mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14014 Commits
29 Branches
Tree: ee587bdf28
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee587bdf28'
${ noResults }
rspamd/src/plugins/spf.c

spf.c 16KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. /***MODULE:spf

  17.  * rspamd module that checks spf records of incoming email

  18.  *

  19.  * Allowed options:

  20.  * - symbol_allow (string): symbol to insert (default: 'R_SPF_ALLOW')

  21.  * - symbol_fail (string): symbol to insert (default: 'R_SPF_FAIL')

  22.  * - symbol_softfail (string): symbol to insert (default: 'R_SPF_SOFTFAIL')

  23.  * - symbol_na (string): symbol to insert (default: 'R_SPF_NA')

  24.  * - symbol_dnsfail (string): symbol to insert (default: 'R_SPF_DNSFAIL')

  25.  * - symbol_permfail (string): symbol to insert (default: 'R_SPF_PERMFAIL')

  26.  * - whitelist (map): map of whitelisted networks

  27.  */

  28. 

  29. 

  30. #include "config.h"

  31. #include "libmime/message.h"

  32. #include "libserver/spf.h"

  33. #include "libutil/hash.h"

  34. #include "libutil/map.h"

  35. #include "libutil/map_helpers.h"

  36. #include "rspamd.h"

  37. #include "libserver/mempool_vars_internal.h"

  38. 

  39. #define DEFAULT_SYMBOL_FAIL "R_SPF_FAIL"

  40. #define DEFAULT_SYMBOL_SOFTFAIL "R_SPF_SOFTFAIL"

  41. #define DEFAULT_SYMBOL_NEUTRAL "R_SPF_NEUTRAL"

  42. #define DEFAULT_SYMBOL_ALLOW "R_SPF_ALLOW"

  43. #define DEFAULT_SYMBOL_DNSFAIL "R_SPF_DNSFAIL"

  44. #define DEFAULT_SYMBOL_PERMFAIL "R_SPF_PERMFAIL"

  45. #define DEFAULT_SYMBOL_NA "R_SPF_NA"

  46. #define DEFAULT_CACHE_SIZE 2048

  47. 

  48. static const gchar *M = "rspamd spf plugin";

  49. 

  50. struct spf_ctx {

  51. 	struct module_ctx ctx;

  52. 	const gchar *symbol_fail;

  53. 	const gchar *symbol_softfail;

  54. 	const gchar *symbol_neutral;

  55. 	const gchar *symbol_allow;

  56. 	const gchar *symbol_dnsfail;

  57. 	const gchar *symbol_na;

  58. 	const gchar *symbol_permfail;

  59. 

  60. 	struct rspamd_radix_map_helper *whitelist_ip;

  61. 	rspamd_lru_hash_t *spf_hash;

  62. 

  63. 	gboolean check_local;

  64. 	gboolean check_authed;

  65. };

  66. 

  67. static void spf_symbol_callback (struct rspamd_task *task,

  68. 								 struct rspamd_symcache_item *item,

  69. 								 void *unused);

  70. 

  71. /* Initialization */

  72. gint spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx);

  73. gint spf_module_config (struct rspamd_config *cfg);

  74. gint spf_module_reconfig (struct rspamd_config *cfg);

  75. 

  76. module_t spf_module = {

  77. 		"spf",

  78. 		spf_module_init,

  79. 		spf_module_config,

  80. 		spf_module_reconfig,

  81. 		NULL,

  82. 		RSPAMD_MODULE_VER,

  83. 		(guint)-1,

  84. };

  85. 

  86. static inline struct spf_ctx *

  87. spf_get_context (struct rspamd_config *cfg)

  88. {

  89. 	return (struct spf_ctx *)g_ptr_array_index (cfg->c_modules,

  90. 			spf_module.ctx_offset);

  91. }

  92. 

  93. 

  94. gint

  95. spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)

  96. {

  97. 	struct spf_ctx *spf_module_ctx;

  98. 

  99. 	spf_module_ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,

  100. 			sizeof (*spf_module_ctx));

  101. 	*ctx = (struct module_ctx *)spf_module_ctx;

  102. 

  103. 	rspamd_rcl_add_doc_by_path (cfg,

  104. 			NULL,

  105. 			"SPF check plugin",

  106. 			"spf",

  107. 			UCL_OBJECT,

  108. 			NULL,

  109. 			0,

  110. 			NULL,

  111. 			0);

  112. 

