From 9e61dce1b503b21f85ee24378aa4a3383680e792 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 25 Oct 2019 09:22:43 +0100
Subject: [Feature] Implement configurable limits for SPF lookups

---
 src/libserver/spf.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/libserver/spf.h')

diff --git a/src/libserver/spf.h b/src/libserver/spf.h
index 725d84fe4..cd8eaffac 100644
--- a/src/libserver/spf.h
+++ b/src/libserver/spf.h
@@ -46,6 +46,11 @@ typedef enum spf_action_e {
 #define RSPAMD_SPF_FLAG_PERMFAIL (1u << 10u)
 #define RSPAMD_SPF_FLAG_RESOLVED (1u << 11u)
 
+/** Default SPF limits for avoiding abuse **/
+#define SPF_MAX_NESTING 10
+#define SPF_MAX_DNS_REQUESTS 30
+#define SPF_MIN_CACHE_TTL (60 * 5) /* 5 minutes */
+
 struct spf_addr {
 	guchar addr6[sizeof (struct in6_addr)];
 	guchar addr4[sizeof (struct in_addr)];
@@ -112,6 +117,9 @@ gchar *spf_addr_mask_to_string (struct spf_addr *addr);
 struct spf_addr *spf_addr_match_task (struct rspamd_task *task,
 									  struct spf_resolved *rec);
 
+void spf_library_config (gint max_dns_nesting, gint max_dns_requests,
+		gint min_cache_ttl);
+
 #ifdef  __cplusplus
 }
 #endif
-- 
cgit v1.2.3