, gint max_dns_requests,
-               gint min_cache_ttl);
+void spf_library_config (const ucl_object_t *obj);
  
  #ifdef  __cplusplus
  }
diff --git a/src/plugins/spf.c b/src/plugins/spf.c

index 119d79b693a429512d4541a04fb42067cc6f92b7..cc9dd7dd2435c1985bc77ee30e7ebd70ba5dd731 100644 (file)
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -62,10 +62,6 @@ struct spf_ctx {
  
         gboolean check_local;
         gboolean check_authed;
-
-       guint max_dns_nesting;
-       guint max_dns_requests;
-       guint min_cache_ttl;
  };
  
  static void spf_symbol_callback (struct rspamd_task *task,
@@ -103,9 +99,6 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
         spf_module_ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,
                         sizeof (*spf_module_ctx));
         *ctx = (struct module_ctx *)spf_module_ctx;
-       spf_module_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL;
-       spf_module_ctx->max_dns_nesting = SPF_MAX_NESTING;
-       spf_module_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS;
  
         rspamd_rcl_add_doc_by_path (cfg,
                         NULL,
@@ -226,6 +219,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
                         RSPAMD_CL_FLAG_UINT,
                         NULL,
                         0);
+       rspamd_rcl_add_doc_by_path (cfg,
+                       "spf",
+                       "Disable ipv6 resolving when doing SPF resolution",
+                       "disable_ipv6",
+                       UCL_BOOLEAN,
+                       NULL,
+                       0,
+                       NULL,
+                       0);
  
         return 0;
  }
@@ -327,22 +329,7 @@ spf_module_config (struct rspamd_config *cfg)
                 cache_size = DEFAULT_CACHE_SIZE;
         }
  
-       if ((value =
-                                rspamd_config_get_module_opt (cfg, "spf", "min_cache_ttl")) != NULL) {
-               spf_module_ctx->min_cache_ttl = ucl_obj_toint (value);
-       }
-       if ((value =
-                                 rspamd_config_get_module_opt (cfg, "spf", "max_dns_nesting")) != NULL) {
-               spf_module_ctx->max_dns_nesting = ucl_obj_toint (value);
-       }
-       if ((value =
-                                rspamd_config_get_module_opt (cfg, "spf", "max_dns_requests")) != NULL) {
-               spf_module_ctx->max_dns_requests = ucl_obj_toint (value);
-       }
-
-       spf_library_config (spf_module_ctx->max_dns_nesting,
-                       spf_module_ctx->max_dns_requests,
-                       spf_module_ctx->min_cache_ttl);
+       spf_library_config (ucl_obj_get_key (cfg->rcl_obj, "spf"));
  
         if ((value =
                 rspamd_config_get_module_opt (cfg, "spf", "whitelist")) != NULL) {
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Fri, 25 Oct 2019 15:11:47 +0000 (16:11 +0100)
src/libserver/spf.c		patch \| blob \| history
src/libserver/spf.h		patch \| blob \| history
src/plugins/spf.c		patch \| blob \| history