Mercurial > dnsbl
diff src/context.cpp @ 407:29d54e7028f6 stable-6-0-54
document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Thu, 30 Mar 2017 10:26:30 -0700 |
| parents | 8f3a84de3739 |
| children | e63c6b4835ef |
line wrap: on
line diff
--- a/src/context.cpp Fri Mar 17 15:29:40 2017 -0700 +++ b/src/context.cpp Thu Mar 30 10:26:30 2017 -0700 @@ -1205,8 +1205,6 @@ const char *CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, mlfiPriv *priv, string& msg) { - DKIMP dk = find_dkim_from(from); - for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { const char *st = find_dkim_signer(*s); // signed by a white listed signer @@ -1216,6 +1214,7 @@ } } + DKIMP dk = find_dkim_from(from); if (dk) { const char *st = dk->action; for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) { @@ -1246,11 +1245,13 @@ } if (st == token_require_signed) { // not signed by a required signer, but maybe passes strong spf check - // only check spf if the list of required signers is not a single blank. - if (strcmp(dk->signer, " ") && resolve_spf(from, ntohl(priv->ip), priv)) { + // only check spf if the list of required signers is not a single dot. + if (strcmp(dk->signer, ".") && resolve_spf(from, ntohl(priv->ip), priv)) { log(queueid, "spf pass for %s rather than required dkim signer", from); return token_white; } + // todo - we could also check spf for the rfc5321 envelope from domain, + // if it is dmarc aligned (relaxed) with the rfc5322 header from domain. char buf[maxlen]; snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer); msg = string(buf);