  113. 	rspamd_rcl_add_doc_by_path (cfg,

  114. 			"spf",

  115. 			"Map of IP addresses that should be excluded from SPF checks (in addition to `local_networks`)",

  116. 			"whitelist",

  117. 			UCL_STRING,

  118. 			NULL,

  119. 			0,

  120. 			NULL,

  121. 			0);

  122. 	rspamd_rcl_add_doc_by_path (cfg,

  123. 			"spf",

  124. 			"Symbol that is added if SPF check is successful",

  125. 			"symbol_allow",

  126. 			UCL_STRING,

  127. 			NULL,

  128. 			0,

  129. 			NULL,

  130. 			0);

  131. 	rspamd_rcl_add_doc_by_path (cfg,

  132. 			"spf",

  133. 			"Symbol that is added if SPF policy is set to 'deny'",

  134. 			"symbol_fail",

  135. 			UCL_STRING,

  136. 			NULL,

  137. 			0,

  138. 			NULL,

  139. 			0);

  140. 	rspamd_rcl_add_doc_by_path (cfg,

  141. 			"spf",

  142. 			"Symbol that is added if SPF policy is set to 'undefined'",

  143. 			"symbol_softfail",

  144. 			UCL_STRING,

  145. 			NULL,

  146. 			0,

  147. 			NULL,

  148. 			0);

  149. 	rspamd_rcl_add_doc_by_path (cfg,

  150. 			"spf",

  151. 			"Symbol that is added if SPF policy is set to 'neutral'",

  152. 			"symbol_neutral",

  153. 			UCL_STRING,

  154. 			NULL,

  155. 			0,

  156. 			NULL,

  157. 			0);

  158. 	rspamd_rcl_add_doc_by_path (cfg,

  159. 			"spf",

  160. 			"Symbol that is added if SPF policy is failed due to DNS failure",

  161. 			"symbol_dnsfail",

  162. 			UCL_STRING,

  163. 			NULL,

  164. 			0,

  165. 			NULL,

  166. 			0);

  167. 	rspamd_rcl_add_doc_by_path (cfg,

  168. 			"spf",

  169. 			"Symbol that is added if no SPF policy is found",

  170. 			"symbol_na",

  171. 			UCL_STRING,

  172. 			NULL,

  173. 			0,

  174. 			NULL,

  175. 			0);

  176. 	rspamd_rcl_add_doc_by_path (cfg,

  177. 			"spf",

  178. 			"Symbol that is added if SPF policy is invalid",

  179. 			"symbol_permfail",

  180. 			UCL_STRING,

  181. 			NULL,

  182. 			0,

  183. 			NULL,

  184. 			0);

  185. 	rspamd_rcl_add_doc_by_path (cfg,

  186. 			"spf",

  187. 			"Size of SPF parsed records cache",

  188. 			"spf_cache_size",

  189. 			UCL_INT,

  190. 			NULL,

  191. 			0,

  192. 			NULL,

  193. 			0);

  194. 

  195. 	return 0;

  196. }

  197. 

  198. 

  199. gint

  200. spf_module_config (struct rspamd_config *cfg)

  201. {

  202. 	const ucl_object_t *value;

  203. 	gint res = TRUE, cb_id;

  204. 	guint cache_size;

  205. 	struct spf_ctx *spf_module_ctx = spf_get_context (cfg);

  206. 

  207. 	if (!rspamd_config_is_module_enabled (cfg, "spf")) {

  208. 		return TRUE;

  209. 	}

  210. 

  211. 	spf_module_ctx->whitelist_ip = NULL;

  212. 

  213. 	value = rspamd_config_get_module_opt (cfg, "spf", "check_local");

  214. 

  215. 	if (value == NULL) {

  216. 		rspamd_config_get_module_opt (cfg, "options", "check_local");

  217. 	}

  218. 

  219. 	if (value != NULL) {

  220. 		spf_module_ctx->check_local = ucl_obj_toboolean (value);

  221. 	}

  222. 	else {

  223. 		spf_module_ctx->check_local = FALSE;

  224. 	}

  225. 

  226. 	value = rspamd_config_get_module_opt (cfg, "spf", "check_authed");

  227. 

  228. 	if (value == NULL) {

  229. 		rspamd_config_get_module_opt (cfg, "options", "check_authed");

  230. 	}

  231. 

