diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-01-05 13:33:42 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-01-05 14:06:17 +0000 |
commit | 7952eef9f77899f36b23f1b9fa679f459cd52ffd (patch) | |
tree | 302d001dd96b8b9164f133f40ccdee4fb34a4c09 | |
parent | 3249f1b7dc4893c2b896db3813bc6222d2dc9bef (diff) |
SPF: promote from Experimental to mainline status
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 222 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 3 | ||||
-rw-r--r-- | doc/doc-txt/experimental-spec.txt | 167 | ||||
-rw-r--r-- | src/src/EDITME | 18 | ||||
-rw-r--r-- | src/src/acl.c | 6 | ||||
-rw-r--r-- | src/src/config.h.defaults | 2 | ||||
-rw-r--r-- | src/src/dmarc.c | 4 | ||||
-rw-r--r-- | src/src/dmarc.h | 4 | ||||
-rw-r--r-- | src/src/drtables.c | 4 | ||||
-rw-r--r-- | src/src/exim.c | 6 | ||||
-rw-r--r-- | src/src/exim.h | 2 | ||||
-rw-r--r-- | src/src/expand.c | 2 | ||||
-rw-r--r-- | src/src/globals.c | 2 | ||||
-rw-r--r-- | src/src/globals.h | 2 | ||||
-rw-r--r-- | src/src/lookups/spf.c | 4 | ||||
-rw-r--r-- | src/src/macro_predef.c | 2 | ||||
-rw-r--r-- | src/src/readconf.c | 2 | ||||
-rw-r--r-- | src/src/smtp_in.c | 4 | ||||
-rw-r--r-- | src/src/spf.c | 2 | ||||
-rw-r--r-- | src/src/spf.h | 2 | ||||
-rw-r--r-- | test/scripts/4600-SPF/REQUIRES | 2 |
21 files changed, 246 insertions, 216 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f247e9ab8..844178fca 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11661,7 +11661,7 @@ The name of the main configuration file Exim is using. .vitem &$dkim_verify_status$& &&& Results of DKIM verification. -For details see chapter &<<CHAPdkim>>&. +For details see section &<<SECDKIMVFY>>&. .vitem &$dkim_cur_signer$& &&& &$dkim_verify_reason$& &&& @@ -11683,13 +11683,13 @@ For details see chapter &<<CHAPdkim>>&. &$dkim_key_notes$& &&& &$dkim_key_length$& These variables are only available within the DKIM ACL. -For details see chapter &<<CHAPdkim>>&. +For details see section &<<SECDKIMVFY>>&. .vitem &$dkim_signers$& .vindex &$dkim_signers$& When a message has been received this variable contains a colon-separated list of signer domains and identities for the message. -For details see chapter &<<CHAPdkim>>&. +For details see section &<<SECDKIMVFY>>&. .vitem &$dnslist_domain$& &&& &$dnslist_matched$& &&& @@ -12833,6 +12833,14 @@ A number of variables whose names start with &$spam$& are available when Exim is compiled with the content-scanning extension. For details, see section &<<SECTscanspamass>>&. +.new +.vitem &$spf_header_comment$& &&& + &$spf_received$& &&& + &$spf_result$& &&& + &$spf_smtp_comment$& +These variables are only available if Exim is built with SPF support. +For details see section &<<SECSPF>>&. +.wen .vitem &$spool_directory$& .vindex "&$spool_directory$&" @@ -14086,7 +14094,7 @@ acknowledgment is sent. See chapter &<<CHAPACL>>& for further details. This option defines the ACL that is run for each DKIM signature (by default, or as specified in the dkim_verify_signers option) of a received message. -See chapter &<<CHAPdkim>>& for further details. +See section &<<SECDKIMVFY>>& for further details. .option acl_smtp_etrn main string&!! unset .cindex "ETRN" "ACL for" @@ -14619,7 +14627,7 @@ to handle IPv6 literal addresses. This option gives a list of DKIM domains for which the DKIM ACL is run. It is expanded after the message is received; by default it runs the ACL once for each signature in the message. -See chapter &<<CHAPdkim>>&. +See section &<<SECDKIMVFY>>&. .option dns_again_means_nonexist main "domain list&!!" unset @@ -16804,17 +16812,21 @@ response to EHLO only to those client hosts that match this option. See chapter &<<CHAPi18n>>& for details of Exim's support for internationalisation. -.option spamd_address main string "see below" +.option spamd_address main string "127.0.0.1 783" This option is available when Exim is compiled with the content-scanning extension. It specifies how Exim connects to SpamAssassin's &%spamd%& daemon. -The default value is -.code -127.0.0.1 783 -.endd See section &<<SECTscanspamass>>& for more details. +.new +.option spf_guess main string "v=spf1 a/24 mx/24 ptr ?all" +This