mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6035 Commits
28 Branches
Tree: 8766fba694
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8766fba694'
${ noResults }
rspamd/src/libserver/spf.c

spf.c 41KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "dns.h"

  18. #include "spf.h"

  19. #include "rspamd.h"

  20. #include "message.h"

  21. #include "filter.h"

  22. #include "utlist.h"

  23. 

  24. #define SPF_VER1_STR "v=spf1"

  25. #define SPF_VER2_STR "spf2."

  26. #define SPF_SCOPE_PRA "pra"

  27. #define SPF_SCOPE_MFROM "mfrom"

  28. #define SPF_ALL "all"

  29. #define SPF_A "a"

  30. #define SPF_IP4 "ip4"

  31. #define SPF_IP6 "ip6"

  32. #define SPF_PTR "ptr"

  33. #define SPF_MX "mx"

  34. #define SPF_EXISTS "exists"

  35. #define SPF_INCLUDE "include"

  36. #define SPF_REDIRECT "redirect"

  37. #define SPF_EXP "exp"

  38. 

  39. /** SPF limits for avoiding abuse **/

  40. #define SPF_MAX_NESTING 10

  41. #define SPF_MAX_DNS_REQUESTS 30

  42. 

  43. struct spf_resolved_element {

  44. 	GPtrArray *elts;

  45. 	gchar *cur_domain;

  46. 	gboolean redirected; /* Ingnore level, it's redirected */

  47. };

  48. 

  49. struct spf_record {

  50. 	gint nested;

  51. 	gint dns_requests;

  52. 	gint requests_inflight;

  53. 

  54. 	guint ttl;

  55. 	GPtrArray *resolved;

  56. 	/* Array of struct spf_resolved_element */

  57. 	const gchar *sender;

  58. 	const gchar *sender_domain;

  59. 	gchar *local_part;

  60. 	struct rspamd_task *task;

  61. 	spf_cb_t callback;

  62. 	gboolean done;

  63. };

  64. 

  65. /**

  66.  * BNF for SPF record:

  67.  *

  68.  * spf_mech ::= +|-|~|?

  69.  *

  70.  * spf_body ::= spf=v1 <spf_command> [<spf_command>]

  71.  * spf_command ::= [spf_mech]all|a|<ip4>|<ip6>|ptr|mx|<exists>|<include>|<redirect>

  72.  *

  73.  * spf_domain ::= [:domain][/mask]

  74.  * spf_ip4 ::= ip[/mask]

  75.  * ip4 ::= ip4:<spf_ip4>

  76.  * mx ::= mx<spf_domain>

  77.  * a ::= a<spf_domain>

  78.  * ptr ::= ptr[:domain]

  79.  * exists ::= exists:domain

  80.  * include ::= include:domain

  81.  * redirect ::= redirect:domain

  82.  * exp ::= exp:domain

  83.  *

  84.  */

  85. 

  86. #undef SPF_DEBUG

  87. 

  88. #define msg_err_spf(...) rspamd_default_log_function (G_LOG_LEVEL_CRITICAL, \

  89.         "spf", rec->task->task_pool->tag.uid, \

  90.         G_STRFUNC, \

  91.         __VA_ARGS__)

  92. #define msg_warn_spf(...)   rspamd_default_log_function (G_LOG_LEVEL_WARNING, \

  93.         "spf", rec->task->task_pool->tag.uid, \

  94.         G_STRFUNC, \

  95.         __VA_ARGS__)

  96. #define msg_info_spf(...)   rspamd_default_log_function (G_LOG_LEVEL_INFO, \

  97.         "spf", rec->task->task_pool->tag.uid, \

  98.         G_STRFUNC, \

  99.         __VA_ARGS__)

  100. #define msg_debug_spf(...)  rspamd_default_log_function (G_LOG_LEVEL_DEBUG, \

  101.         "spf", rec->task->task_pool->tag.uid, \

  102.         G_STRFUNC, \

  103.         __VA_ARGS__)

  104. 

  105. 

  106. struct spf_dns_cb {

  107. 	struct spf_record *rec;

  108. 	struct spf_addr *addr;

  109. 	struct spf_resolved_element *resolved;

  110. 	gchar *ptr_host;

  111. 	spf_action_t cur_action;

  112. 	gboolean in_include;

  113. };

  114. 

  115. #define CHECK_REC(rec)                                          \

  116.     do {                                                        \

  117.         if ((rec)->nested > SPF_MAX_NESTING ||                  \

  118.             (rec)->dns_requests > SPF_MAX_DNS_REQUESTS) {       \

  119.             msg_info_spf ("<%s> spf recursion limit %d is reached, domain: %s", \

  120.                 (rec)->task->message_id, (rec)->dns_requests,   \

  121.                 (rec)->sender_domain);                          \

  122.             return FALSE;                                       \

  123.         }                                                       \

  124.     } while (0)                                                 \

  125. 

  126. 

  127. static gboolean start_spf_parse (struct spf_record *rec,

  128. 		struct spf_resolved_element *resolved, gchar *begin);

  129. 

  130. /* Determine spf mech */

  131. static spf_mech_t

  132. check_spf_mech (const gchar *elt, gboolean *need_shift)

  133. {

  134. 	g_assert (elt != NULL);

  135. 

  136. 	*need_shift = TRUE;

  137. 

  138. 	switch (*elt) {

  139. 		case '-':

  140. 			return SPF_FAIL;

  141. 		case '~':

  142. 			return SPF_SOFT_FAIL;

  143. 		case '+':

  144. 			return SPF_PASS;

  145. 		case '?':

  146. 			return SPF_NEUTRAL;

  147. 		default:

  148. 			*need_shift = FALSE;

  149. 			return SPF_PASS;

  150. 	}

  151. }

  152. 

  153. static struct spf_addr *

  154. rspamd_spf_new_addr (struct spf_record *rec,

  155. 		struct spf_resolved_element *resolved, const gchar *elt)

  156. {

  157. 	gboolean need_shift = FALSE;

  158. 	struct spf_addr *naddr;

  159. 

  160. 	naddr = g_slice_alloc0 (sizeof (*naddr));

  161. 	naddr->mech = check_spf_mech (elt, &need_shift);

  162. 

  163. 	if (need_shift) {

  164. 		naddr->spf_string = g_strdup (elt + 1);

  165. 	}

  166. 	else {

  167. 		naddr->spf_string = g_strdup (elt);

  168. 	}

  169. 

  170. 	g_ptr_array_add (resolved->elts, naddr);

  171. 	naddr->prev = naddr;

  172. 	naddr->next = NULL;

  173. 

  174. 	return naddr;

  175. }

  176. 

  177. static void

  178. rspamd_spf_free_addr (gpointer a)

  179. {

  180. 	struct spf_addr *addr = a, *tmp, *cur;

  181. 

  182. 	if (addr) {

  183. 		g_free (addr->spf_string);

  184. 		DL_FOREACH_SAFE (addr, cur, tmp) {

  185. 			g_slice_free1 (sizeof (*cur), cur);

  186. 		}

  187. 	}

  188. }

  189. 

  190. static struct spf_resolved_element *

  191. rspamd_spf_new_addr_list (struct spf_record *rec, const gchar *domain)

  192. {

  193. 	struct spf_resolved_element *resolved;

  194. 

  195. 	resolved = g_slice_alloc (sizeof (*resolved));

  196. 	resolved->redirected = FALSE;

  197. 	resolved->cur_domain = g_strdup (domain);

  198. 	resolved->elts = g_ptr_array_new_full (8, rspamd_spf_free_addr);

  199. 

  200. 	g_ptr_array_add (rec->resolved, resolved);

  201. 

  202. 	return g_ptr_array_index (rec->resolved, rec->resolved->len - 1);

  203. }

  204. 

  205. /*

  206.  * Destructor for spf record

  207.  */

  208. static void

  209. spf_record_destructor (gpointer r)

  210. {

  211. 	struct spf_record *rec = r;

  212. 	struct spf_resolved_element *elt;

  213. 	guint i;

  214. 

  215. 	if (rec) {

  216. 		for (i = 0; i < rec->resolved->len; i++) {

  217. 			elt = g_ptr_array_index (rec->resolved, i);

  218. 			g_ptr_array_free (elt->elts, TRUE);

  219. 			g_free (elt->cur_domain);

  220. 			g_slice_free1 (sizeof (*elt), elt);

  221. 		}

  222. 

  223. 		g_ptr_array_free (rec->resolved, TRUE);

  224. 	}

  225. }

  226. 

  227. static void

  228. rspamd_flatten_record_dtor (struct spf_resolved *r)

  229. {

  230. 	struct spf_addr *addr;

  231. 	guint i;

  232. 

  233. 	for (i = 0; i < r->elts->len; i++) {

  234. 		addr = &g_array_index (r->elts, struct spf_addr, i);

  235. 		g_free (addr->spf_string);

  236. 	}

  237. 