  232. 	if (value != NULL) {

  233. 		spf_module_ctx->check_authed = ucl_obj_toboolean (value);

  234. 	}

  235. 	else {

  236. 		spf_module_ctx->check_authed = FALSE;

  237. 	}

  238. 	if ((value =

  239. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_fail")) != NULL) {

  240. 		spf_module_ctx->symbol_fail = ucl_obj_tostring (value);

  241. 	}

  242. 	else {

  243. 		spf_module_ctx->symbol_fail = DEFAULT_SYMBOL_FAIL;

  244. 	}

  245. 	if ((value =

  246. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_softfail")) != NULL) {

  247. 		spf_module_ctx->symbol_softfail = ucl_obj_tostring (value);

  248. 	}

  249. 	else {

  250. 		spf_module_ctx->symbol_softfail = DEFAULT_SYMBOL_SOFTFAIL;

  251. 	}

  252. 	if ((value =

  253. 			rspamd_config_get_module_opt (cfg, "spf", "symbol_neutral")) != NULL) {

  254. 		spf_module_ctx->symbol_neutral = ucl_obj_tostring (value);

  255. 	}

  256. 	else {

  257. 		spf_module_ctx->symbol_neutral = DEFAULT_SYMBOL_NEUTRAL;

  258. 	}

  259. 	if ((value =

  260. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_allow")) != NULL) {

  261. 		spf_module_ctx->symbol_allow = ucl_obj_tostring (value);

  262. 	}

  263. 	else {

  264. 		spf_module_ctx->symbol_allow = DEFAULT_SYMBOL_ALLOW;

  265. 	}

  266. 	if ((value =

  267. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_dnsfail")) != NULL) {

  268. 		spf_module_ctx->symbol_dnsfail = ucl_obj_tostring (value);

  269. 	}

  270. 	else {

  271. 		spf_module_ctx->symbol_dnsfail = DEFAULT_SYMBOL_DNSFAIL;

  272. 	}

  273. 	if ((value =

  274. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_na")) != NULL) {

  275. 		spf_module_ctx->symbol_na = ucl_obj_tostring (value);

  276. 	}

  277. 	else {

  278. 		spf_module_ctx->symbol_na = DEFAULT_SYMBOL_NA;

  279. 	}

  280. 	if ((value =

  281. 		rspamd_config_get_module_opt (cfg, "spf", "symbol_permfail")) != NULL) {

  282. 		spf_module_ctx->symbol_permfail = ucl_obj_tostring (value);

  283. 	}

  284. 	else {

  285. 		spf_module_ctx->symbol_permfail = DEFAULT_SYMBOL_PERMFAIL;

  286. 	}

  287. 	if ((value =

  288. 		rspamd_config_get_module_opt (cfg, "spf", "spf_cache_size")) != NULL) {

  289. 		cache_size = ucl_obj_toint (value);

  290. 	}

  291. 	else {

  292. 		cache_size = DEFAULT_CACHE_SIZE;

  293. 	}

  294. 

  295. 	if ((value =

  296. 		rspamd_config_get_module_opt (cfg, "spf", "whitelist")) != NULL) {

  297. 

  298. 		rspamd_config_radix_from_ucl (cfg, value, "SPF whitelist",

  299. 				&spf_module_ctx->whitelist_ip, NULL);

  300. 	}

  301. 

  302. 	cb_id = rspamd_symcache_add_symbol (cfg->cache,

  303. 			spf_module_ctx->symbol_fail,

  304. 			0,

  305. 			spf_symbol_callback,

  306. 			NULL,

  307. 			SYMBOL_TYPE_NORMAL | SYMBOL_TYPE_FINE | SYMBOL_TYPE_EMPTY, -1);

  308. 	rspamd_symcache_add_symbol (cfg->cache,

  309. 			spf_module_ctx->symbol_softfail, 0,

  310. 			NULL, NULL,

  311. 			SYMBOL_TYPE_VIRTUAL,

  312. 			cb_id);

  313. 	rspamd_symcache_add_symbol (cfg->cache,

  314. 			spf_module_ctx->symbol_permfail, 0,

  315. 			NULL, NULL,

  316. 			SYMBOL_TYPE_VIRTUAL,

  317. 			cb_id);

  318. 	rspamd_symcache_add_symbol (cfg->cache,

  319. 			spf_module_ctx->symbol_na, 0,

  320. 			NULL, NULL,

  321. 			SYMBOL_TYPE_VIRTUAL,

  322. 			cb_id);

