@@ -708,7 +708,11 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) | |||
else if (reply->code == RDNS_RC_NXDOMAIN || reply->code == RDNS_RC_NOREC) { | |||
switch (cb->cur_action) { | |||
case SPF_RESOLVE_MX: | |||
if (rdns_request_has_type (reply->request, RDNS_REQUEST_MX)) { | |||
if (!rdns_request_has_type (reply->request, RDNS_REQUEST_MX) | |||
&& !rdns_request_has_type (reply->request, RDNS_REQUEST_A) | |||
&& !rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) { | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
msg_debug_spf ( | |||
"<%s>: spf error for domain %s: cannot find MX record for %s", | |||
task->message_id, | |||
@@ -716,7 +720,10 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) | |||
cb->resolved->cur_domain); | |||
spf_record_addr_set (addr, FALSE); | |||
} | |||
else { | |||
else if (!rdns_request_has_type (reply->request, RDNS_REQUEST_A) | |||
&& !rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) { | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
msg_debug_spf ( | |||
"<%s>: spf error for domain %s: cannot resolve MX record for %s", | |||
task->message_id, | |||
@@ -726,25 +733,32 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) | |||
} | |||
break; | |||
case SPF_RESOLVE_A: | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
if (rdns_request_has_type (reply->request, RDNS_REQUEST_A)) { | |||
spf_record_addr_set (addr, FALSE); | |||
} | |||
break; | |||
case SPF_RESOLVE_AAA: | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
if (rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) { | |||
spf_record_addr_set (addr, FALSE); | |||
} | |||
break; | |||
case SPF_RESOLVE_PTR: | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
spf_record_addr_set (addr, FALSE); | |||
break; | |||
case SPF_RESOLVE_REDIRECT: | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
msg_debug_spf ( | |||
"<%s>: spf error for domain %s: cannot resolve TXT record for %s", | |||
task->message_id, | |||
cb->rec->sender_domain, | |||
cb->resolved->cur_domain); | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
break; | |||
case SPF_RESOLVE_INCLUDE: | |||
msg_debug_spf ( | |||
@@ -752,8 +766,8 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) | |||
task->message_id, | |||
cb->rec->sender_domain, | |||
cb->resolved->cur_domain); | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED; | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL; | |||
break; | |||
case SPF_RESOLVE_EXP: | |||
break; | |||
@@ -762,16 +776,8 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg) | |||
break; | |||
} | |||
} | |||
else if ((cb->cur_action == SPF_RESOLVE_INCLUDE || | |||
cb->cur_action == SPF_RESOLVE_REDIRECT) || | |||
reply->code == RDNS_RC_TIMEOUT) { | |||
if ((cb->cur_action == SPF_RESOLVE_INCLUDE || cb->cur_action == SPF_RESOLVE_REDIRECT) && | |||
(reply->code == RDNS_RC_NOREC && reply->code == RDNS_RC_NXDOMAIN)) { | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_PERMFAIL; | |||
} | |||
else { | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL; | |||
} | |||
else { | |||
cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL; | |||
msg_info_spf ( | |||
"<%s>: spf error for domain %s: cannot resolve %s DNS record for" | |||
" %s: %s", |
@@ -397,7 +397,12 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr, | |||
spf_result[0] = '-'; | |||
spf_message = "(SPF): spf fail"; | |||
if (addr->flags & RSPAMD_SPF_FLAG_ANY) { | |||
if (rec->temp_failed) { | |||
if (rec->perm_failed) { | |||
msg_info_task ("do not apply SPF failed policy, as we have " | |||