  238. 	g_free (r->domain);

  239. 	g_array_free (r->elts, TRUE);

  240. 	g_slice_free1 (sizeof (*r), r);

  241. }

  242. 

  243. static void

  244. rspamd_spf_process_reference (struct spf_resolved *target,

  245. 		struct spf_addr *addr, struct spf_record *rec, gboolean top)

  246. {

  247. 	struct spf_resolved_element *elt, *relt;

  248. 	struct spf_addr *cur = NULL, taddr, *cur_addr;

  249. 	guint i;

  250. 

  251. 	if (addr) {

  252. 		g_assert (addr->m.idx < rec->resolved->len);

  253. 

  254. 		elt = g_ptr_array_index (rec->resolved, addr->m.idx);

  255. 	}

  256. 	else {

  257. 		elt = g_ptr_array_index (rec->resolved, 0);

  258. 	}

  259. 

  260. 	if (rec->ttl < target->ttl) {

  261. 		msg_debug_spf ("reducing ttl from %d to %d after subrecord processing %s",

  262. 				target->ttl, rec->ttl, rec->sender_domain);

  263. 		target->ttl = rec->ttl;

  264. 	}

  265. 

  266. 	if (elt->redirected) {

  267. 		g_assert (elt->elts->len > 0);

  268. 

  269. 		for (i = 0; i < elt->elts->len; i++) {

  270. 			cur = g_ptr_array_index (elt->elts, i);

  271. 			if (cur->flags & RSPAMD_SPF_FLAG_REDIRECT) {

  272. 				break;

  273. 			}

  274. 		}

  275. 

  276. 		g_assert (cur != NULL);

  277. 		if (!(cur->flags & RSPAMD_SPF_FLAG_PARSED)) {

  278. 			/* Unresolved redirect */

  279. 			msg_info_spf ("redirect to %s cannot be resolved", cur->spf_string);

  280. 			return;

  281. 		}

  282. 

  283. 		g_assert (cur->flags & RSPAMD_SPF_FLAG_REFRENCE);

  284. 		g_assert (cur->m.idx < rec->resolved->len);

  285. 		relt = g_ptr_array_index (rec->resolved, cur->m.idx);

  286. 		msg_debug_spf ("domain %s is redirected to %s", elt->cur_domain,

  287. 				relt->cur_domain);

  288. 	}

  289. 

  290. 	for (i = 0; i < elt->elts->len; i++) {

  291. 		cur = g_ptr_array_index (elt->elts, i);

  292. 

  293. 		if (cur->flags & RSPAMD_SPF_FLAG_TEMPFAIL) {

  294. 			target->failed = TRUE;

  295. 			continue;

  296. 		}

  297. 		else if (!(cur->flags & RSPAMD_SPF_FLAG_PARSED)) {

  298. 			/* Ignore unparsed addrs */

  299. 			continue;

  300. 		}

  301. 		else if (cur->flags & RSPAMD_SPF_FLAG_REFRENCE) {

  302. 			/* Process reference */

  303. 			rspamd_spf_process_reference (target, cur, rec, FALSE);

  304. 

  305. 			if (cur->flags & RSPAMD_SPF_FLAG_REDIRECT) {

  306. 				/* Stop on redirected domain */

  307. 				break;

  308. 			}

  309. 		}

  310. 		else {

  311. 			if ((cur->flags & RSPAMD_SPF_FLAG_ANY) && !top) {

  312. 				/* Ignore wide policies in includes */

  313. 				continue;

  314. 			}

  315. 

  316. 			DL_FOREACH (cur, cur_addr) {

  317. 				memcpy (&taddr, cur_addr, sizeof (taddr));

  318. 				taddr.spf_string = g_strdup (cur_addr->spf_string);

  319. 				g_array_append_val (target->elts, taddr);

  320. 			}

  321. 		}

  322. 	}

  323. }

  324. 

  325. /*

  326.  * Parse record and flatten it to a simple structure

  327.  */

  328. static struct spf_resolved *

  329. rspamd_spf_record_flatten (struct spf_record *rec)

  330. {

  331. 	struct spf_resolved *res;

  332. 

  333. 	g_assert (rec != NULL);

  334. 

  335. 	res = g_slice_alloc0 (sizeof (*res));

  336. 	res->elts = g_array_sized_new (FALSE, FALSE, sizeof (struct spf_addr),

  337. 			rec->resolved->len);

  338. 	res->domain = g_strdup (rec->sender_domain);

  339. 	res->ttl = rec->ttl;

  340. 	REF_INIT_RETAIN (res, rspamd_flatten_record_dtor);

  341. 

  342. 	if (rec->resolved->len > 0) {

  343. 		rspamd_spf_process_reference (res, NULL, rec, TRUE);

  344. 	}

  345. 

  346. 	return res;

  347. }

  348. 

  349. static void

  350. rspamd_spf_maybe_return (struct spf_record *rec)

  351. {

  352. 	struct spf_resolved *flat;

  353. 

  354. 	if (rec->requests_inflight == 0 && !rec->done) {

  355. 		flat = rspamd_spf_record_flatten (rec);

  356. 		rec->callback (flat, rec->task);

  357. 		REF_RELEASE (flat);

  358. 		rec->done = TRUE;

  359. 	}

  360. }

  361. 

  362. static gboolean

  363. spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)

  364. {

  365. 	const char *dend, *nend, *dstart, *nstart;

  366. 	struct spf_record *rec = cb->rec;

  367. 

  368. 	if (name == NULL) {

  369. 		return FALSE;

  370. 	}

  371. 	if (cb->ptr_host != NULL) {

  372. 		dstart = cb->ptr_host;

  373. 

  374. 	}

  375. 	else {

  376. 		dstart = cb->resolved->cur_domain;

  377. 	}

  378. 

  379. 	msg_debug_spf ("check ptr %s vs %s", name, dstart);

  380. 

  381. 	/* We need to check whether `cur_domain` is a subdomain for `name` */

  382. 	dend = dstart + strlen (dstart) - 1;

  383. 	nstart = name;

  384. 	nend = nstart + strlen (nstart) - 1;

  385. 

  386. 	if (nend == nstart || dend == dstart) {

  387. 		return FALSE;

  388. 	}

  389. 	/* Strip last '.' from names */

  390. 	if (*nend == '.') {

  391. 		nend--;

  392. 	}

  393. 	if (*dend == '.') {

  394. 		dend--;

  395. 	}

  396. 

  397. 	/* Now compare from end to start */

  398. 	for (;;) {

  399. 		if (g_ascii_tolower (*dend) != g_ascii_tolower (*nend)) {

  400. 			msg_debug_spf ("ptr records mismatch: %s and %s", dend, nend);

  401. 			return FALSE;

  402. 		}

  403. 		if (dend == dstart) {

  404. 			break;

  405. 		}

  406. 		if (nend == nstart) {

  407. 			/* Name is shorter than cur_domain */

  408. 			return FALSE;

  409. 		}

  410. 		nend--;

  411. 		dend--;

  412. 	}

  413. 	if (nend != nstart && *(nend - 1) != '.') {

  414. 		/* Not a subdomain */

  415. 		return FALSE;

  416. 	}

  417. 

  418. 	return TRUE;

  419. }

  420. 

  421. static void

  422. spf_record_process_addr (struct spf_record *rec, struct spf_addr *addr, struct

  423. 		rdns_reply_entry *reply)

  424. {

  425. 	struct spf_addr *naddr;

  426. 

  427. 	if (!(addr->flags & RSPAMD_SPF_FLAG_PROCESSED)) {

  428. 		/* That's the first address */

  429. 		if (reply->type == RDNS_REQUEST_AAAA) {

  430. 			memcpy (addr->addr6,

  431. 					&reply->content.aaa.addr,

  432. 					sizeof (addr->addr6));

  433. 			addr->flags |= RSPAMD_SPF_FLAG_IPV6;

  434. 		}

  435. 		else if (reply->type == RDNS_REQUEST_A) {

  436. 			memcpy (addr->addr4, &reply->content.a.addr, sizeof (addr->addr4));

  437. 			addr->flags |= RSPAMD_SPF_FLAG_IPV4;

  438. 		}

  439. 		else {

  440. 			msg_err_spf (

  441. 					"internal error, bad DNS reply is treated as address: %s",

  442. 					rdns_strtype (reply->type));

  443. 		}

  444. 

  445. 		addr->flags |= RSPAMD_SPF_FLAG_PROCESSED;

  446. 	}

  447. 	else {

  448. 		/* We need to create a new address */

  449. 		naddr = g_slice_alloc0 (sizeof (*naddr));

  450. 		memcpy (naddr, addr, sizeof (*naddr));

  451. 		naddr->next = NULL;

  452. 		naddr->prev = NULL;

  453. 