  323. 	rspamd_symcache_add_symbol (cfg->cache,

  324. 			spf_module_ctx->symbol_neutral, 0,

  325. 			NULL, NULL,

  326. 			SYMBOL_TYPE_VIRTUAL,

  327. 			cb_id);

  328. 	rspamd_symcache_add_symbol (cfg->cache,

  329. 			spf_module_ctx->symbol_allow, 0,

  330. 			NULL, NULL,

  331. 			SYMBOL_TYPE_VIRTUAL,

  332. 			cb_id);

  333. 	rspamd_symcache_add_symbol (cfg->cache,

  334. 			spf_module_ctx->symbol_dnsfail, 0,

  335. 			NULL, NULL,

  336. 			SYMBOL_TYPE_VIRTUAL,

  337. 			cb_id);

  338. 

  339. 	spf_module_ctx->spf_hash = rspamd_lru_hash_new (

  340. 			cache_size,

  341. 			NULL,

  342. 			(GDestroyNotify)spf_record_unref);

  343. 

  344. 	msg_info_config ("init internal spf module");

  345. 

  346. 	rspamd_mempool_add_destructor (cfg->cfg_pool,

  347. 			(rspamd_mempool_destruct_t)rspamd_lru_hash_destroy,

  348. 			spf_module_ctx->spf_hash);

  349. 	rspamd_mempool_add_destructor (cfg->cfg_pool,

  350. 			(rspamd_mempool_destruct_t)rspamd_map_helper_destroy_radix,

  351. 			spf_module_ctx->whitelist_ip);

  352. 

  353. 	return res;

  354. }

  355. 

  356. gint

  357. spf_module_reconfig (struct rspamd_config *cfg)

  358. {

  359. 	return spf_module_config (cfg);

  360. }

  361. 

  362. static gboolean

  363. spf_check_element (struct spf_resolved *rec, struct spf_addr *addr,

  364. 		struct rspamd_task *task)

  365. {

  366. 	gboolean res = FALSE;

  367. 	const guint8 *s, *d;

  368. 	gchar *spf_result;

  369. 	guint af, mask, bmask, addrlen;

  370. 	const gchar *spf_message, *spf_symbol;

  371. 	struct spf_ctx *spf_module_ctx = spf_get_context (task->cfg);

  372. 

  373. 	if (task->from_addr == NULL) {

  374. 		return FALSE;

  375. 	}

  376. 

  377. 	if (addr->flags & RSPAMD_SPF_FLAG_TEMPFAIL) {

  378. 		/* Ignore failed addresses */

  379. 		return FALSE;

  380. 	}

  381. 

  382. 	af = rspamd_inet_address_get_af (task->from_addr);

  383. 	/* Basic comparing algorithm */

  384. 	if (((addr->flags & RSPAMD_SPF_FLAG_IPV6) && af == AF_INET6) ||

  385. 		((addr->flags & RSPAMD_SPF_FLAG_IPV4) && af == AF_INET)) {

  386. 		d = rspamd_inet_address_get_hash_key (task->from_addr, &addrlen);

  387. 

  388. 		if (af == AF_INET6) {

  389. 			s = (const guint8 *)addr->addr6;

  390. 			mask = addr->m.dual.mask_v6;

  391. 		}

  392. 		else {

  393. 			s = (const guint8 *)addr->addr4;

  394. 			mask = addr->m.dual.mask_v4;

  395. 		}

  396. 

  397. 		/* Compare the first bytes */

  398. 		bmask = mask / CHAR_BIT;

  399. 		if (mask > addrlen * CHAR_BIT) {

  400. 			msg_info_task ("bad mask length: %d", mask);

  401. 		}

  402. 		else if (memcmp (s, d, bmask) == 0) {

  403. 			if (bmask * CHAR_BIT < mask) {

  404. 				/* Compare the remaining bits */

  405. 				s += bmask;

  406. 				d += bmask;

  407. 				mask = (0xff << (CHAR_BIT - (mask - bmask * 8))) & 0xff;

  408. 

  409. 				if ((*s & mask) == (*d & mask)) {

  410. 					res = TRUE;

  411. 				}

  412. 			}

  413. 			else {

  414. 				res = TRUE;

  415. 			}

  416. 		}

  417. 	}

  418. 	else {

  419. 		if (addr->flags & RSPAMD_SPF_FLAG_ANY) {

  420. 			res = TRUE;

  421. 		}

  422. 		else {

  423. 			res = FALSE;

  424. 		}

  425. 	}

  426. 