option is available when Exim is compiled with SPF support. +See section &<<SECSPF>>& for more details. +.wen + + + .option split_spool_directory main boolean false .cindex "multiple spool directories" .cindex "spool directory" "split" @@ -28115,7 +28127,7 @@ otherwise specified, the default action is to accept. This ACL is evaluated before &%acl_smtp_mime%& and &%acl_smtp_data%&. -For details on the operation of DKIM, see chapter &<<CHAPdkim>>&. +For details on the operation of DKIM, see section &<<SECDKIM>>&. .section "The SMTP MIME ACL" "SECID194" @@ -29181,7 +29193,7 @@ contexts): .cindex "disable DKIM verify" .cindex "DKIM" "disable verify" This control turns off DKIM verification processing entirely. For details on -the operation and configuration of DKIM, see chapter &<<CHAPdkim>>&. +the operation and configuration of DKIM, see section &<<SECDKIM>>&. .vitem &*control&~=&~dscp/*&<&'value'&> @@ -38483,15 +38495,23 @@ There is no dot-stuffing (and no dot-termination). . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// -.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHAPdkim" &&& - "DKIM Support" +.chapter "DKIM and SPF" "CHAPdkim" &&& + "DKIM and SPF Support" .cindex "DKIM" +.section "DKIM (DomainKeys Identified Mail)" SECDKIM + DKIM is a mechanism by which messages sent by some entity can be provably linked to a domain which that entity controls. It permits reputation to be tracked on a per-domain basis, rather than merely upon source IP address. DKIM is documented in RFC 4871. +.new +As DKIM relies on the message being unchanged in transit, messages handled +by a mailing-list (which traditionally adds to the message) will not match +any original DKIM signature. +.wen + DKIM support is compiled into Exim by default if TLS support is present. It can be disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&. @@ -38612,7 +38632,7 @@ will be signed, and one signtature added for a missing header with the name will be appended. -.section "Verifying DKIM signatures in incoming mail" "SECID514" +.section "Verifying DKIM signatures in incoming mail" "SECDKIMVFY" .cindex "DKIM" "verification" Verification of DKIM signatures in SMTP incoming email is implemented via the @@ -38829,6 +38849,178 @@ see the documentation of the &%$dkim_verify_status%& expansion variable above for more information of what they mean. .endlist + + + +.new +.section "SPF (Sender Policy Framework)" SECSPF +.cindex SPF verification + +SPF is a mechanism whereby a domain may assert which IP addresses may transmit +messages with its domain in the envelope from, documented by RFC 7208. +For more information on SPF see &url(http://www.openspf.org). + +Messages sent by a system not authorised will fail checking of such assertions. +This includes retransmissions done by traditional forwarders. + +SPF verification support is built into Exim if SUPPORT_SPF=yes is set in +&_Local/Makefile_&. The support uses the &_libspf2_& library +&url(http://www.libspf2.org/). +There is no Exim involvement on the trasmission of messages; publishing certain +DNS records is all that is required. + +For verification, an ACL condition and an expansion lookup are provided. + +.cindex SPF "ACL condition" +.cindex ACL "spf condition" +The ACL condition "spf" can be used at or after the MAIL ACL. +It takes as an argument a list of strings giving the outcome of the SPF check, +and will succeed for any matching outcome. +Valid strings are: +.vlist +.vitem &%pass%& +The SPF check passed, the sending host is positively verified by SPF. + +.vitem &%fail%& +The SPF check failed, the sending host is NOT allowed to send mail for the +domain in the envelope-from address. + +.vitem &%softfail%& +The SPF check failed, but the queried domain can't absolutely confirm that this +is a forgery. + +.vitem &%none%& +The queried domain does not publish SPF records. + +.vitem &%neutral%& +The SPF check returned a "neutral" state. This means the queried domain has +published a SPF record, but wants to allow outside servers to send mail under +its domain as well. This should be treated like "none". + +.vitem &%permerror%& +This indicates a syntax error in the SPF record of