  454. 		if (reply->type == RDNS_REQUEST_AAAA) {

  455. 			memcpy (naddr->addr6,

  456. 					&reply->content.aaa.addr,

  457. 					sizeof (addr->addr6));

  458. 			naddr->flags |= RSPAMD_SPF_FLAG_IPV6;

  459. 		}

  460. 		else if (reply->type == RDNS_REQUEST_A) {

  461. 			memcpy (naddr->addr4, &reply->content.a.addr, sizeof (addr->addr4));

  462. 			naddr->flags |= RSPAMD_SPF_FLAG_IPV4;

  463. 		}

  464. 		else {

  465. 			msg_err_spf (

  466. 					"internal error, bad DNS reply is treated as address: %s",

  467. 					rdns_strtype (reply->type));

  468. 		}

  469. 

  470. 		DL_APPEND (addr, naddr);

  471. 	}

  472. }

  473. 

  474. static void

  475. spf_record_addr_set (struct spf_addr *addr, gboolean allow_any)

  476. {

  477. 	guchar fill;

  478. 

  479. 	if (!(addr->flags & RSPAMD_SPF_FLAG_PROCESSED)) {

  480. 		if (allow_any) {

  481. 			fill = 0;

  482. 			addr->m.dual.mask_v4 = 0;

  483. 			addr->m.dual.mask_v6 = 0;

  484. 		}

  485. 		else {

  486. 			fill = 0xff;

  487. 		}

  488. 

  489. 		memset (addr->addr4, fill, sizeof (addr->addr4));

  490. 		memset (addr->addr6, fill, sizeof (addr->addr6));

  491. 

  492. 

  493. 		addr->flags |= RSPAMD_SPF_FLAG_IPV4;

  494. 		addr->flags |= RSPAMD_SPF_FLAG_IPV6;

  495. 	}

  496. }

  497. 

  498. static gboolean

  499. spf_process_txt_record (struct spf_record *rec, struct spf_resolved_element *resolved,

  500. 		struct rdns_reply *reply)

  501. {

  502. 	struct rdns_reply_entry *elt, *selected = NULL;

  503. 	gboolean ret = FALSE;

  504. 

  505. 	/*

  506. 	 * We prefer spf version 1 as other records are mostly likely garbadge

  507. 	 * or incorrect records (e.g. spf2 records)

  508. 	 */

  509. 	LL_FOREACH (reply->entries, elt) {

  510. 		if (strncmp (elt->content.txt.data, "v=spf1", sizeof ("v=spf1") - 1)

  511. 				== 0) {

  512. 			selected = elt;

  513. 			break;

  514. 		}

  515. 	}

  516. 

  517. 	if (!selected) {

  518. 		LL_FOREACH (reply->entries, elt) {

  519. 			if (start_spf_parse (rec, resolved, elt->content.txt.data)) {

  520. 				ret = TRUE;

  521. 				break;

  522. 			}

  523. 		}

  524. 	}

  525. 	else {

  526. 		ret = start_spf_parse (rec, resolved, selected->content.txt.data);

  527. 	}

  528. 

  529. 	return ret;

  530. }

  531. 

  532. static void

  533. spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)

  534. {

  535. 	struct spf_dns_cb *cb = arg;

  536. 	struct rdns_reply_entry *elt_data;

  537. 	struct rspamd_task *task;

  538. 	struct spf_addr *addr;

  539. 	struct spf_record *rec;

  540. 

  541. 	rec = cb->rec;

  542. 	task = rec->task;

  543. 

  544. 	cb->rec->requests_inflight--;

  545. 	addr = cb->addr;

  546. 

  547. 	if (reply->code == RDNS_RC_NOERROR) {

  548. 		LL_FOREACH (reply->entries, elt_data) {

  549. 			/* Adjust ttl if a resolved record has lower ttl than spf record itself */

  550. 			if ((guint)elt_data->ttl < rec->ttl) {

  551. 				msg_debug_spf ("reducing ttl from %d to %d after DNS resolving",

  552. 						rec->ttl, elt_data->ttl);

  553. 				rec->ttl = elt_data->ttl;

  554. 			}

  555. 

  556. 			switch (cb->cur_action) {

  557. 				case SPF_RESOLVE_MX:

  558. 					if (elt_data->type == RDNS_REQUEST_MX) {

  559. 						/* Now resolve A record for this MX */

  560. 						msg_debug_spf ("resolve %s after resolving of MX",

  561. 								elt_data->content.mx.name);

  562. 						if (make_dns_request_task (task,

  563. 								spf_record_dns_callback, (void *) cb,

  564. 								RDNS_REQUEST_A,

  565. 								elt_data->content.mx.name)) {

  566. 							cb->rec->requests_inflight++;

  567. 						}

  568. 

  569. 						if (make_dns_request_task (task,

  570. 								spf_record_dns_callback, (void *) cb,

  571. 								RDNS_REQUEST_AAAA,

  572. 								elt_data->content.mx.name)) {

  573. 							cb->rec->requests_inflight++;

  574. 						}

  575. 					}

  576. 					else {

  577. 						spf_record_process_addr (rec, addr, elt_data);

  578. 					}

  579. 					break;

  580. 				case SPF_RESOLVE_A:

  581. 				case SPF_RESOLVE_AAA:

  582. 					spf_record_process_addr (rec, addr, elt_data);

  583. 					break;

  584. 				case SPF_RESOLVE_PTR:

  585. 					if (elt_data->type == RDNS_REQUEST_PTR) {

  586. 						/* Validate returned records prior to making A requests */

  587. 						if (spf_check_ptr_host (cb,

  588. 								elt_data->content.ptr.name)) {

  589. 							msg_debug_spf ("resolve %s after resolving of PTR",

  590. 									elt_data->content.ptr.name);

  591. 							if (make_dns_request_task (task,

  592. 									spf_record_dns_callback, (void *) cb,

  593. 									RDNS_REQUEST_A,

  594. 									elt_data->content.ptr.name)) {

  595. 								cb->rec->requests_inflight++;

  596. 							}

  597. 							if (make_dns_request_task (task,

  598. 									spf_record_dns_callback, (void *) cb,

  599. 									RDNS_REQUEST_AAAA,

  600. 									elt_data->content.ptr.name)) {

  601. 								cb->rec->requests_inflight++;

  602. 							}

  603. 						}

  604. 					}

  605. 					else {

  606. 						spf_record_process_addr (rec, addr, elt_data);

  607. 					}

  608. 					break;

  609. 				case SPF_RESOLVE_REDIRECT:

  610. 					if (elt_data->type == RDNS_REQUEST_TXT) {

  611. 						if (spf_process_txt_record (rec, cb->resolved, reply)) {

  612. 							cb->addr->flags |= RSPAMD_SPF_FLAG_PARSED;

  613. 						}

  614. 						else {

  615. 							cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;

  616. 						}

  617. 					}

  618. 					break;

  619. 				case SPF_RESOLVE_INCLUDE:

  620. 					if (elt_data->type == RDNS_REQUEST_TXT) {

  621. 						if (spf_process_txt_record (rec, cb->resolved, reply)) {

  622. 							cb->addr->flags |= RSPAMD_SPF_FLAG_PARSED;

  623. 						}

  624. 						else {

  625. 							cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;

  626. 						}

  627. 					}

  628. 					break;

  629. 				case SPF_RESOLVE_EXP:

  630. 					break;

  631. 				case SPF_RESOLVE_EXISTS:

  632. 					if (elt_data->type == RDNS_REQUEST_A ||

  633. 						elt_data->type == RDNS_REQUEST_AAAA) {

  634. 						/* If specified address resolves, we can accept connection from every IP */

  635. 						spf_record_addr_set (addr, TRUE);

  636. 					}

  637. 					break;

  638. 			}

  639. 		}

  640. 	}

  641. 	else if (reply->code == RDNS_RC_NXDOMAIN || reply->code == RDNS_RC_NOREC) {

  642. 		switch (cb->cur_action) {

  643. 			case SPF_RESOLVE_MX:

  644. 				if (rdns_request_has_type (reply->request, RDNS_REQUEST_MX)) {

  645. 					msg_debug_spf (

  646. 							"<%s>: spf error for domain %s: cannot find MX record for %s",

  647. 							task->message_id,

  648. 							cb->rec->sender_domain,

  649. 							cb->resolved->cur_domain);

  650. 					spf_record_addr_set (addr, FALSE);

  651. 				}

  652. 				else {

  653. 					msg_debug_spf (

  654. 							"<%s>: spf error for domain %s: cannot resolve MX record for %s",

  655. 							task->message_id,

  656. 							cb->rec->sender_domain,

  657. 							cb->resolved->cur_domain);

  658. 					spf_record_addr_set (addr, FALSE);

  659. 				}

  660. 				break;

  661. 			case SPF_RESOLVE_A:

  662. 				if (rdns_request_has_type (reply->request, RDNS_REQUEST_A)) {

  663. 					spf_record_addr_set (addr, FALSE);

  664. 				}

  665. 				break;

  666. 			case SPF_RESOLVE_AAA:

  667. 				if (rdns_request_has_type (reply->request, RDNS_REQUEST_AAAA)) {

  668. 					spf_record_addr_set (addr, FALSE);

  669. 				}

  670. 				break;

  671. 			case SPF_RESOLVE_PTR:

  672. 				spf_record_addr_set (addr, FALSE);

  673. 				break;

  674. 			case SPF_RESOLVE_REDIRECT:

  675. 				msg_debug_spf (

  676. 						"<%s>: spf error for domain %s: cannot resolve TXT record for %s",

  677. 						task->message_id,

  678. 						cb->rec->sender_domain,

  679. 						cb->resolved->cur_domain);

  680. 				cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;

  681. 				break;

  682. 			case SPF_RESOLVE_INCLUDE:

  683. 				msg_debug_spf (

  684. 						"<%s>: spf error for domain %s: cannot resolve TXT record for %s",

  685. 						task->message_id,

  686. 						cb->rec->sender_domain,

  687. 						cb->resolved->cur_domain);

  688. 				cb->addr->flags &= ~RSPAMD_SPF_FLAG_PARSED;

  689. 				break;

  690. 			case SPF_RESOLVE_EXP:

  691. 				break;

  692. 			case SPF_RESOLVE_EXISTS:

  693. 				spf_record_addr_set (addr, FALSE);

  694. 				break;

  695. 		}

  696. 	}

  697. 	else if ((cb->cur_action == SPF_RESOLVE_INCLUDE ||

  698. 			cb->cur_action == SPF_RESOLVE_REDIRECT) ||

  699. 			reply->code == RDNS_RC_TIMEOUT) {

  700. 		cb->addr->flags |= RSPAMD_SPF_FLAG_TEMPFAIL;

  701. 		msg_info_spf (

  702. 				"<%s>: spf error for domain %s: cannot resolve DNS record for"

  703. 				" %s: %s",

  704. 				task->message_id,

  705. 				cb->rec->sender_domain,

  706. 				cb->resolved->cur_domain,

  707. 				rdns_strerror (reply->code));

  708. 	}

  709. 

  710. 	rspamd_spf_maybe_return (cb->rec);

  711. }

  712. 

  713. /*

  714.  * The syntax defined by the following BNF:

  715.  * [ ":" domain-spec ] [ dual-cidr-length ]

  716.  * ip4-cidr-length  = "/" 1*DIGIT

  717.  * ip6-cidr-length  = "/" 1*DIGIT

  718.  * dual-cidr-length = [ ip4-cidr-length ] [ "/" ip6-cidr-length ]

  719.  */

  720. static const gchar *

  721. parse_spf_domain_mask (struct spf_record *rec, struct spf_addr *addr,

  722. 		struct spf_resolved_element *resolved,

  723. 		gboolean allow_mask)

  724. {

  725. 	struct rspamd_task *task = rec->task;

  726. 	enum {

  727. 		parse_spf_elt = 0,

  728. 		parse_semicolon,

  729. 		parse_domain,

  730. 		parse_slash,

  731. 		parse_ipv4_mask,

  732. 		parse_second_slash,

  733. 		parse_ipv6_mask,

  734. 		skip_garbadge

  735. 	} state = 0;

  736. 	const gchar *p = addr->spf_string, *host, *c;

  737. 	gchar *hostbuf;

  738. 	gchar t;

  739. 	guint16 cur_mask = 0;

  740. 

  741. 	host = resolved->cur_domain;

  742. 	c = p;

  743. 

  744. 	while (*p) {

  745. 		t = *p;

  746. 

  747. 		switch (state) {

  748. 			case parse_spf_elt:

  749. 				if (t == ':') {

  750. 					state = parse_semicolon;

  751. 				}

  752. 				else if (t == '/') {

  753. 					/* No domain but mask */

  754. 					state = parse_slash;

  755. 				}

  756. 				p++;

  757. 				break;

  758. 			case parse_semicolon:

  759. 				if (t == '/') {

  760. 					/* Empty domain, technically an error */

  761. 					state = parse_slash;

  762. 				}

  763. 				c = p;

  764. 				state = parse_domain;

  765. 				break;

  766. 			case parse_domain:

  767. 				if (t == '/') {

  768. 					hostbuf = rspamd_mempool_alloc (task->task_pool, p - c + 1);

  769. 					rspamd_strlcpy (hostbuf, c, p - c + 1);

  770. 					host = hostbuf;

  771. 					state = parse_slash;

  772. 				}

  773. 				p++;

  774. 				break;

  775. 			case parse_slash:

  776. 				c = p;

  777. 				if (allow_mask) {

  778. 					state = parse_ipv4_mask;

  779. 				}

  780. 				else {

  781. 					state = skip_garbadge;

  782. 				}

  783. 				cur_mask = 0;

  784. 				break;

  785. 			case parse_ipv4_mask:

  786. 				if (g_ascii_isdigit (t)) {

  787. 					/* Ignore errors here */

  788. 					cur_mask = cur_mask * 10 + (t - '0');

  789. 				}

  790. 				else if (t == '/') {

  791. 					if (cur_mask <= 32) {

  792. 						addr->m.dual.mask_v4 = cur_mask;

  793. 					}

  794. 					else {

  795. 						msg_info_spf ("bad ipv4 mask: %d", cur_mask);

  796. 					}

  797. 					state = parse_second_slash;

  798. 				}

  799. 				p++;

  800. 				break;

  801. 			case parse_second_slash:

  802. 				c = p;

  803. 				state = parse_ipv6_mask;

  804. 				cur_mask = 0;

  805. 				break;

  806. 			case parse_ipv6_mask:

  807. 				if (g_ascii_isdigit (t)) {

  808. 					/* Ignore errors here */

  809. 					cur_mask = cur_mask * 10 + (t - '0');

  810. 				}

  811. 				p++;

  812. 				break;

  813. 			case skip_garbadge:

  814. 				p++;

  815. 				break;

  816. 		}

  817. 	}

  818. 

  819. 	/* Process end states */

  820. 	if (state == parse_ipv4_mask) {

  821. 		if (cur_mask <= 32) {

  822. 			addr->m.dual.mask_v4 = cur_mask;

  823. 		}

  824. 		else {

  825. 			msg_info_spf ("bad ipv4 mask: %d", cur_mask);

  826. 		}

  827. 	}

  828. 	else if (state == parse_ipv6_mask) {

  829. 		if (cur_mask <= 128) {

  830. 			addr->m.dual.mask_v6 = cur_mask;

  831. 		}

  832. 		else {

  833. 			msg_info_spf ("bad ipv6 mask: %d", cur_mask);

  834. 		}

  835. 	}

  836. 	else if (state == parse_domain && p - c > 0) {

  837. 		hostbuf = rspamd_mempool_alloc (task->task_pool, p - c + 1);

  838. 		rspamd_strlcpy (hostbuf, c, p - c + 1);

  839. 		host = hostbuf;

  840. 	}

  841. 

  842. 	if (cur_mask == 0) {

  843. 		addr->m.dual.mask_v4 = 32;

  844. 		addr->m.dual.mask_v6 = 64;

  845. 	}

  846. 

  847. 	return host;

  848. }

  849. 

  850. static gboolean

  851. parse_spf_a (struct spf_record *rec,

  852. 		struct spf_resolved_element *resolved, struct spf_addr *addr)

  853. {

  854. 	struct spf_dns_cb *cb;

  855. 	const gchar *host = NULL;

  856. 	struct rspamd_task *task = rec->task;

  857. 

  858. 	CHECK_REC (rec);

  859. 

  860. 	host = parse_spf_domain_mask (rec, addr, resolved, TRUE);

  861. 

  862. 	if (host == NULL) {

  863. 		return FALSE;

  864. 	}

  865. 

  866. 	rec->dns_requests++;

  867. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  868. 	cb->rec = rec;

  869. 	cb->addr = addr;

  870. 	cb->cur_action = SPF_RESOLVE_A;

  871. 	cb->resolved = resolved;

  872. 	msg_debug_spf ("resolve a %s", host);

  873. 

  874. 	if (make_dns_request_task (task,

  875. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_A, host)) {

  876. 		rec->requests_inflight++;

  877. 

  878. 		if (make_dns_request_task (task,

  879. 				spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) {

  880. 			rec->requests_inflight++;

  881. 		}

  882. 

  883. 		return TRUE;

  884. 	}

  885. 

  886. 	return FALSE;

  887. 

  888. }

  889. 

  890. static gboolean

  891. parse_spf_ptr (struct spf_record *rec,

  892. 		struct spf_resolved_element *resolved, struct spf_addr *addr)

  893. {

  894. 	struct spf_dns_cb *cb;

  895. 	const gchar *host;

  896. 	gchar *ptr;

  897. 	struct rspamd_task *task = rec->task;

  898. 

  899. 	CHECK_REC (rec);

  900. 

  901. 	host = parse_spf_domain_mask (rec, addr, resolved, FALSE);

  902. 