"some addresses unresolved"); | |||
spf_symbol = spf_module_ctx->symbol_permfail; | |||
} | |||
else if (rec->temp_failed) { | |||
msg_info_task ("do not apply SPF failed policy, as we have " | |||
"some addresses unresolved"); | |||
spf_symbol = spf_module_ctx->symbol_dnsfail; | |||
@@ -411,7 +416,12 @@ spf_check_element (struct spf_resolved *rec, struct spf_addr *addr, | |||
spf_result[0] = '~'; | |||
if (addr->flags & RSPAMD_SPF_FLAG_ANY) { | |||
if (rec->temp_failed) { | |||
if (rec->perm_failed) { | |||
msg_info_task ("do not apply SPF failed policy, as we have " | |||
"some addresses unresolved"); | |||
spf_symbol = spf_module_ctx->symbol_permfail; | |||
} | |||
else if (rec->temp_failed) { | |||
msg_info_task ("do not apply SPF failed policy, as we have " | |||
"some addresses unresolved"); | |||
spf_symbol = spf_module_ctx->symbol_dnsfail; | |||
@@ -478,7 +488,7 @@ spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task, | |||
1, | |||
NULL); | |||
} | |||
else if (record && record->perm_failed) { | |||
else if (record && record->elts->len == 0 && record->perm_failed) { | |||
rspamd_task_insert_result (task, | |||
spf_module_ctx->symbol_permfail, | |||
1, |
@@ -77,10 +77,10 @@ DKIM PERMFAIL BAD RECORD | |||
... -i 37.48.67.26 | |||
Check Rspamc ${result} R_DKIM_PERMFAIL | |||
SPF DNSFAIL UNRESOLVEABLE INCLUDE | |||
SPF PERMFAIL UNRESOLVEABLE INCLUDE | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 37.48.67.26 -F x@openarena.za.net | |||
Check Rspamc ${result} R_SPF_DNSFAIL | |||
... -i 37.48.67.26 -F x@fail3.org.org.za | |||
Check Rspamc ${result} R_SPF_PERMFAIL | |||
SPF DNSFAIL FAILED INCLUDE | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
@@ -89,7 +89,7 @@ SPF DNSFAIL FAILED INCLUDE | |||
SPF ALLOW UNRESOLVEABLE INCLUDE | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 8.8.8.8 -F x@openarena.za.net | |||
... -i 8.8.8.8 -F x@fail3.org.org.za | |||
Check Rspamc ${result} R_SPF_ALLOW | |||
SPF ALLOW FAILED INCLUDE | |||
@@ -114,7 +114,7 @@ SPF NA NXDOMAIN | |||
SPF PERMFAIL UNRESOLVEABLE REDIRECT | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 8.8.8.8 -F x@cacophony.za.org | |||
... -i 8.8.8.8 -F x@fail4.org.org.za | |||
Check Rspamc ${result} R_SPF_PERMFAIL | |||
SPF DNSFAIL FAILED REDIRECT | |||
@@ -122,9 +122,9 @@ SPF DNSFAIL FAILED REDIRECT | |||
... -i 8.8.8.8 -F x@fail1.org.org.za | |||
Check Rspamc ${result} R_SPF_DNSFAIL | |||
SPF PERMFAIL | |||
SPF PERMFAIL NO USEABLE ELEMENTS | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 8.8.8.8 -F x@xzghgh.za.org | |||
... -i 8.8.8.8 -F x@fail5.org.org.za | |||
Check Rspamc ${result} R_SPF_PERMFAIL | |||
SPF FAIL | |||
@@ -132,6 +132,26 @@ SPF FAIL | |||
... -i 8.8.8.8 -F x@example.net | |||
Check Rspamc ${result} R_SPF_FAIL | |||
SPF PERMFAIL UNRESOLVEABLE MX | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 1.2.3.4 -F x@fail6.org.org.za | |||
Check Rspamc ${result} R_SPF_PERMFAIL | |||
SPF PERMFAIL UNRESOLVEABLE A | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 1.2.3.4 -F x@fail7.org.org.za | |||
Check Rspamc ${result} R_SPF_PERMFAIL | |||
SPF DNSFAIL FAILED A | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 1.2.3.4 -F x@fail8.org.org.za | |||
Check Rspamc ${result} R_SPF_DNSFAIL | |||
SPF DNSFAIL FAILED MX | |||
${result} = Scan Message With Rspamc ${TESTDIR}/messages/dmarc/bad_dkim1.eml | |||
... -i 1.2.3.4 -F x@fail9.org.org.za | |||
Check Rspamc ${result} R_SPF_DNSFAIL | |||
*** Keywords *** | |||
DMARC Setup | |||
${PLUGIN_CONFIG} = Get File ${TESTDIR}/configs/dmarc.conf |