summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt14
-rw-r--r--src/src/spf.c6
-rw-r--r--test/log/46002
3 files changed, 16 insertions, 6 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7d9281e40..bca6689b6 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -40342,8 +40342,12 @@ for more information of what they mean.
SPF is a mechanism whereby a domain may assert which IP addresses may transmit
messages with its domain in the envelope from, documented by RFC 7208.
-For more information on SPF see &url(http://www.openspf.org).
-. --- 2018-09-07: still not https
+For more information on SPF see &url(http://www.open-spf.org), a static copy of
+the &url(http://openspf.org).
+. --- 2019-10-28: still not https, open-spf.org is told to be a
+. --- web-archive copy of the now dead openspf.org site
+. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a
+. --- discussion.
Messages sent by a system not authorised will fail checking of such assertions.
This includes retransmissions done by traditional forwarders.
@@ -40406,7 +40410,7 @@ deny spf = fail
message = $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain \
{$sender_address_domain}{$sender_helo_name}}. \
- Please see http://www.openspf.org/Why?scope=\
+ Please see http://www.open-spf.org/Why?scope=\
${if def:sender_address_domain {mfrom}{helo}};\
identity=${if def:sender_address_domain \
{$sender_address}{$sender_helo_name}};\
@@ -40459,9 +40463,9 @@ In addition to SPF, you can also perform checks for so-called
"Best-guess". Strictly speaking, "Best-guess" is not standard
SPF, but it is supported by the same framework that enables SPF
capability.
-Refer to &url(http://www.openspf.org/FAQ/Best_guess_record)
+Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record)
for a description of what it means.
-. --- 2018-09-07: still not https:
+. --- 2019-10-28: still not https:
To access this feature, simply use the spf_guess condition in place
of the spf one. For example:
diff --git a/src/src/spf.c b/src/src/spf.c
index 1aa68f181..1955b5d96 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -165,6 +165,12 @@ if (!(spf_server = SPF_server_new_dns(dc, debug)))
DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
return FALSE;
}
+ /* Quick hack to override the outdated explanation URL.
+ See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
+ SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
+ if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
return TRUE;
}
diff --git a/test/log/4600 b/test/log/4600
index 195cb4b7b..1e8af6531 100644
--- a/test/log/4600
+++ b/test/log/4600
@@ -18,7 +18,7 @@
1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=example.com
1999-03-02 09:44:33 spf_result neutral (guess <yes>)
1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
-1999-03-02 09:44:33 spf_smtp_comment Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_smtp_comment Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
1999-03-02 09:44:33 spf_received Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>