  903. 	rec->dns_requests++;

  904. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  905. 	cb->rec = rec;

  906. 	cb->addr = addr;

  907. 	cb->cur_action = SPF_RESOLVE_PTR;

  908. 	cb->resolved = resolved;

  909. 	cb->ptr_host = rspamd_mempool_strdup (task->task_pool, host);

  910. 	ptr =

  911. 			rdns_generate_ptr_from_str (rspamd_inet_address_to_string (

  912. 					task->from_addr));

  913. 

  914. 	if (ptr == NULL) {

  915. 		return FALSE;

  916. 	}

  917. 

  918. 	rspamd_mempool_add_destructor (task->task_pool, free, ptr);

  919. 	msg_debug_spf ("resolve ptr %s for %s", ptr, host);

  920. 	if (make_dns_request_task (task,

  921. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_PTR, ptr)) {

  922. 		rec->requests_inflight++;

  923. 

  924. 		return TRUE;

  925. 	}

  926. 

  927. 	return FALSE;

  928. }

  929. 

  930. static gboolean

  931. parse_spf_mx (struct spf_record *rec,

  932. 		struct spf_resolved_element *resolved, struct spf_addr *addr)

  933. {

  934. 	struct spf_dns_cb *cb;

  935. 	const gchar *host;

  936. 	struct rspamd_task *task = rec->task;

  937. 

  938. 	CHECK_REC (rec);

  939. 

  940. 	host = parse_spf_domain_mask (rec, addr, resolved, TRUE);

  941. 

  942. 	if (host == NULL) {

  943. 		return FALSE;

  944. 	}

  945. 

  946. 	rec->dns_requests++;

  947. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  948. 	cb->rec = rec;

  949. 	cb->addr = addr;

  950. 	cb->cur_action = SPF_RESOLVE_MX;

  951. 	cb->resolved = resolved;

  952. 

  953. 	msg_debug_spf ("resolve mx for %s", host);

  954. 	if (make_dns_request_task (task,

  955. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_MX, host)) {

  956. 		rec->requests_inflight++;

  957. 

  958. 		return TRUE;

  959. 	}

  960. 

  961. 	return FALSE;

  962. }

  963. 

  964. static gboolean

  965. parse_spf_all (struct spf_record *rec, struct spf_addr *addr)

  966. {

  967. 	/* All is 0/0 */

  968. 	memset (&addr->addr4, 0, sizeof (addr->addr4));

  969. 	memset (&addr->addr6, 0, sizeof (addr->addr6));

  970. 	/* Here we set all masks to 0 */

  971. 	addr->m.idx = 0;

  972. 	addr->flags |= RSPAMD_SPF_FLAG_ANY;

  973. 	msg_debug_spf ("parsed all elt");

  974. 

  975. 	return TRUE;

  976. }

  977. 

  978. static gboolean

  979. parse_spf_ip4 (struct spf_record *rec, struct spf_addr *addr)

  980. {

  981. 	/* ip4:addr[/mask] */

  982. 	const gchar *semicolon, *slash;

  983. 	gsize len;

  984. 	gchar ipbuf[INET_ADDRSTRLEN + 1];

  985. 	guint32 mask;

  986. 

  987. 	CHECK_REC (rec);

  988. 

  989. 	semicolon = strchr (addr->spf_string, ':');

  990. 

  991. 	if (semicolon == NULL) {

  992. 		return FALSE;

  993. 	}

  994. 

  995. 	semicolon++;

  996. 	slash = strchr (semicolon, '/');

  997. 

  998. 	if (slash) {

  999. 		len = slash - semicolon;

  1000. 	}

  1001. 	else {

  1002. 		len = strlen (semicolon);

  1003. 	}

  1004. 

  1005. 	rspamd_strlcpy (ipbuf, semicolon, MIN (len + 1, sizeof (ipbuf)));

  1006. 

  1007. 	if (inet_pton (AF_INET, ipbuf, addr->addr4) != 1) {

  1008. 		return FALSE;

  1009. 	}

  1010. 

  1011. 	if (slash) {

  1012. 		mask = strtoul (slash + 1, NULL, 10);

  1013. 		if (mask > 32) {

  1014. 			return FALSE;

  1015. 		}

  1016. 		addr->m.dual.mask_v4 = mask;

  1017. 	}

  1018. 	else {

  1019. 		addr->m.dual.mask_v4 = 32;

  1020. 	}

  1021. 

  1022. 	addr->flags |= RSPAMD_SPF_FLAG_IPV4;

  1023. 	msg_debug_spf ("parsed ipv4 record %s/%d", ipbuf, addr->m.dual.mask_v4);

  1024. 

  1025. 	return TRUE;

  1026. }

  1027. 

  1028. static gboolean

  1029. parse_spf_ip6 (struct spf_record *rec, struct spf_addr *addr)

  1030. {

  1031. 	/* ip6:addr[/mask] */

  1032. 	const gchar *semicolon, *slash;

  1033. 	gsize len;

  1034. 	gchar ipbuf[INET6_ADDRSTRLEN + 1];

  1035. 	guint32 mask;

  1036. 

  1037. 	CHECK_REC (rec);

  1038. 

  1039. 	semicolon = strchr (addr->spf_string, ':');

  1040. 

  1041. 	if (semicolon == NULL) {

  1042. 		return FALSE;

  1043. 	}

  1044. 

  1045. 	semicolon++;

  1046. 	slash = strchr (semicolon, '/');

  1047. 

  1048. 	if (slash) {

  1049. 		len = slash - semicolon;

  1050. 	}

  1051. 	else {

  1052. 		len = strlen (semicolon);

  1053. 	}

  1054. 

  1055. 	rspamd_strlcpy (ipbuf, semicolon, MIN (len + 1, sizeof (ipbuf)));

  1056. 

  1057. 	if (inet_pton (AF_INET6, ipbuf, addr->addr6) != 1) {

  1058. 		return FALSE;

  1059. 	}

  1060. 

  1061. 	if (slash) {

  1062. 		mask = strtoul (slash + 1, NULL, 10);

  1063. 		if (mask > 128) {

  1064. 			return FALSE;

  1065. 		}

  1066. 		addr->m.dual.mask_v6 = mask;

  1067. 	}

  1068. 	else {

  1069. 		addr->m.dual.mask_v6 = 128;

  1070. 	}

  1071. 

  1072. 	addr->flags |= RSPAMD_SPF_FLAG_IPV6;

  1073. 	msg_debug_spf ("parsed ipv6 record %s/%d", ipbuf, addr->m.dual.mask_v6);

  1074. 

  1075. 	return TRUE;

  1076. }

  1077. 

  1078. 

  1079. static gboolean

  1080. parse_spf_include (struct spf_record *rec, struct spf_addr *addr)

  1081. {

  1082. 	struct spf_dns_cb *cb;

  1083. 	const gchar *domain;

  1084. 	struct rspamd_task *task = rec->task;

  1085. 

  1086. 	CHECK_REC (rec);

  1087. 	domain = strchr (addr->spf_string, ':');

  1088. 

  1089. 	if (domain == NULL) {

  1090. 		return FALSE;

  1091. 	}

  1092. 

  1093. 	domain++;

  1094. 

  1095. 	rec->dns_requests++;

  1096. 

  1097. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  1098. 	cb->rec = rec;

  1099. 	cb->addr = addr;

  1100. 	cb->cur_action = SPF_RESOLVE_INCLUDE;

  1101. 	addr->m.idx = rec->resolved->len;

  1102. 	cb->resolved = rspamd_spf_new_addr_list (rec, domain);

  1103. 	/* Set reference */

  1104. 	addr->flags |= RSPAMD_SPF_FLAG_REFRENCE;

  1105. 	msg_debug_spf ("resolve include %s", domain);

  1106. 

  1107. 	if (make_dns_request_task (task,

  1108. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_TXT, domain)) {

  1109. 		rec->requests_inflight++;

  1110. 

  1111. 		return TRUE;

  1112. 	}

  1113. 

  1114. 

  1115. 	return FALSE;

  1116. }

  1117. 

  1118. static gboolean

  1119. parse_spf_exp (struct spf_record *rec, struct spf_addr *addr)

  1120. {

  1121. 	CHECK_REC (rec);

  1122. 

  1123. 	msg_info_spf ("exp record is ignored");

  1124. 	return TRUE;

  1125. }

  1126. 

  1127. static gboolean

  1128. parse_spf_redirect (struct spf_record *rec,

  1129. 		struct spf_resolved_element *resolved, struct spf_addr *addr)

  1130. {

  1131. 	struct spf_dns_cb *cb;

  1132. 	const gchar *domain;

  1133. 	struct rspamd_task *task = rec->task;

  1134. 

  1135. 	CHECK_REC (rec);

  1136. 

  1137. 	domain = strchr (addr->spf_string, '=');

  1138. 

  1139. 	if (domain == NULL) {

  1140. 		return FALSE;

  1141. 	}

  1142. 

