Skip to content

Commit

Permalink
Experimental mode: Handle A: MX: INCLUDE: in SPF
Browse files Browse the repository at this point in the history
git-svn: trunk@3149
  • Loading branch information
Nigel Horne committed Jul 15, 2007
1 parent 30ca616 commit 36f79c6
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 6 deletions.
4 changes: 4 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
Sun Jul 15 10:26:49 BST 2007 (njh)
----------------------------------
* clamav-milter: Experimental mode: Handle A: MX: INCLUDE: in SPF

Sun Jul 15 09:25:07 BST 2007 (njh)
----------------------------------
* clamav-milter: Experimental mode: Remove simple string search in SPF
Expand Down
48 changes: 42 additions & 6 deletions clamav-milter/clamav-milter.c
Original file line number Diff line number Diff line change
Expand Up @@ -6131,8 +6131,9 @@ resolve(const char *host, table_t *t)
* Currently only handles ip4, a and mx fields in the DNS record
* Having said that, this is NOT a replacement for spf-milter, it is NOT
* an SPF system, we ONLY use SPF records to reduce phish false positives
* TODO: ptr include hostnames
* TODO: ptr
* TODO: IPv6?
* TODO: cache queries
*/
static void
spf(struct privdata *privdata)
Expand Down Expand Up @@ -6225,11 +6226,6 @@ spf(struct privdata *privdata)

logg("%s(%s): SPF record %s\n",
host, privdata->ip, txt);
/*
* This is where the beef of the check will go. This
* trivial check is of little real benefit, but it
* won't create false positives.
*/
#ifdef HAVE_INET_NTOP
/* IPv4 address ? */
if(inet_pton(AF_INET, privdata->ip, &remote_ip) <= 0) {
Expand Down Expand Up @@ -6290,6 +6286,46 @@ spf(struct privdata *privdata)
(void *)privdata);
tableDestroy(t);
}
} else if(strncmp(record, "a:", 2) == 0) {
const char *ahost = &record[2];

if(*ahost && (strcmp(ahost, host) != 0)) {
table_t *t = resolve(ahost, NULL);

if(t) {
tableIterate(t, spf_ip,
(void *)privdata);
tableDestroy(t);
}
}
} else if(strncmp(record, "mx:", 3) == 0) {
const char *mxhost = &record[3];

if(*mxhost && (strcmp(mxhost, host) != 0)) {
table_t *t = mx(mxhost, NULL);

if(t) {
tableIterate(t, spf_ip,
(void *)privdata);
tableDestroy(t);
}
}
} else if(strncmp(record, "include:", 8) == 0) {
const char *inchost = &record[8];

if(*inchost && (strcmp(inchost, host) != 0)) {
/*
* FIXME: loops: a.com includes
* b.com which includes
* a.com
*/
const char *real_from = privdata->from;
privdata->from = cli_malloc(strlen(inchost) + 3);
sprintf(privdata->from, "n@%s", inchost);
spf(privdata);
free(privdata->from);
privdata->from = real_from;
}
}
free(record);
if(privdata->spf_ok)
Expand Down

0 comments on commit 36f79c6

Please sign in to comment.