else if (reply->code == RDNS_RC_NXDOMAIN || reply->code == RDNS_RC_NOREC) {
switch (cb->cur_action) {
case SPF_RESOLVE_MX:
- if (rdns_request_has_type (reply->request, RDNS_REQUEST_MX)) {
+ if (!rdns_request_has_type (reply->request, RDNS_REQUEST_MX)
+ && !rdns_request_has_type (reply->request, RDNS_REQUEST_A)
+ && !rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) {
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
msg_debug_spf (
"<%s>: spf error for domain %s: cannot find MX record for %s",
task->message_id,
cb->resolved->cur_domain);
spf_record_addr_set (addr, FALSE);
}
- else {
+ else if (!rdns_request_has_type (reply->request, RDNS_REQUEST_A)
+ && !rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) {
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
msg_debug_spf (
"<%s>: spf error for domain %s: cannot resolve MX record for %s",
task->message_id,
}
break;
case SPF_RESOLVE_A:
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
if (rdns_request_has_type (reply->request, RDNS_REQUEST_A)) {
spf_record_addr_set (addr, FALSE);
}
break;
case SPF_RESOLVE_AAA:
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
if (rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) {
spf_record_addr_set (addr, FALSE);
}
break;
case SPF_RESOLVE_PTR:
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
spf_record_addr_set (addr, FALSE);
break;
case SPF_RESOLVE_REDIRECT:
+ cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
msg_debug_spf (
"<%s>: spf error for domain %s: cannot resolve TXT record for %s",
task->message_id,
cb->rec->sender_domain,
cb->resolved->cur_domain);
- cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
break;
case SPF_RESOLVE_INCLUDE:
msg_debug_spf (
task->message_id,
cb->rec->sender_domain,
cb->resolved->cur_domain);
+ cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
- cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL;
break;
case SPF_RESOLVE_EXP:
break;
break;
}
}
- else if ((cb->cur_action == SPF_RESOLVE_INCLUDE ||
- cb->cur_action == SPF_RESOLVE_REDIRECT) ||
- reply->code == RDNS_RC_TIMEOUT) {
- if ((cb->cur_action == SPF_RESOLVE_INCLUDE || cb->cur_action == SPF_RESOLVE_REDIRECT) &&
- (reply->code == RDNS_RC_NOREC && reply->code == RDNS_RC_NXDOMAIN)) {
- cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
- }
- else {
- cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL;
- }
+ else {
+ cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL;
msg_info_spf (
"<%s>: spf error for domain %s: cannot resolve %s DNS record for"
" %s: %s",
spf_result[0] = '-';
spf_message = "(SPF): spf fail";
if (addr->flags & RSPAMD_SPF_FLAG_ANY) {
- if (rec->temp_failed) {
+ if (rec->perm_failed) {
+ msg_info_task ("do not apply SPF failed policy, as we have "
+ "some addresses unresolved");
+ spf_symbol = spf_module_ctx->symbol_permfail;
+ }
+ else if (rec->temp_failed) {
msg_info_task ("do not apply SPF failed policy, as we have "
"some addresses unresolved");
spf_symbol = spf_module_ctx->symbol_dnsfail;
spf_result[0] = '~';
if (addr->flags & RSPAMD_SPF_FLAG_ANY) {
- if (rec->temp_failed) {
+ if (rec->perm_failed) {
+ msg_info_task ("do not apply SPF failed policy, as we have "
+ "some addresses unresolved");
+ spf_symbol = spf_module_ctx->symbol_permfail;
+ }
+ else if (rec->temp_failed) {
msg_info_task ("do not apply SPF failed policy, as we have "
"some addresses unresolved");
spf_symbol = spf_module_ctx->symbol_dnsfail;
1,
NULL);
}
- else if (record && record->perm_failed) {
+ else if (record && record->elts->len == 0 && record->perm_failed) {
rspamd_task_insert_result (task,
spf_module_ctx->symbol_permfail,
1,
... -i 37.48.67.26
Check Rspamc ${result} R_DKIM_PERMFAIL
-SPF DNSFAIL UNRESOLVEABLE INCLUDE
+SPF PERMFAIL UNRESOLVEABLE INCLUDE
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
- ... -i 37.48.67.26 -F x@openarena.za.net
- Check Rspamc ${result} R_SPF_DNSFAIL
+ ... -i 37.48.67.26 -F x@fail3.org.org.za
+ Check Rspamc ${result} R_SPF_PERMFAIL
SPF DNSFAIL FAILED INCLUDE
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
SPF ALLOW UNRESOLVEABLE INCLUDE
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
- ... -i 8.8.8.8 -F x@openarena.za.net
+ ... -i 8.8.8.8 -F x@fail3.org.org.za
Check Rspamc ${result} R_SPF_ALLOW
SPF ALLOW FAILED INCLUDE
SPF PERMFAIL UNRESOLVEABLE REDIRECT
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
- ... -i 8.8.8.8 -F x@cacophony.za.org
+ ... -i 8.8.8.8 -F x@fail4.org.org.za
Check Rspamc ${result} R_SPF_PERMFAIL
SPF DNSFAIL FAILED REDIRECT
... -i 8.8.8.8 -F x@fail1.org.org.za
Check Rspamc ${result} R_SPF_DNSFAIL
-SPF PERMFAIL
+SPF PERMFAIL NO USEABLE ELEMENTS
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
- ... -i 8.8.8.8 -F x@xzghgh.za.org
+ ... -i 8.8.8.8 -F x@fail5.org.org.za
Check Rspamc ${result} R_SPF_PERMFAIL
SPF FAIL
... -i 8.8.8.8 -F x@example.net
Check Rspamc ${result} R_SPF_FAIL
+SPF PERMFAIL UNRESOLVEABLE MX
+ ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
+ ... -i 1.2.3.4 -F x@fail6.org.org.za
+ Check Rspamc ${result} R_SPF_PERMFAIL
+
+SPF PERMFAIL UNRESOLVEABLE A
+ ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
+ ... -i 1.2.3.4 -F x@fail7.org.org.za
+ Check Rspamc ${result} R_SPF_PERMFAIL
+
+SPF DNSFAIL FAILED A
+ ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
+ ... -i 1.2.3.4 -F x@fail8.org.org.za
+ Check Rspamc ${result} R_SPF_DNSFAIL
+
+SPF DNSFAIL FAILED MX
+ ${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml
+ ... -i 1.2.3.4 -F x@fail9.org.org.za
+ Check Rspamc ${result} R_SPF_DNSFAIL
+
*** Keywords ***
DMARC Setup
${PLUGIN_CONFIG} = Get File ${TESTDIR}/configs/dmarc.conf
projects / rspamd.git / commitdiff