  1143. 	domain++;

  1144. 

  1145. 	rec->dns_requests++;

  1146. 	resolved->redirected = TRUE;

  1147. 

  1148. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  1149. 	/* Set reference */

  1150. 	addr->flags |= RSPAMD_SPF_FLAG_REFRENCE | RSPAMD_SPF_FLAG_REDIRECT;

  1151. 	addr->m.idx = rec->resolved->len;

  1152. 

  1153. 	cb->rec = rec;

  1154. 	cb->addr = addr;

  1155. 	cb->cur_action = SPF_RESOLVE_REDIRECT;

  1156. 	cb->resolved = rspamd_spf_new_addr_list (rec, domain);

  1157. 	msg_debug_spf ("resolve redirect %s", domain);

  1158. 

  1159. 	if (make_dns_request_task (task,

  1160. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_TXT, domain)) {

  1161. 		rec->requests_inflight++;

  1162. 

  1163. 		return TRUE;

  1164. 	}

  1165. 

  1166. 	return FALSE;

  1167. }

  1168. 

  1169. static gboolean

  1170. parse_spf_exists (struct spf_record *rec, struct spf_addr *addr)

  1171. {

  1172. 	struct spf_dns_cb *cb;

  1173. 	const gchar *host;

  1174. 	struct rspamd_task *task = rec->task;

  1175. 	struct spf_resolved_element *resolved;

  1176. 

  1177. 	resolved = g_ptr_array_index (rec->resolved, rec->resolved->len - 1);

  1178. 	CHECK_REC (rec);

  1179. 

  1180. 	host = strchr (addr->spf_string, ':');

  1181. 	if (host == NULL) {

  1182. 		msg_info_spf ("bad SPF exist record: %s", addr->spf_string);

  1183. 		return FALSE;

  1184. 	}

  1185. 

  1186. 	host++;

  1187. 	rec->dns_requests++;

  1188. 

  1189. 	cb = rspamd_mempool_alloc (task->task_pool, sizeof (struct spf_dns_cb));

  1190. 	cb->rec = rec;

  1191. 	cb->addr = addr;

  1192. 	cb->cur_action = SPF_RESOLVE_EXISTS;

  1193. 	cb->resolved = resolved;

  1194. 

  1195. 	msg_debug_spf ("resolve exists %s", host);

  1196. 	if (make_dns_request_task (task,

  1197. 			spf_record_dns_callback, (void *) cb, RDNS_REQUEST_A, host)) {

  1198. 		rec->requests_inflight++;

  1199. 

  1200. 		return TRUE;

  1201. 	}

  1202. 

  1203. 	return FALSE;

  1204. }

  1205. 

  1206. static void

  1207. reverse_spf_ip (gchar *ip, gint len)

  1208. {

  1209. 	gchar ipbuf[sizeof ("255.255.255.255") - 1], *p, *c;

  1210. 	gint t = 0, l = len;

  1211. 

  1212. 	if (len > (gint) sizeof (ipbuf)) {

  1213. 		msg_info ("cannot reverse string of length %d", len);

  1214. 		return;

  1215. 	}

  1216. 

  1217. 	p = ipbuf + len;

  1218. 	c = ip;

  1219. 	while (--l) {

  1220. 		if (*c == '.') {

  1221. 			memcpy (p, c - t, t);

  1222. 			*--p = '.';

  1223. 			c++;

  1224. 			t = 0;

  1225. 			continue;

  1226. 		}

  1227. 

  1228. 		t++;

  1229. 		c++;

  1230. 		p--;

  1231. 	}

  1232. 

  1233. 	memcpy (p - 1, c - t, t + 1);

  1234. 	memcpy (ip, ipbuf, len);

  1235. }

  1236. 

  1237. static const gchar *

  1238. expand_spf_macro (struct spf_record *rec,

  1239. 		const gchar *begin)

  1240. {

  1241. 	const gchar *p;

  1242. 	gchar *c, *new, *tmp;

  1243. 	gsize len = 0, slen = 0;

  1244. 	gint state = 0;

  1245. 	gchar ip_buf[INET6_ADDRSTRLEN];

  1246. 	gboolean need_expand = FALSE;

  1247. 	struct rspamd_task *task;

  1248. 	struct spf_resolved_element *resolved;

  1249. 

  1250. 	g_assert (rec != NULL);

  1251. 	g_assert (begin != NULL);

  1252. 

  1253. 	task = rec->task;

  1254. 	resolved = g_ptr_array_index (rec->resolved, rec->resolved->len - 1);

  1255. 	p = begin;

  1256. 	/* Calculate length */

  1257. 	while (*p) {

  1258. 		switch (state) {

  1259. 			case 0:

  1260. 				/* Skip any character and wait for % in input */

  1261. 				if (*p == '%') {

  1262. 					state = 1;

  1263. 				}

  1264. 				else {

  1265. 					len++;

  1266. 				}

  1267. 

  1268. 				slen++;

  1269. 				p++;

  1270. 				break;

  1271. 			case 1:

  1272. 				/* We got % sign, so we should whether wait for { or for - or for _ or for % */

  1273. 				if (*p == '%' || *p == '_') {

  1274. 					/* Just a single % sign or space */

  1275. 					len++;

  1276. 					state = 0;

  1277. 				}

  1278. 				else if (*p == '-') {

  1279. 					/* %20 */

  1280. 					len += sizeof ("%20") - 1;

  1281. 					state = 0;

  1282. 				}

  1283. 				else if (*p == '{') {

  1284. 					state = 2;

  1285. 				}

  1286. 				else {

  1287. 					/* Something unknown */

  1288. 					msg_info_spf (

  1289. 							"<%s>: spf error for domain %s: unknown spf element",

  1290. 							task->message_id, rec->sender_domain);

  1291. 					return begin;

  1292. 				}

  1293. 				p++;

  1294. 				slen++;

  1295. 				break;

  1296. 			case 2:

  1297. 				/* Read macro name */

  1298. 				switch (g_ascii_tolower (*p)) {

  1299. 					case 'i':

  1300. 						len += INET6_ADDRSTRLEN - 1;

  1301. 						break;

  1302. 					case 's':

  1303. 						len += strlen (rec->sender);

  1304. 						break;

  1305. 					case 'l':

  1306. 						len += strlen (rec->local_part);

  1307. 						break;

  1308. 					case 'o':

  1309. 						len += strlen (rec->sender_domain);

  1310. 						break;

  1311. 					case 'd':

  1312. 						len += strlen (resolved->cur_domain);

  1313. 						break;

  1314. 					case 'v':

  1315. 						len += sizeof ("in-addr") - 1;

  1316. 						break;

  1317. 					case 'h':

  1318. 						if (task->helo) {

  1319. 							len += strlen (task->helo);

  1320. 						}

  1321. 						break;

  1322. 					default:

  1323. 						msg_info_spf (

  1324. 								"<%s>: spf error for domain %s: unknown or unsupported spf macro %c in %s",

  1325. 								task->message_id,

  1326. 								rec->sender_domain,

  1327. 								*p,

  1328. 								begin);

  1329. 						return begin;

  1330. 				}

  1331. 				p++;

  1332. 				slen++;

  1333. 				state = 3;

  1334. 				break;

  1335. 			case 3:

  1336. 				/* Read modifier */

  1337. 				if (*p == '}') {

  1338. 					state = 0;

  1339. 					need_expand = TRUE;

  1340. 				}

  1341. 				else if (*p != 'r' && !g_ascii_isdigit (*p)) {

  1342. 					msg_info_spf (

  1343. 							"<%s>: spf error for domain %s: unknown or unsupported spf modifier %c in %s",

  1344. 							task->message_id,

  1345. 							rec->sender_domain,

  1346. 							*p,

  1347. 							begin);

  1348. 					return begin;

  1349. 				}

  1350. 				p++;

  1351. 				slen++;

  1352. 				break;

  1353. 

  1354. 			default:

  1355. 				assert (0);

  1356. 		}

  1357. 	}

  1358. 

  1359. 	if (!need_expand) {

  1360. 		/* No expansion needed */

  1361. 		return begin;

  1362. 	}

  1363. 

  1364. 	new = rspamd_mempool_alloc (task->task_pool, len + 1);

  1365. 

  1366. 	c = new;

  1367. 	p = begin;

  1368. 	state = 0;

  1369. 	/* Begin macro expansion */

  1370. 

  1371. 	while (*p) {

  1372. 		switch (state) {

  1373. 			case 0:

  1374. 				/* Skip any character and wait for % in input */

  1375. 				if (*p == '%') {

  1376. 					state = 1;

  1377. 				}

  1378. 				else {

  1379. 					*c = *p;

  1380. 					c++;

  1381. 				}

  1382. 

