Line 0
Link Here
|
|
|
1 |
/*++ |
2 |
/* NAME |
3 |
/* smtpd_spf 3 |
4 |
/* SUMMARY |
5 |
/* SMTP server SPF support |
6 |
/* SYNOPSIS |
7 |
/* #include <smtpd.h> |
8 |
/* #include <smtpd_spf.h> |
9 |
/* |
10 |
/* void smtpd_spf_init(state) |
11 |
/* SMTPD_STATE *state; |
12 |
/* |
13 |
/* int smtpd_spf_sess_init(state) |
14 |
/* SMTPD_STATE *state; |
15 |
/* |
16 |
/* void smtpd_spf_sess_reset(state) |
17 |
/* SMTPD_STATE *state; |
18 |
/* |
19 |
/* int smtpd_spf_set_helo(state, name) |
20 |
/* SMTPD_STATE *state; |
21 |
/* char *name; |
22 |
/* |
23 |
/* int smtpd_spf_set_from(state, name) |
24 |
/* SMTPD_STATE *state; |
25 |
/* char *name; |
26 |
/* |
27 |
/* int smtpd_spf_result(state, *header, *comment) |
28 |
/* SMTPD_STATE *state; |
29 |
/* char **header; |
30 |
/* char **comment; |
31 |
/* |
32 |
/* DESCRIPTION |
33 |
/* This modules provides SPF state management functions, |
34 |
/* making the other SMTP components independent on the |
35 |
/* actual SPF routines used. |
36 |
/* |
37 |
/* smtpd_spf_init() initializes global SPF context. |
38 |
/* |
39 |
/* smtpd_spf_sess_init() initializes SPF session context. |
40 |
/* |
41 |
/* smtpd_spf_sess_reset() cleans up SPF session context. |
42 |
/* |
43 |
/* smtpd_spf_set_helo() passes the client HELO name to |
44 |
/* the underlying libspf2 context. |
45 |
/* |
46 |
/* smtpd_spf_set_from() passes the SMTP envelope sender |
47 |
/* to the underlying libspf2 context. |
48 |
/* |
49 |
/* smtpd_spf_result() performs (via libspf2) the SPF lookups |
50 |
/* and handling, and creates a Received-SPF header. |
51 |
/* |
52 |
/* Arguments: |
53 |
/* .IP state |
54 |
/* Session context. |
55 |
/* .IP name |
56 |
/* The value to set in the low-level SPF context. |
57 |
/* DIAGNOSTICS |
58 |
/* Panic: interface violations. Fatal errors: out of memory. |
59 |
/* internal protocol errors. |
60 |
/* LICENSE |
61 |
/* .ad |
62 |
/* .fi |
63 |
/* The Secure Mailer license must be distributed with this software. |
64 |
/* AUTHOR(S) |
65 |
/* Nigel Kukard |
66 |
/* E-mail: <nkukard@lbsd.net> |
67 |
/* |
68 |
/* Dean C. Strik |
69 |
/* Department ICT |
70 |
/* Eindhoven University of Technology |
71 |
/* P.O. Box 513 |
72 |
/* 5600 MB Eindhoven, Netherlands |
73 |
/* E-mail: <dean@ipnet6.org> |
74 |
/*--*/ |
75 |
|
76 |
|
77 |
/* System library. */ |
78 |
#include <sys_defs.h> |
79 |
#include <sys/socket.h> |
80 |
#include <netinet/in.h> |
81 |
#include <arpa/inet.h> |
82 |
#include <arpa/nameser.h> |
83 |
#include <errno.h> |
84 |
#include <netdb.h> |
85 |
#include <string.h> |
86 |
#include <spf2/spf.h> |
87 |
#include <spf2/spf_dns_resolv.h> |
88 |
#include <spf2/spf_dns_cache.h> |
89 |
|
90 |
/* Global library */ |
91 |
#include <mail_params.h> |
92 |
#include <msg.h> |
93 |
#include <mymalloc.h> |
94 |
|
95 |
/* Application library */ |
96 |
#include "smtpd.h" |
97 |
#include "smtpd_spf.h" |
98 |
|
99 |
#define SPF_DNS_CACHE_BITS 8 |
100 |
|
101 |
//static SPF_config_t spf_global_data; /* common SPF configuration data */ |
102 |
//static SPF_dns_config_t spf_resolv_data; /* SPF DNS resolver data */ |
103 |
//static SPF_dns_config_t spf_resolv_cache; /* SPF DNS resolver cache */ |
104 |
//static SPF_c_results_t spf_local_policy; /* compiled local policy */ |
105 |
//static SPF_c_results_t spf_explanation; /* custom explanation */ |
