From 7404f80d47ce4af8513611ffa29f742bf3934705 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 25 Oct 2019 16:11:47 +0100 Subject: [PATCH] [Feature] SPF: Allow to disable AAAA checks in configuration --- src/libserver/spf.c | 83 ++++++++++++++++++++++++++++++++------------- src/libserver/spf.h | 3 +- src/plugins/spf.c | 33 ++++++------------ 3 files changed, 71 insertions(+), 48 deletions(-) diff --git a/src/libserver/spf.c b/src/libserver/spf.c index d362a7293..b085467db 100644 --- a/src/libserver/spf.c +++ b/src/libserver/spf.c @@ -66,6 +66,7 @@ struct rspamd_spf_library_ctx { guint max_dns_nesting; guint max_dns_requests; guint min_cache_ttl; + gboolean disable_ipv6; }; struct rspamd_spf_library_ctx *spf_lib_ctx = NULL; @@ -144,6 +145,7 @@ RSPAMD_CONSTRUCTOR(rspamd_spf_lib_ctx_ctor) { spf_lib_ctx->max_dns_nesting = SPF_MAX_NESTING; spf_lib_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS; spf_lib_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL; + spf_lib_ctx->disable_ipv6 = FALSE; } RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) { @@ -152,20 +154,40 @@ RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) { } void -spf_library_config (gint max_dns_nesting, gint max_dns_requests, - gint min_cache_ttl) +spf_library_config (const ucl_object_t *obj) { - if (max_dns_nesting >= 0) { - spf_lib_ctx->max_dns_nesting = max_dns_nesting; + const ucl_object_t *value; + guint64 ival; + bool bval; + + if (obj == NULL) { + /* No specific config */ + return; + } + + if ((value = ucl_object_find_key (obj, "min_cache_ttl")) != NULL) { + if (ucl_object_toint_safe (value, &ival) && ival >= 0) { + spf_lib_ctx->min_cache_ttl = ival; + } } - if (max_dns_requests >= 0) { - spf_lib_ctx->max_dns_requests = max_dns_requests; + if ((value = ucl_object_find_key (obj, "max_dns_nesting")) != NULL) { + if (ucl_object_toint_safe (value, &ival) && ival >= 0) { + spf_lib_ctx->max_dns_nesting = ival; + } } - if (min_cache_ttl >= 0) { - spf_lib_ctx->min_cache_ttl = min_cache_ttl; + if ((value = ucl_object_find_key (obj, "max_dns_requests")) != NULL) { + if (ucl_object_toint_safe (value, &ival) && ival >= 0) { + spf_lib_ctx->max_dns_requests = ival; + } + } + if ((value = ucl_object_find_key (obj, "disable_ipv6")) != NULL) { + if (ucl_object_toboolean_safe (value, &bval)) { + spf_lib_ctx->disable_ipv6 = bval; + } } + } static gboolean start_spf_parse (struct spf_record *rec, @@ -767,11 +789,16 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) cb->rec->requests_inflight++; } - if (rspamd_dns_resolver_request_task_forced (task, - spf_record_dns_callback, (void *) cb, - RDNS_REQUEST_AAAA, - elt_data->content.mx.name)) { - cb->rec->requests_inflight++; + if (!spf_lib_ctx->disable_ipv6) { + if (rspamd_dns_resolver_request_task_forced (task, + spf_record_dns_callback, (void *) cb, + RDNS_REQUEST_AAAA, + elt_data->content.mx.name)) { + cb->rec->requests_inflight++; + } + } + else { + msg_debug_spf ("skip AAAA request for MX resolution"); } } else { @@ -792,7 +819,7 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) /* Validate returned records prior to making A requests */ if (spf_check_ptr_host (cb, elt_data->content.ptr.name)) { - msg_debug_spf ("resolve %s after resolving of PTR", + msg_debug_spf ("resolve PTR %s after resolving of PTR", elt_data->content.ptr.name); if (rspamd_dns_resolver_request_task_forced (task, spf_record_dns_callback, (void *) cb, @@ -800,11 +827,17 