  427. 	if (res) {

  428. 		spf_result = rspamd_mempool_alloc (task->task_pool,

  429. 				strlen (addr->spf_string) + 2);

  430. 

  431. 		switch (addr->mech) {

  432. 		case SPF_FAIL:

  433. 			spf_symbol = spf_module_ctx->symbol_fail;

  434. 			spf_result[0] = '-';

  435. 			spf_message = "(SPF): spf fail";

  436. 			if (addr->flags & RSPAMD_SPF_FLAG_ANY) {

  437. 				if (rec->perm_failed) {

  438. 					msg_info_task ("do not apply SPF failed policy, as we have "

  439. 							"some addresses unresolved");

  440. 					spf_symbol = spf_module_ctx->symbol_permfail;

  441. 				}

  442. 				else if (rec->temp_failed) {

  443. 					msg_info_task ("do not apply SPF failed policy, as we have "

  444. 							"some addresses unresolved");

  445. 					spf_symbol = spf_module_ctx->symbol_dnsfail;

  446. 					spf_message = "(SPF): spf DNS fail";

  447. 				}

  448. 			}

  449. 			break;

  450. 		case SPF_SOFT_FAIL:

  451. 			spf_symbol = spf_module_ctx->symbol_softfail;

  452. 			spf_message = "(SPF): spf softfail";

  453. 			spf_result[0] = '~';

  454. 

  455. 			if (addr->flags & RSPAMD_SPF_FLAG_ANY) {

  456. 				if (rec->perm_failed) {

  457. 					msg_info_task ("do not apply SPF failed policy, as we have "

  458. 							"some addresses unresolved");

  459. 					spf_symbol = spf_module_ctx->symbol_permfail;

  460. 				}

  461. 				else if (rec->temp_failed) {

  462. 					msg_info_task ("do not apply SPF failed policy, as we have "

  463. 							"some addresses unresolved");

  464. 					spf_symbol = spf_module_ctx->symbol_dnsfail;

  465. 					spf_message = "(SPF): spf DNS fail";

  466. 				}

  467. 			}

  468. 			break;

  469. 		case SPF_NEUTRAL:

  470. 			spf_symbol = spf_module_ctx->symbol_neutral;

  471. 			spf_message = "(SPF): spf neutral";

  472. 			spf_result[0] = '?';

  473. 			break;

  474. 		default:

  475. 			spf_symbol = spf_module_ctx->symbol_allow;

  476. 			spf_message = "(SPF): spf allow";

  477. 			spf_result[0] = '+';

  478. 			break;

  479. 		}

  480. 

  481. 		rspamd_strlcpy (spf_result + 1, addr->spf_string,

  482. 				strlen (addr->spf_string) + 1);

  483. 

  484. 		rspamd_task_insert_result (task,

  485. 				spf_symbol,

  486. 				1,

  487. 				spf_result);

  488. 		ucl_object_insert_key (task->messages,

  489. 				ucl_object_fromstring (spf_message), "spf", 0,

  490. 				false);

  491. 

  492. 		return TRUE;

  493. 	}

  494. 

  495. 	return FALSE;

  496. }

  497. 

  498. static void

  499. spf_check_list (struct spf_resolved *rec, struct rspamd_task *task)

  500. {

  501. 	guint i;

  502. 	struct spf_addr *addr;

  503. 

  504. 	for (i = 0; i < rec->elts->len; i ++) {

  505. 		addr = &g_array_index (rec->elts, struct spf_addr, i);

  506. 		if (spf_check_element (rec, addr, task)) {

  507. 			break;

  508. 		}

  509. 	}

  510. }

  511. 

  512. static void

  513. spf_plugin_callback (struct spf_resolved *record, struct rspamd_task *task,

  514. 		gpointer ud)

  515. {

  516. 	struct spf_resolved *l;

  517. 	struct rspamd_symcache_item *item = (struct rspamd_symcache_item *)ud;

  518. 	struct spf_ctx *spf_module_ctx = spf_get_context (task->cfg);

  519. 