106 |
|
107 |
static SPF_server_t *spf_global_server; |
108 |
|
109 |
|
110 |
/* Initialize global SPF context */ |
111 |
void smtpd_spf_init(SMTPD_STATE *state) |
112 |
{ |
113 |
char *myname = "smtpd_spf_global_init"; |
114 |
SPF_response_t *spf_response; |
115 |
int res; |
116 |
|
117 |
|
118 |
/* |
119 |
* Initialize libspf2 server |
120 |
*/ |
121 |
spf_global_server = SPF_server_new(SPF_DNS_CACHE, 0); |
122 |
if (spf_global_server == NULL) |
123 |
msg_fatal("%s: unable to create SPF server", myname); |
124 |
|
125 |
if (SPF_server_set_rec_dom(spf_global_server, var_myhostname) != 0) |
126 |
msg_fatal("%s: can't set SPF hostname", myname); |
127 |
|
128 |
if (var_spf_explanation != NULL && *var_spf_explanation != 0) |
129 |
{ |
130 |
res = SPF_server_set_explanation(spf_global_server, var_spf_explanation, |
131 |
&spf_response); |
132 |
SPF_response_free(spf_response); |
133 |
if (res != 0) |
134 |
{ |
135 |
msg_fatal("%s: can't set SPF explanation", myname); |
136 |
} |
137 |
} |
138 |
|
139 |
if (var_spf_local_policy != NULL && *var_spf_local_policy != 0) |
140 |
{ |
141 |
res = SPF_server_set_localpolicy(spf_global_server, var_spf_local_policy, 0, |
142 |
&spf_response); |
143 |
SPF_response_free(spf_response); |
144 |
if (res != 0) |
145 |
{ |
146 |
msg_fatal("%s: can't set SPF local policy", myname); |
147 |
} |
148 |
} |
149 |
|
150 |
/* |
151 |
* Clear session-specific data (session init is on-demand) |
152 |
*/ |
153 |
state->spf_sess_data = NULL; |
154 |
state->spf_header = NULL; |
155 |
} |
156 |
|
157 |
|
158 |
/* Initialize session dependent SPF context */ |
159 |
int smtpd_spf_sess_init(SMTPD_STATE *state) |
160 |
{ |
161 |
char *myname = "smtpd_spf_init_sess_data"; |
162 |
|
163 |
|
164 |
/* |
165 |
* Sanity checks. |
166 |
*/ |
167 |
if (state->addr == 0) |
168 |
msg_panic("%s: client address not initialized", myname); |
169 |
if (spf_global_server == NULL) |
170 |
msg_panic("%s: spf_global_server not initialized", myname); |
171 |
|
172 |
/* |
173 |
* This code is recipient-independent. SPF session data is |
174 |
* already initialized if there have been earlier RCPT TO |
175 |
* commands in this transaction, and we're done. |
176 |
* XXX: make the code recipient-dependent (restriction classes) |
177 |
*/ |
178 |
if (state->spf_sess_data != NULL) |
179 |
return 0; |
180 |
|
181 |
/* |
182 |
* Initialize session-specific SPF data. |
183 |
*/ |
184 |
state->spf_sess_data = SPF_request_new(spf_global_server); |
185 |
if (state->spf_sess_data == NULL) |
186 |
msg_fatal("%s: failed to create SPF session data structure", |
187 |
myname); |
188 |
|
189 |
state->spf_header = NULL; |
190 |
|
191 |
/* |
192 |
* Pass client address to libspf2. |
193 |
*/ |
194 |
if (SPF_request_set_ipv4_str(state->spf_sess_data, state->addr) != 0) |
195 |
msg_fatal("%s: SPF_request_set_ipv4 failure", myname); |
196 |
|
197 |
|
198 |
return 0; |
199 |
} |
200 |
|
201 |
|
202 |
/* Cleanup after disconnect */ |
203 |
void smtpd_spf_sess_reset(SMTPD_STATE *state) |
204 |
{ |
205 |
char *myname = "smtpd_spf_sess_reset"; |
206 |
|
207 |
/* |
208 |
* Sanity checks. |
209 |
*/ |
210 |
if (spf_global_server == NULL) |
211 |
msg_panic("%s: no global SPF data initialized", myname); |
212 |
|
213 |
if (state->spf_sess_data == NULL) |
214 |
return; /* initialisation is only on demand */ |
