Mercurial > dnsbl

diff src/context.cpp @ 381:879a470c6ac3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fetch spf txt records for required dkim signers
author Carl Byington <carl@five-ten-sg.com>
date Tue, 28 Feb 2017 17:02:07 -0800
parents fd145e9a3df0
children c378e9d03f37
line wrap: on
line diff
--- a/src/context.cpp	Mon Feb 20 08:43:41 2017 -0800
+++ b/src/context.cpp	Tue Feb 28 17:02:07 2017 -0800
@@ -1122,7 +1122,20 @@
 }
 
 
-const char *CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, string& msg) {
+#ifdef NS_PACKETSZ
+bool CONTEXT::resolve_spf(const char *from, int32_t ip, mlfiPriv *priv)
+{
+    char buf[maxlen];
+    dns_interface(*priv, from, ns_t_txt, false, NULL, buf, maxlen);
+    if (*buf) {
+        log(priv->queueid, "found txt record %s", buf);
+    }
+    return false;
+}
+#endif
+
+
+const char *CONTEXT::acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, mlfiPriv *priv, string& msg) {
     DKIMP dk = find_dkim_from(from);
 
     for (string_set::iterator s=signers.begin(); s!=signers.end(); s++) {
@@ -1156,6 +1169,13 @@
             }
         }
         if (st == token_require_signed) {
+#ifdef NS_PACKETSZ
+            // not signed by the required signers, but maybe passes strong spf check
+            if (resolve_spf(from, priv->ip, priv) {
+                log(queueid, "spf pass for %s rather than required dkim signer", from);
+                return token_white;
+            }
+#endif
             char buf[maxlen];
             snprintf(buf, sizeof(buf), "Mail rejected - not dkim signed by %s", dk->signer);
             msg = string(buf);