  520. 	if (record && record->na) {

  521. 		rspamd_task_insert_result (task,

  522. 				spf_module_ctx->symbol_na,

  523. 				1,

  524. 				NULL);

  525. 	}

  526. 	else if (record && record->elts->len == 0 && record->temp_failed) {

  527. 		rspamd_task_insert_result (task,

  528. 				spf_module_ctx->symbol_dnsfail,

  529. 				1,

  530. 				NULL);

  531. 	}

  532. 	else if (record && record->elts->len == 0 && record->perm_failed) {

  533. 		rspamd_task_insert_result (task,

  534. 				spf_module_ctx->symbol_permfail,

  535. 				1,

  536. 				NULL);

  537. 	}

  538. 	else if (record && record->elts->len == 0) {

  539. 		rspamd_task_insert_result (task,

  540. 				spf_module_ctx->symbol_permfail,

  541. 				1,

  542. 				NULL);

  543. 	}

  544. 	else if (record && record->domain) {

  545. 

  546. 		if ((l = rspamd_lru_hash_lookup (spf_module_ctx->spf_hash,

  547. 					record->domain, task->tv.tv_sec)) == NULL) {

  548. 			l = record;

  549. 

  550. 			if (record->ttl > 0 &&

  551. 					!record->temp_failed &&

  552. 					!record->perm_failed &&

  553. 					!record->na) {

  554. 

  555. 				rspamd_lru_hash_insert (spf_module_ctx->spf_hash,

  556. 						record->domain, spf_record_ref (l),

  557. 						task->tv.tv_sec, record->ttl);

  558. 			}

  559. 

  560. 		}

  561. 

  562. 		spf_record_ref (l);

  563. 		spf_check_list (l, task);

  564. 		spf_record_unref (l);

  565. 	}

  566. 

  567. 	rspamd_symcache_item_async_dec_check (task, item, M);

  568. }

  569. 

  570. 

  571. static void

  572. spf_symbol_callback (struct rspamd_task *task,

  573. 					 struct rspamd_symcache_item *item,

  574. 					 void *unused)

  575. {

  576. 	const gchar *domain;

  577. 	struct spf_resolved *l;

  578. 	gint *dmarc_checks;

  579. 	struct spf_ctx *spf_module_ctx = spf_get_context (task->cfg);

  580. 

  581. 	/* Allow dmarc */

  582. 	dmarc_checks = rspamd_mempool_get_variable (task->task_pool,

  583. 			RSPAMD_MEMPOOL_DMARC_CHECKS);

  584. 

  585. 	if (dmarc_checks) {

  586. 		(*dmarc_checks) ++;

  587. 	}

  588. 	else {

  589. 		dmarc_checks = rspamd_mempool_alloc (task->task_pool,

  590. 				sizeof (*dmarc_checks));

  591. 		*dmarc_checks = 1;

  592. 		rspamd_mempool_set_variable (task->task_pool,

  593. 				RSPAMD_MEMPOOL_DMARC_CHECKS,

  594. 				dmarc_checks, NULL);

  595. 	}

  596. 

  597. 	if (rspamd_match_radix_map_addr (spf_module_ctx->whitelist_ip,

  598. 			task->from_addr) != NULL) {

  599. 		rspamd_symcache_finalize_item (task, item);

  600. 		return;

  601. 	}

  602. 

  603. 	if ((!spf_module_ctx->check_authed && task->user != NULL)

  604. 			|| (!spf_module_ctx->check_local &&

  605. 					rspamd_inet_address_is_local (task->from_addr, TRUE))) {

  606. 		msg_info_task ("skip SPF checks for local networks and authorized users");

  607. 		rspamd_symcache_finalize_item (task, item);

  608. 

  609. 		return;

  610. 	}

  611. 

  612. 	domain = rspamd_spf_get_domain (task);

  613. 	rspamd_symcache_item_async_inc (task, item, M);

  614. 

  615. 	if (domain) {

  616. 		if ((l =

  617. 			rspamd_lru_hash_lookup (spf_module_ctx->spf_hash, domain,

  618. 			task->tv.tv_sec)) != NULL) {

  619. 			spf_record_ref (l);

  620. 			spf_check_list (l, task);

  621. 			spf_record_unref (l);

  622. 		}

  623. 		else {

  624. 

  625. 			if (!rspamd_spf_resolve (task, spf_plugin_callback, item)) {

  626. 				msg_info_task ("cannot make spf request for [%s]",

  627. 						task->message_id);

  628. 				rspamd_task_insert_result (task,

  629. 						spf_module_ctx->symbol_dnsfail,

  630. 						1,

  631. 						"(SPF): spf DNS fail");

  632. 			}

  633. 			else {

  634. 				rspamd_symcache_item_async_inc (task, item, M);

  635. 			}

  636. 		}

  637. 	}

  638. 

  639. 	rspamd_symcache_item_async_dec_check (task, item, M);

  640. }