  1383. 				p++;

  1384. 				break;

  1385. 			case 1:

  1386. 				/* We got % sign, so we should whether wait for { or for - or for _ or for % */

  1387. 				if (*p == '%') {

  1388. 					/* Just a single % sign or space */

  1389. 					*c++ = '%';

  1390. 					state = 0;

  1391. 				}

  1392. 				else if (*p == '_') {

  1393. 					*c++ = ' ';

  1394. 					state = 0;

  1395. 				}

  1396. 				else if (*p == '-') {

  1397. 					/* %20 */

  1398. 					*c++ = '%';

  1399. 					*c++ = '2';

  1400. 					*c++ = '0';

  1401. 					state = 0;

  1402. 				}

  1403. 				else if (*p == '{') {

  1404. 					state = 2;

  1405. 				}

  1406. 				else {

  1407. 					/* Something unknown */

  1408. 					msg_info_spf (

  1409. 							"<%s>: spf error for domain %s: unknown spf element",

  1410. 							task->message_id, rec->sender_domain);

  1411. 					return begin;

  1412. 				}

  1413. 				p++;

  1414. 				break;

  1415. 			case 2:

  1416. 				/* Read macro name */

  1417. 				switch (g_ascii_tolower (*p)) {

  1418. 					case 'i':

  1419. 						len = rspamd_strlcpy (ip_buf,

  1420. 								rspamd_inet_address_to_string (task->from_addr),

  1421. 								sizeof (ip_buf));

  1422. 						memcpy (c, ip_buf, len);

  1423. 						c += len;

  1424. 						break;

  1425. 					case 's':

  1426. 						len = strlen (rec->sender);

  1427. 						memcpy (c, rec->sender, len);

  1428. 						c += len;

  1429. 						break;

  1430. 					case 'l':

  1431. 						len = strlen (rec->local_part);

  1432. 						memcpy (c, rec->local_part, len);

  1433. 						c += len;

  1434. 						break;

  1435. 					case 'o':

  1436. 						len = strlen (rec->sender_domain);

  1437. 						memcpy (c, rec->sender_domain, len);

  1438. 						c += len;

  1439. 						break;

  1440. 					case 'd':

  1441. 						len = strlen (resolved->cur_domain);

  1442. 						memcpy (c, resolved->cur_domain, len);

  1443. 						c += len;

  1444. 						break;

  1445. 					case 'v':

  1446. 						len = sizeof ("in-addr") - 1;

  1447. 						memcpy (c, "in-addr", len);

  1448. 						c += len;

  1449. 						break;

  1450. 					case 'h':

  1451. 						if (task->helo) {

  1452. 							tmp = strchr (task->helo, '@');

  1453. 							if (tmp) {

  1454. 								len = strlen (tmp + 1);

  1455. 								memcpy (c, tmp + 1, len);

  1456. 								c += len;

  1457. 							}

  1458. 						}

  1459. 						break;

  1460. 					default:

  1461. 						msg_info_spf (

  1462. 								"<%s>: spf error for domain %s: unknown or unsupported spf macro %c in %s",

  1463. 								task->message_id,

  1464. 								rec->sender_domain,

  1465. 								*p,

  1466. 								begin);

  1467. 						return begin;

  1468. 				}

  1469. 				p++;

  1470. 				state = 3;

  1471. 				break;

  1472. 			case 3:

  1473. 				/* Read modifier */

  1474. 				if (*p == '}') {

  1475. 					state = 0;

  1476. 				}

  1477. 				else if (*p == 'r' && len != 0) {

  1478. 					reverse_spf_ip (c - len, len);

  1479. 					len = 0;

  1480. 				}

  1481. 				else if (g_ascii_isdigit (*p)) {

  1482. 					/*XXX: try to implement domain trimming */

  1483. 				}

  1484. 				else {

  1485. 					msg_info_spf (

  1486. 							"<%s>: spf error for domain %s: unknown or unsupported spf macro %c in %s",

  1487. 							task->message_id,

  1488. 							rec->sender_domain,

  1489. 							*p,

  1490. 							begin);

  1491. 					return begin;

  1492. 				}

  1493. 				p++;

  1494. 				break;

  1495. 		}

  1496. 	}

  1497. 	/* Null terminate */

  1498. 	*c = '\0';

  1499. 

  1500. 	return new;

  1501. 

  1502. }

  1503. 

  1504. /* Read current element and try to parse record */

  1505. static gboolean

  1506. parse_spf_record (struct spf_record *rec, struct spf_resolved_element *resolved,

  1507. 		const gchar *elt)

  1508. {

  1509. 	struct spf_addr *addr = NULL;

  1510. 	gboolean res = FALSE;

  1511. 	const gchar *begin;

  1512. 	struct rspamd_task *task;

  1513. 	gchar t;

  1514. 

  1515. 	g_assert (elt != NULL);

  1516. 	g_assert (rec != NULL);

  1517. 

  1518. 	if (*elt == '\0' || resolved->redirected) {

  1519. 		return TRUE;

  1520. 	}

  1521. 

  1522. 	task = rec->task;

  1523. 	begin = expand_spf_macro (rec, elt);

  1524. 	addr = rspamd_spf_new_addr (rec, resolved, begin);

  1525. 	g_assert (addr != NULL);

  1526. 	t = g_ascii_tolower (addr->spf_string[0]);

  1527. 	begin = addr->spf_string;

  1528. 

  1529. 	/* Now check what we have */

  1530. 	switch (t) {

  1531. 		case 'a':

  1532. 			/* all or a */

  1533. 			if (g_ascii_strncasecmp (begin, SPF_ALL,

  1534. 					sizeof (SPF_ALL) - 1) == 0) {

  1535. 				res = parse_spf_all (rec, addr);

  1536. 			}

  1537. 			else if (g_ascii_strncasecmp (begin, SPF_A,

  1538. 					sizeof (SPF_A) - 1) == 0) {

  1539. 				res = parse_spf_a (rec, resolved, addr);

  1540. 			}

  1541. 			else {

  1542. 				msg_info_spf (

  1543. 						"<%s>: spf error for domain %s: bad spf command %s",

  1544. 						task->message_id, rec->sender_domain, begin);

  1545. 			}

  1546. 			break;

  1547. 		case 'i':

  1548. 			/* include or ip4 */

  1549. 			if (g_ascii_strncasecmp (begin, SPF_IP4,

  1550. 					sizeof (SPF_IP4) - 1) == 0) {

  1551. 				res = parse_spf_ip4 (rec, addr);

  1552. 			}

  1553. 			else if (g_ascii_strncasecmp (begin, SPF_INCLUDE,

  1554. 					sizeof (SPF_INCLUDE) - 1) == 0) {

  1555. 				res = parse_spf_include (rec, addr);

  1556. 			}

  1557. 			else if (g_ascii_strncasecmp (begin, SPF_IP6, sizeof (SPF_IP6) -

  1558. 														  1) == 0) {

  1559. 				res = parse_spf_ip6 (rec, addr);

  1560. 			}

  1561. 			else {

  1562. 				msg_info_spf (

  1563. 						"<%s>: spf error for domain %s: bad spf command %s",

  1564. 						task->message_id, rec->sender_domain, begin);

  1565. 			}

  1566. 			break;

  1567. 		case 'm':

  1568. 			/* mx */

  1569. 			if (g_ascii_strncasecmp (begin, SPF_MX, sizeof (SPF_MX) - 1) == 0) {

  1570. 				res = parse_spf_mx (rec, resolved, addr);

  1571. 			}

  1572. 			else {

  1573. 				msg_info_spf (

  1574. 						"<%s>: spf error for domain %s: bad spf command %s",

  1575. 						task->message_id, rec->sender_domain, begin);

  1576. 			}

  1577. 			break;

  1578. 		case 'p':

  1579. 			/* ptr */

  1580. 			if (g_ascii_strncasecmp (begin, SPF_PTR,

  1581. 					sizeof (SPF_PTR) - 1) == 0) {

  1582. 				res = parse_spf_ptr (rec, resolved, addr);

  1583. 			}

  1584. 			else {

  1585. 				msg_info_spf (

  1586. 						"<%s>: spf error for domain %s: bad spf command %s",

  1587. 						task->message_id, rec->sender_domain, begin);

  1588. 			}

  1589. 			break;

  1590. 		case 'e':

  1591. 			/* exp or exists */

  1592. 			if (g_ascii_strncasecmp (begin, SPF_EXP,

  1593. 					sizeof (SPF_EXP) - 1) == 0) {

  1594. 				res = parse_spf_exp (rec, addr);

  1595. 			}

  1596. 			else if (g_ascii_strncasecmp (begin, SPF_EXISTS,

  1597. 					sizeof (SPF_EXISTS) - 1) == 0) {

  1598. 				res = parse_spf_exists (rec, addr);

  1599. 			}

  1600. 			else {

  1601. 				msg_info_spf (

  1602. 						"<%s>: spf error for domain %s: bad spf command %s",

  1603. 						task->message_id, rec->sender_domain, begin);

  1604. 			}

  1605. 			break;

  1606. 		case 'r':

  1607. 			/* redirect */

  1608. 			if (g_ascii_strncasecmp (begin, SPF_REDIRECT,

  1609. 					sizeof (SPF_REDIRECT) - 1) == 0) {

  1610. 				res = parse_spf_redirect (rec, resolved, addr);

  1611. 			}

  1612. 			else {

  1613. 				msg_info_spf (

  1614. 						"<%s>: spf error for domain %s: bad spf command %s",

  1615. 						task->message_id, rec->sender_domain, begin);

  1616. 			}

  1617. 			break;

  1618. 		case 'v':

  1619. 			if (g_ascii_strncasecmp (begin, "v=spf",

  1620. 					sizeof ("v=spf") - 1) == 0) {

  1621. 				/* Skip this element till the end of record */

  1622. 				while (*begin && !g_ascii_isspace (*begin)) {

  1623. 					begin++;

  1624. 				}

  1625. 			}

  1626. 			break;

  1627. 		default:

  1628. 			msg_info_spf ("<%s>: spf error for domain %s: bad spf command %s",

  1629. 					task->message_id, rec->sender_domain, begin);

  1630. 			break;

  1631. 	}

  1632. 

