X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fhost.c;h=03d944334d563a074062ac46b43076c43f579dc1;hb=1f4a55daf88541563ceaa66959acb9127604b15a;hp=73f359348e34bfcac729960845119fd322651fa3;hpb=0a49a7a4f1090b6f1ce1d0f9d969804c9226b53e;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/host.c b/src/src/host.c index 73f359348..03d944334 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/host.c,v 1.31 2009/11/16 19:50:37 nm4 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2009 */ +/* Copyright (c) University of Cambridge 1995 - 2012 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or @@ -70,7 +68,7 @@ sprintf(addr, "%d.%d.%d.%d", very good for the uses to which it is put. When running the regression tests, start with a fixed seed. -If you need better, see pseudo_random_number() which is potentially stronger, +If you need better, see vaguely_random_number() which is potentially stronger, if a crypto library is available, but might end up just calling this instead. Arguments: @@ -1599,7 +1597,7 @@ dns_record *rr; dns_answer dnsa; dns_scan dnss; -host_lookup_deferred = host_lookup_failed = FALSE; +sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE; HDEBUG(D_host_lookup) debug_printf("looking up host name for %s\n", sender_host_address); @@ -1641,6 +1639,13 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) int count = 0; int old_pool = store_pool; + /* Ideally we'd check DNSSEC both forward and reverse, but we use the + gethost* routines for forward, so can't do that unless/until we rewrite. */ + sender_host_dnssec = dns_is_secure(&dnsa); + DEBUG(D_dns) + debug_printf("Reverse DNS security status: %s\n", + sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified"); + store_pool = POOL_PERM; /* Save names in permanent storage */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);