# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1501084351 25200
# Node ID c9b7b6dd1206f7a08421a17c94970e1a8c9fab6d
# Parent  9f47c3ad6443d764e0fcb8a75d907246ee6434d0
use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain

diff -r 9f47c3ad6443 -r c9b7b6dd1206 ChangeLog
--- a/ChangeLog	Fri May 19 13:49:18 2017 -0700
+++ b/ChangeLog	Wed Jul 26 08:52:31 2017 -0700
@@ -1,3 +1,7 @@
+6.59 2017-07-26
+    use both envelope from and header from for spf checks when envelope from
+    is a subdomain of the header from domain.
+
 6.58 2017-05-19
     spf code now handles %{d} and %{h} macros.
     use envelope from value for spf if it is a subdomain of the header from domain.
diff -r 9f47c3ad6443 -r c9b7b6dd1206 NEWS
--- a/NEWS	Fri May 19 13:49:18 2017 -0700
+++ b/NEWS	Wed Jul 26 08:52:31 2017 -0700
@@ -1,3 +1,4 @@
+6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain.
 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain.
 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
 6.56 2017-04-19 refactor spf code; allow wildcard *.example.com in dkim signing restrictions
diff -r 9f47c3ad6443 -r c9b7b6dd1206 configure.in
--- a/configure.in	Fri May 19 13:49:18 2017 -0700
+++ b/configure.in	Wed Jul 26 08:52:31 2017 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(dnsbl,6.58,carl@five-ten-sg.com)
+AC_INIT(dnsbl,6.59,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 AC_CONFIG_MACRO_DIR([m4])
diff -r 9f47c3ad6443 -r c9b7b6dd1206 dnsbl.spec.in
--- a/dnsbl.spec.in	Fri May 19 13:49:18 2017 -0700
+++ b/dnsbl.spec.in	Wed Jul 26 08:52:31 2017 -0700
@@ -155,6 +155,10 @@
 
 
 %changelog
+* Wed Jul 26 2017 Carl Byington <carl@five-ten-sg.com> - 6.59-1
+- use both envelope from and header from for spf checks when envelope
+  from is a subdomain of the header from domain.
+
 * Fri May 19 2017 Carl Byington <carl@five-ten-sg.com> - 6.58-1
 - spf code now handles %{d} and %{h} macros.
 - use envelope from value for spf if it is a subdomain of the header
diff -r 9f47c3ad6443 -r c9b7b6dd1206 src/context.cpp
--- a/src/context.cpp	Fri May 19 13:49:18 2017 -0700
+++ b/src/context.cpp	Wed Jul 26 08:52:31 2017 -0700
@@ -1145,10 +1145,11 @@
     }
 }
 
-bool CONTEXT::resolve_spf(const char *from, uint32_t ip, mlfiPriv *priv, int level)
+
+bool CONTEXT::resolve_spf(const char *from, uint32_t ip, mlfiPriv *priv)
 {
     // ip is in host order
-    if ((level == 0) && (priv->mailaddr)) {
+    if (priv->mailaddr) {
         const char *f = strchr(priv->mailaddr, '@');
         if (f) {
             f++;
@@ -1158,11 +1159,18 @@
                 size_t off = efl - hfl;
                 if ((f[off-1] == '.') && (strcmp(f+off,from) == 0)) {
                     // envelope from is a strict child of header from
-                    from = f;   // use envelope from rather than header from
+                    // use envelope from rather than header from
+                    if (resolve_one_spf(f, ip, priv)) return true;
                 }
             }
         }
     }
+    return resolve_one_spf(from, ip, priv);
+}
+
+
+bool CONTEXT::resolve_one_spf(const char *from, uint32_t ip, mlfiPriv *priv, int level)
+{
     char buf[maxlen];
     log(priv->queueid, "looking for %s txt record", from);
     dns_interface(*priv, from, ns_t_txt, false, NULL, buf, maxlen);
@@ -1284,11 +1292,11 @@
                 }
                 else if ((level < 5) && (strncmp(p, "redirect=", 9) == 0)) {
                     p += 9;
-                    if (resolve_spf(p, ip, priv, level+1)) return true;
+                    if (resolve_one_spf(p, ip, priv, level+1)) return true;
                 }
                 else if ((level < 5) && (strncmp(p, "include:", 8) == 0)) {
                     p += 8;
-                    if (resolve_spf(p, ip, priv, level+1)) return true;
+                    if (resolve_one_spf(p, ip, priv, level+1)) return true;
                 }
             }
             p = (b) ? b+1 : e;
diff -r 9f47c3ad6443 -r c9b7b6dd1206 src/context.h
--- a/src/context.h	Fri May 19 13:49:18 2017 -0700
+++ b/src/context.h	Wed Jul 26 08:52:31 2017 -0700
@@ -318,7 +318,8 @@
     void        log(const char *queueid, const char *msg, const char *v);
     bool        in_signing_set(const char *s, const char *signers);
     void        replace(char *buf, char *p, const char *what);
-    bool        resolve_spf(const char *from, uint32_t ip, mlfiPriv *priv, int level = 0);
+    bool        resolve_spf(const char *from, uint32_t ip, mlfiPriv *priv);
+    bool        resolve_one_spf(const char *from, uint32_t ip, mlfiPriv *priv, int level = 0);
     const char *acceptable_content(recorder &memory, int score, int bulk, const char *queueid, string_set &signers, const char *from, mlfiPriv *priv, string& msg);
     bool        ignore_host(const char *host);