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) elt_data->content.ptr.name)) { cb->rec->requests_inflight++; } - if (rspamd_dns_resolver_request_task_forced (task, - spf_record_dns_callback, (void *) cb, - RDNS_REQUEST_AAAA, - elt_data->content.ptr.name)) { - cb->rec->requests_inflight++; + + if (!spf_lib_ctx->disable_ipv6) { + if (rspamd_dns_resolver_request_task_forced (task, + spf_record_dns_callback, (void *) cb, + RDNS_REQUEST_AAAA, + elt_data->content.ptr.name)) { + cb->rec->requests_inflight++; + } + } + else { + msg_debug_spf ("skip AAAA request for PTR resolution"); } } else { @@ -1149,11 +1182,15 @@ parse_spf_a (struct spf_record *rec, cb->addr = addr; cb->cur_action = SPF_RESOLVE_AAA; cb->resolved = resolved; - msg_debug_spf ("resolve aaa %s", host); - if (rspamd_dns_resolver_request_task_forced (task, - spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) { - rec->requests_inflight++; + if (!spf_lib_ctx->disable_ipv6) { + if (rspamd_dns_resolver_request_task_forced (task, + spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) { + rec->requests_inflight++; + } + } + else { + msg_debug_spf ("skip AAAA request for a record resolution"); } return TRUE; diff --git a/src/libserver/spf.h b/src/libserver/spf.h index cd8eaffac..e9ebbbdf9 100644 --- a/src/libserver/spf.h +++ b/src/libserver/spf.h @@ -117,8 +117,7 @@ gchar *spf_addr_mask_to_string (struct spf_addr *addr); struct spf_addr *spf_addr_match_task (struct rspamd_task *task, struct spf_resolved *rec); -void spf_library_config (gint max_dns_nesting, gint max_dns_requests, - gint min_cache_ttl); +void spf_library_config (const ucl_object_t *obj); #ifdef __cplusplus } diff --git a/src/plugins/spf.c b/src/plugins/spf.c index 119d79b69..cc9dd7dd2 100644 --- a/src/plugins/spf.c +++ b/src/plugins/spf.c @@ -62,10 +62,6 @@ struct spf_ctx { gboolean check_local; gboolean check_authed; - - guint max_dns_nesting; - guint max_dns_requests; - guint min_cache_ttl; }; static void spf_symbol_callback (struct rspamd_task *task, @@ -103,9 +99,6 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) spf_module_ctx = rspamd_mempool_alloc0 (cfg->cfg_pool, sizeof (*spf_module_ctx)); *ctx = (struct module_ctx *)spf_module_ctx; - spf_module_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL; - spf_module_ctx->max_dns_nesting = SPF_MAX_NESTING; - spf_module_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS; rspamd_rcl_add_doc_by_path (cfg, NULL, @@ -226,6 +219,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) RSPAMD_CL_FLAG_UINT, NULL, 0); + rspamd_rcl_add_doc_by_path (cfg, + "spf", + "Disable ipv6 resolving when doing SPF resolution", + "disable_ipv6", + UCL_BOOLEAN, + NULL, + 0, + NULL, + 0); return 0; } @@ -327,22 +329,7 @@ spf_module_config (struct rspamd_config *cfg) cache_size = DEFAULT_CACHE_SIZE; } - if ((value = - rspamd_config_get_module_opt (cfg, "spf", "min_cache_ttl")) != NULL) { - spf_module_ctx->min_cache_ttl = ucl_obj_toint (value); - } - if ((value = - rspamd_config_get_module_opt (cfg, "spf", "max_dns_nesting")) != NULL) { - spf_module_ctx->max_dns_nesting = ucl_obj_toint (value); - } - if ((value = - rspamd_config_get_module_opt (cfg, "spf", "max_dns_requests")) != NULL) { - spf_module_ctx->max_dns_requests = ucl_obj_toint (value); - } - - spf_library_config (spf_module_ctx->max_dns_nesting, - spf_module_ctx->max_dns_requests, - spf_module_ctx->min_cache_ttl); + spf_library_config (ucl_obj_get_key (cfg->rcl_obj, "spf")); if ((value = rspamd_config_get_module_opt (cfg, "spf", "whitelist")) != NULL) { -- 2.39.5