  1633. 	if (res) {

  1634. 		addr->flags |= RSPAMD_SPF_FLAG_PARSED;

  1635. 	}

  1636. 

  1637. 	return res;

  1638. }

  1639. 

  1640. static void

  1641. parse_spf_scopes (struct spf_record *rec, gchar **begin)

  1642. {

  1643. 	for (; ;) {

  1644. 		if (g_ascii_strncasecmp (*begin, SPF_SCOPE_PRA, sizeof (SPF_SCOPE_PRA) -

  1645. 														1) == 0) {

  1646. 			*begin += sizeof (SPF_SCOPE_PRA) - 1;

  1647. 			/* XXX: Implement actual PRA check */

  1648. 			/* extract_pra_info (rec); */

  1649. 			continue;

  1650. 		}

  1651. 		else if (g_ascii_strncasecmp (*begin, SPF_SCOPE_MFROM,

  1652. 				sizeof (SPF_SCOPE_MFROM) - 1) == 0) {

  1653. 			/* mfrom is standart spf1 check */

  1654. 			*begin += sizeof (SPF_SCOPE_MFROM) - 1;

  1655. 			continue;

  1656. 		}

  1657. 		else if (**begin != ',') {

  1658. 			break;

  1659. 		}

  1660. 		(*begin)++;

  1661. 	}

  1662. }

  1663. 

  1664. static gboolean

  1665. start_spf_parse (struct spf_record *rec, struct spf_resolved_element *resolved,

  1666. 		gchar *begin)

  1667. {

  1668. 	gchar **elts, **cur_elt;

  1669. 

  1670. 	/* Skip spaces */

  1671. 	while (g_ascii_isspace (*begin)) {

  1672. 		begin++;

  1673. 	}

  1674. 

  1675. 	if (g_ascii_strncasecmp (begin, SPF_VER1_STR, sizeof (SPF_VER1_STR) - 1) ==

  1676. 		0) {

  1677. 		begin += sizeof (SPF_VER1_STR) - 1;

  1678. 

  1679. 		while (g_ascii_isspace (*begin) && *begin) {

  1680. 			begin++;

  1681. 		}

  1682. 	}

  1683. 	else if (g_ascii_strncasecmp (begin, SPF_VER2_STR, sizeof (SPF_VER2_STR) -

  1684. 													   1) == 0) {

  1685. 		/* Skip one number of record, so no we are here spf2.0/ */

  1686. 		begin += sizeof (SPF_VER2_STR);

  1687. 		if (*begin != '/') {

  1688. 			msg_info_spf ("<%s>: spf error for domain %s: sender id is invalid",

  1689. 					rec->task->message_id, rec->sender_domain);

  1690. 		}

  1691. 		else {

  1692. 			begin++;

  1693. 			parse_spf_scopes (rec, &begin);

  1694. 		}

  1695. 		/* Now common spf record */

  1696. 	}

  1697. 	else {

  1698. 		msg_debug_spf (

  1699. 				"<%s>: spf error for domain %s: bad spf record start: %*s",

  1700. 				rec->task->message_id,

  1701. 				rec->sender_domain,

  1702. 				(gint)sizeof (SPF_VER1_STR) - 1,

  1703. 				begin);

  1704. 		return FALSE;

  1705. 	}

  1706. 

  1707. 	while (g_ascii_isspace (*begin) && *begin) {

  1708. 		begin++;

  1709. 	}

  1710. 

  1711. 	elts = g_strsplit_set (begin, " ", 0);

  1712. 

  1713. 	if (elts) {

  1714. 		cur_elt = elts;

  1715. 

  1716. 		while (*cur_elt) {

  1717. 			parse_spf_record (rec, resolved, *cur_elt);

  1718. 			cur_elt++;

  1719. 		}

  1720. 

  1721. 		g_strfreev (elts);

  1722. 	}

  1723. 

  1724. 	rspamd_spf_maybe_return (rec);

  1725. 

  1726. 	return TRUE;

  1727. }

  1728. 

  1729. static void

  1730. spf_dns_callback (struct rdns_reply *reply, gpointer arg)

  1731. {

  1732. 	struct spf_record *rec = arg;

  1733. 	struct spf_resolved_element *resolved;

  1734. 

  1735. 	rec->requests_inflight--;

  1736. 

  1737. 	if (reply->code == RDNS_RC_NOERROR) {

  1738. 		resolved = rspamd_spf_new_addr_list (rec, rec->sender_domain);

  1739. 		if (rec->resolved->len == 1) {

  1740. 			/* Top level resolved element */

  1741. 			rec->ttl = reply->entries->ttl;

  1742. 		}

  1743. 

  1744. 		spf_process_txt_record (rec, resolved, reply);

  1745. 	}

  1746. 

  1747. 	rspamd_spf_maybe_return (rec);

  1748. }

  1749. 

  1750. const gchar *

  1751. get_spf_domain (struct rspamd_task *task)

  1752. {

  1753. 	const gchar *domain, *res = NULL;

  1754. 	const gchar *sender;

  1755. 

  1756. 	sender = rspamd_task_get_sender (task);

  1757. 

  1758. 	if (sender != NULL) {

  1759. 		domain = strchr (sender, '@');

  1760. 		if (domain) {

  1761. 			res = domain + 1;

  1762. 		}

  1763. 	}

  1764. 

  1765. 	return res;

  1766. }

  1767. 

  1768. gboolean

  1769. resolve_spf (struct rspamd_task *task, spf_cb_t callback)

  1770. {

  1771. 	struct spf_record *rec;

  1772. 	gchar *domain;

  1773. 	const gchar *sender;

  1774. 

  1775. 	sender = rspamd_task_get_sender (task);

  1776. 

  1777. 	rec = rspamd_mempool_alloc0 (task->task_pool, sizeof (struct spf_record));

  1778. 	rec->task = task;

  1779. 	rec->callback = callback;

  1780. 

  1781. 	rec->resolved = g_ptr_array_sized_new (8);

  1782. 

  1783. 	/* Add destructor */

  1784. 	rspamd_mempool_add_destructor (task->task_pool,

  1785. 			(rspamd_mempool_destruct_t) spf_record_destructor,

  1786. 			rec);

  1787. 

  1788. 	/* Extract from data */

  1789. 	if (sender != NULL && (domain = strchr (sender, '@')) != NULL) {

  1790. 		rec->sender = sender;

  1791. 

  1792. 		rec->local_part = rspamd_mempool_alloc (task->task_pool,

  1793. 				domain - sender);

  1794. 		rspamd_strlcpy (rec->local_part, sender, domain - sender);

  1795. 		rec->sender_domain = domain + 1;

  1796. 	}

  1797. 	else if (task->helo != NULL && strchr (task->helo, '.') != NULL) {

  1798. 		/* For notifies we can check HELO identity and check SPF accordingly */

  1799. 		/* XXX: very poor check */

  1800. 		rec->local_part = rspamd_mempool_strdup (task->task_pool, "postmaster");

  1801. 		rec->sender_domain = task->helo;

  1802. 	}

  1803. 	else {

  1804. 		return FALSE;

  1805. 	}

  1806. 

  1807. 	if (make_dns_request_task (task,

  1808. 			spf_dns_callback,

  1809. 			(void *) rec, RDNS_REQUEST_TXT, rec->sender_domain)) {

  1810. 		rec->requests_inflight++;

  1811. 		return TRUE;

  1812. 	}

  1813. 

  1814. 	return FALSE;

  1815. }

  1816. 

  1817. struct spf_resolved *

  1818. spf_record_ref (struct spf_resolved *rec)

  1819. {

  1820. 	REF_RETAIN (rec);

  1821. 	return rec;

  1822. }

  1823. 

  1824. void

  1825. spf_record_unref (struct spf_resolved *rec)

  1826. {

  1827. 	REF_RELEASE (rec);

  1828. }