From 18b3d066748baff20608adfa2270c50a40704c88 Mon Sep 17 00:00:00 2001
From: Andrew Lewis <nerf@judo.za.org>
Date: Mon, 26 Sep 2016 11:39:25 +0200
Subject: [PATCH] [Minor] Fix SPF PERMFAIL/DNSFAIL behaviour on failed redirect

---
 src/libserver/spf.c                   | 6 +++++-
 src/libserver/spf.h                   | 2 ++
 src/plugins/spf.c                     | 6 ++++++
 test/functional/cases/115_dmarc.robot | 4 ++--
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index c0ca38e15..41f31bfb0 100644
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -332,6 +332,10 @@ rspamd_spf_process_reference (struct spf_resolved *target,
 			target->temp_failed = TRUE;
 			continue;
 		}
+		if (cur->flags & RSPAMD_SPF_FLAG_PERMFAIL) {
+			target->perm_failed = TRUE;
+			continue;
+		}
 		if (cur->flags & RSPAMD_SPF_FLAG_NA) {
 			target->na = TRUE;
 			continue;
@@ -734,7 +738,7 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
 						task->message_id,
 						cb->rec->sender_domain,
 						cb->resolved->cur_domain);
-				cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;
+				cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL;
 				break;
 			case SPF_RESOLVE_INCLUDE:
 				msg_debug_spf (
diff --git a/src/libserver/spf.h b/src/libserver/spf.h
index 1e2bcfe45..ab2d0bc53 100644
--- a/src/libserver/spf.h
+++ b/src/libserver/spf.h
@@ -39,6 +39,7 @@ typedef enum spf_action_e {
 #define RSPAMD_SPF_FLAG_REDIRECT (1 << 7)
 #define RSPAMD_SPF_FLAG_TEMPFAIL (1 << 8)
 #define RSPAMD_SPF_FLAG_NA (1 << 9)
+#define RSPAMD_SPF_FLAG_PERMFAIL (1 << 10)
 
 struct spf_addr {
 	guchar addr6[sizeof (struct in6_addr)];
@@ -61,6 +62,7 @@ struct spf_resolved {
 	guint ttl;
 	gboolean temp_failed;
 	gboolean na;
+	gboolean perm_failed;
 	GArray *elts; /* Flat list of struct spf_addr */
 	ref_entry_t ref; /* Refcounting */
 };
diff --git a/src/plugins/spf.c b/src/plugins/spf.c
index 33df85262..99d09fd01 100644
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -478,6 +478,12 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task,
 				1,
 				NULL);
 	}
+	else if (record && record->perm_failed) {
+		rspamd_task_insert_result (task,
+				spf_module_ctx->symbol_permfail,
+				1,
+				NULL);
+	}
 	else if (record && record->elts->len == 0) {
 		rspamd_task_insert_result (task,
 				spf_module_ctx->symbol_permfail,
diff --git a/test/functional/cases/115_dmarc.robot b/test/functional/cases/115_dmarc.robot
index 82616c8f9..289572992 100644
--- a/test/functional/cases/115_dmarc.robot
+++ b/test/functional/cases/115_dmarc.robot
@@ -102,10 +102,10 @@ SPF NA NXDOMAIN
   ...  -i  8.8.8.8  -F  x@zzzzaaaa
   Check Rspamc  ${result}  R_SPF_NA
 
-SPF DNSFAIL UNRESOLVEABLE REDIRECT
+SPF PERMFAIL UNRESOLVEABLE REDIRECT
   ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/dmarc/bad_dkim1.eml
   ...  -i  8.8.8.8  -F  x@cacophony.za.org
-  Check Rspamc  ${result}  R_SPF_DNSFAIL
+  Check Rspamc  ${result}  R_SPF_PERMFAIL
 
 SPF PERMFAIL
   ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/dmarc/bad_dkim1.eml
-- 
2.39.5