215 |
|
216 |
/* |
217 |
* Cleanup SPF session data. |
218 |
*/ |
219 |
if (state->spf_header != NULL) |
220 |
myfree(state->spf_header); |
221 |
|
222 |
state->spf_header = NULL; |
223 |
|
224 |
SPF_request_free(state->spf_sess_data); |
225 |
|
226 |
state->spf_sess_data = NULL; |
227 |
} |
228 |
|
229 |
|
230 |
/* Pass HELO/EHLO name to libspf2 */ |
231 |
int smtpd_spf_set_helo(SMTPD_STATE *state, const char *name) |
232 |
{ |
233 |
char *myname = "smtpd_spf_set_helo"; |
234 |
|
235 |
/* |
236 |
* Sanity checks. |
237 |
* |
238 |
* 'name' may be NULL, to unset registered HELO. This may |
239 |
* even happen when SPF is not initialized yet (SPF init |
240 |
* is only on demand). |
241 |
*/ |
242 |
if (state->spf_sess_data == NULL && name == NULL) |
243 |
return 0; |
244 |
|
245 |
if (state->spf_sess_data == NULL) |
246 |
msg_panic("%s: setting SPF HELO with null session", |
247 |
myname); |
248 |
|
249 |
/* |
250 |
* Pass the HELO name to libspf2. |
251 |
*/ |
252 |
if (SPF_request_set_helo_dom(state->spf_sess_data, name) != 0) |
253 |
msg_fatal("%s: error in SPF_request_set_helo_dom", myname); |
254 |
|
255 |
|
256 |
return 0; |
257 |
} |
258 |
|
259 |
|
260 |
/* Pass sender (env.from) name to libspf2 */ |
261 |
int smtpd_spf_set_from(SMTPD_STATE *state, const char *name) |
262 |
{ |
263 |
char *myname = "smtpd_spf_set_from"; |
264 |
|
265 |
/* |
266 |
* Pass the envelope sender to libspf2. |
267 |
*/ |
268 |
if (SPF_request_set_env_from(state->spf_sess_data, state->sender) != 0) |
269 |
msg_fatal("%s: error in SPF_request_set_env_from", myname); |
270 |
|
271 |
return 0; |
272 |
} |
273 |
|
274 |
|
275 |
/* Obtain SPF result */ |
276 |
int smtpd_spf_result(SMTPD_STATE *state, char **headerp, char **commentp) |
277 |
{ |
278 |
char *myname = "smtpd_spf_result"; |
279 |
int action = SPF_ACTION_UNKNOWN; |
280 |
SPF_response_t *spf_response = NULL; |
281 |
int res; |
282 |
char *res_received_spf; |
283 |
char *res_smtp_comment; |
284 |
|
285 |
/* |
286 |
* Obtain SPF result. |
287 |
*/ |
288 |
res = SPF_request_query_mailfrom(state->spf_sess_data, &spf_response); |
289 |
if (res != 0) |
290 |
goto clean_end; |
291 |
|
292 |
res = SPF_response_result(spf_response); |
293 |
switch (res) { |
294 |
case SPF_RESULT_PASS: |
295 |
case SPF_RESULT_SOFTFAIL: |
296 |
case SPF_RESULT_NEUTRAL: |
297 |
case SPF_RESULT_NONE: |
298 |
action = SPF_ACTION_MARK; |
299 |
break; |
300 |
|
301 |
case SPF_RESULT_FAIL: |
302 |
action = var_spf_mark_only ? SPF_ACTION_MARK : SPF_ACTION_REJECT; |
303 |
break; |
304 |
|
305 |
default: |
306 |
msg_warn("%s: unknown SPF result %d (%s)", myname, res, |
307 |
SPF_strresult(res)); |
308 |
action = SPF_ACTION_ACCEPT; |
309 |
break; |
310 |
} |
311 |
|
312 |
/* |
313 |
* Save the output header/comment. |
314 |
*/ |
315 |
res_received_spf = SPF_response_get_received_spf(spf_response); |
316 |
res_smtp_comment = SPF_response_get_smtp_comment(spf_response); |
317 |
|
318 |
if (headerp != NULL && res_received_spf != NULL) |
319 |
*headerp = mystrdup(res_received_spf); |
320 |
|
321 |
if (commentp != NULL && res_smtp_comment != NULL) |
322 |
*commentp = mystrdup(res_smtp_comment); |
323 |
|
324 |
/* |
325 |
* Cleanup. |
326 |
*/ |
327 |
clean_end: |
328 |
SPF_response_free(spf_response); |
329 |
|
330 |
return (action); |
331 |
} |
332 |
|