the queried domain. +You may deny messages when this occurs. (Changed in 4.83) + +.vitem &%temperror%& +This indicates a temporary error during all processing, including Exim's +SPF processing. You may defer messages when this occurs. +(Changed in 4.83) + +.vitem &%err_temp%& +Same as permerror, deprecated in 4.83, will be removed in a future release. + +.vitem &%err_perm%& +Same as temperror, deprecated in 4.83, will be removed in a future release. +.endlist + +You can prefix each string with an exclamation mark to invert +its meaning, for example "!fail" will match all results but +"fail". The string list is evaluated left-to-right, in a +short-circuit fashion. + +Example: +.code +deny spf = fail + message = $sender_host_address is not allowed to send mail from \ + ${if def:sender_address_domain \ + {$sender_address_domain}{$sender_helo_name}}. \ + Please see http://www.openspf.org/Why?scope=\ + ${if def:sender_address_domain {mfrom}{helo}};\ + identity=${if def:sender_address_domain \ + {$sender_address}{$sender_helo_name}};\ + ip=$sender_host_address +.endd + +When the spf condition has run, it sets up several expansion +variables: + +.cindex SPF "verification variables" +.vlist +.vitem &$spf_header_comment$& +.vindex &$spf_header_comment$& + This contains a human-readable string describing the outcome + of the SPF check. You can add it to a custom header or use + it for logging purposes. + +.vitem &$spf_received$& +.vindex &$spf_received$& + This contains a complete Received-SPF: header that can be + added to the message. Please note that according to the SPF + draft, this header must be added at the top of the header + list. Please see section 10 on how you can do this. + + Note: in case of "Best-guess" (see below), the convention is + to put this string in a header called X-SPF-Guess: instead. + +.vitem &$spf_result$& +.vindex &$spf_result$& + This contains the outcome of the SPF check in string form, + one of pass, fail, softfail, none, neutral, permerror or + temperror. + +.vitem &$spf_smtp_comment$& +.vindex &$spf_smtp_comment$& + This contains a string that can be used in a SMTP response + to the calling party. Useful for "fail". +.endlist + + +.cindex SPF "ACL condition" +.cindex ACL "spf_guess condition" +.cindex SPF "best guess" +In addition to SPF, you can also perform checks for so-called +"Best-guess". Strictly speaking, "Best-guess" is not standard +SPF, but it is supported by the same framework that enables SPF +capability. +Refer to &url(http://www.openspf.org/FAQ/Best_guess_record) +for a description of what it means. + +To access this feature, simply use the spf_guess condition in place +of the spf one. For example: + +.code +deny spf_guess = fail + message = $sender_host_address doesn't look trustworthy to me +.endd + +In case you decide to reject messages based on this check, you +should note that although it uses the same framework, "Best-guess" +is not SPF, and therefore you should not mention SPF at all in your +reject message. + +When the spf_guess condition has run, it sets up the same expansion +variables as when spf condition is run, described above. + +Additionally, since Best-guess is not standardized, you may redefine +what "Best-guess" means to you by redefining the main configuration +&%spf_guess%& option. +For example, the following: + +.code +spf_guess = v=spf1 a/16 mx/16 ptr ?all +.endd + +would relax host matching rules to a broader network range. + + +.cindex SPF "lookup expansion" +.cindex lookup spf +A lookup expansion is also available. It takes an email +address as the key and an IP address as the database: + +.code + ${lookup {username@domain} spf {ip.ip.ip.ip}} +.endd + +The lookup will return the same result strings as they can appear in +&$spf_result$& (pass,fail,softfail,neutral,none,err_perm,err_temp). +Currently, only IPv4 addresses are supported. + + +. wen-for SPF section +.wen + + . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 590343f82..cfa44b713 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -17,6 +17,9 @@ Version 4.91 3. Feature macros for the compiled-in set of malware scanner interfaces. + 4. SPF support is promoted from Experimental to mainline status. The template + src/EDITME makefile does not enable its inclusion. + Version 4.90 ------------ diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index db7a9a51d..b77fb733f 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -292,173 +292,6 @@ These four steps are explained in more details below. -Sender Policy Framework (SPF) support --------------------------------------------------------------- - -To learn more about SPF, visit http://www.openspf.org. This -document does not explain the SPF fundamentals, you should -read and understand the implications of deploying SPF on your -system before doing so. - -SPF support is added via the libspf2 library. Visit - - http://www.libspf2.org/ - -to obtain a copy, then compile and install it. By default, -this will put headers in /usr/local/include and the static -library in /usr/local/lib. - -To compile Exim with SPF support, set these additional flags in -Local/Makefile: - -EXPERIMENTAL_SPF=yes -CFLAGS=-DSPF -I/usr/local/include -EXTRALIBS_EXIM=-L/usr/local/lib -lspf2 - -This assumes that the libspf2 files are installed in -their default locations. - -You can now run SPF checks in incoming SMTP by using the "spf" -ACL condition in either the MAIL, RCPT or DATA ACLs. When -using it in the RCPT ACL, you can make the checks dependent on -the RCPT address (or domain), so you can check SPF records -only for certain target domains. This gives you the -possibility to opt-out certain customers that do not want -their mail to be subject to SPF checking. - -The spf condition takes a list of strings on its right-hand -side. These strings describe the outcome of the SPF check for -which the spf condition should succeed. Valid strings are: - - o pass The SPF check passed, the sending host - is positively verified by SPF. - o fail The SPF check failed, the sending host - is NOT allowed to send mail for the domain - in the envelope-from address. - o softfail The SPF check failed, but the queried - domain can't absolutely confirm that this - is a forgery. - o none The queried domain does not publish SPF - records. - o neutral The SPF check returned a "neutral" state. - This means the queried domain has published - a SPF record, but wants to allow outside - servers to send mail under its domain as well. - This should be treated like "none". - o permerror This indicates a syntax error in the SPF - record of the queried domain. You may deny - messages when this occurs. (Changed in 4.83) - o temperror This indicates a temporary error during all - processing, including Exim's SPF processing. - You may defer messages when this occurs. - (Changed in 4.83) - o err_temp Same as permerror, deprecated in 4.83, will be - removed in a future release. - o err_perm Same as temperror, deprecated in 4.83, will be - removed in a future release. - -You can prefix each string with an exclamation mark to invert -its meaning, for example "!fail" will match all results but -"fail". The string list is evaluated left-to-right, in a -short-circuit fashion. When a string matches the outcome of -the SPF check, the condition succeeds. If none of the listed -strings matches the outcome of the SPF check, the condition -fails. - -Here is an example to fail forgery attempts from domains that -publish SPF records: - -/* ----------------- -deny message = $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ - Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address - spf = fail ---------------------- */ - -You can also give special treatment to specific domains: - -/* ----------------- -deny message = AOL sender, but not from AOL-approved relay. - sender_domains = aol.com - spf = fail:neutral ---------------------- */ - -Explanation: AOL publishes SPF records, but is liberal and -still allows non-approved relays to send mail from aol.com. -This will result in a "neutral" state, while mail from genuine -AOL servers will result in "pass". The example above takes -this into account and treats "neutral" like "fail", but only -for aol.com. Please note that this violates the SPF draft. - -When the spf condition has run, it sets up several expansion -variables. - - $spf_header_comment - This contains a human-readable string describing the outcome - of the SPF check. You can add it to a custom header or use - it for logging purposes. - - $spf_received - This contains a complete Received-SPF: header that can be - added to the message. Please note that according to the SPF - draft, this header must be added at the top of the header - list. Please see section 10 on how you can do this. - - Note: in case of "Best-guess" (see below), the convention is - to put this string in a header called X-SPF-Guess: instead. - - $spf_result - This contains the outcome of the SPF check in string form, - one of pass, fail, softfail, none, neutral, permerror or - temperror. - - $spf_smtp_comment - This contains a string that can be used in a SMTP response - to the calling party. Useful for "fail". - -In addition to SPF, you can also perform checks for so-called -"Best-guess". Strictly speaking, "Best-guess" is not standard -SPF, but it is supported by the same framework that enables SPF -capability. Refer to http://www.openspf.org/FAQ/Best_guess_record -for a description of what it means. - -To access this feature, simply use the spf_guess condition in place -of the spf one. For example: - -/* ----------------- -deny message = $sender_host_address doesn't look trustworthy to me - spf_guess = fail ---------------------- */ - -In case you decide to reject messages based on this check, you -should note that although it uses the same framework, "Best-guess" -is NOT SPF, and therefore you should not mention SPF at all in your -reject message. - -When the spf_guess condition has run, it sets up the same expansion -variables as when spf condition is run, described above. - -Additionally, since Best-guess is not standardized, you may redefine -what "Best-guess" means to you by redefining spf_guess variable in -global config. For example, the following: - -/* ----------------- -spf_guess = v=spf1 a/16 mx/16 ptr ?all ---------------------- */ - -would relax host matching rules to a broader network range. - - -A lookup expansion is also available. It takes an email -address as the key and an IP address as the database: - - ${lookup {username@domain} spf {ip.ip.ip.ip}} - -The lookup will return the same result strings as they can appear in -$spf_result (pass,fail,softfail,neutral,none,err_perm,err_temp). -Currently, only IPv4 addresses are supported. - - - SRS (Sender Rewriting Scheme) Support -------------------------------------------------------------- diff --git a/src/src/EDITME b/src/src/EDITME index 3a57fab11..9dcd174ca 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -463,14 +463,6 @@ DISABLE_MAL_MKS=yes # EXPERIMENTAL_DCC=yes -# Uncomment the following lines to add SPF support. You need to have libspf2 -# installed on your system (www.libspf2.org). Depending on where it is installed -# you may have to edit the CFLAGS and LDFLAGS lines. - -# EXPERIMENTAL_SPF=yes -# CFLAGS += -I/usr/local/include -# LDFLAGS += -lspf2 - # Uncomment the following lines to add SRS (Sender rewriting scheme) support. # You need to have libsrs_alt installed on your system (srs.mirtol.com). # Depending on where it is installed you may have to edit the CFLAGS and @@ -979,6 +971,16 @@ ZCAT_COMMAND=/usr/bin/zcat #------------------------------------------------------------------------------ +# Uncomment the following lines to add SPF support. You need to have libspf2 +# installed on your system (www.libspf2.org). Depending on where it is installed +# you may have to edit the CFLAGS and LDFLAGS lines. + +# SUPPORT_SPF=yes +# CFLAGS += -I/usr/local/include +# LDFLAGS += -lspf2 + + +#------------------------------------------------------------------------------ # Support for authentication via Radius is also available. The Exim support, # which is intended for use in conjunction with the SMTP AUTH facilities, # is included only when requested by setting the following parameter to the diff --git a/src/src/acl.c b/src/src/acl.c index 045535526..7d54cdd52 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -102,7 +102,7 @@ enum { ACLC_ACL, #ifdef WITH_CONTENT_SCAN ACLC_SPAM, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF ACLC_SPF, ACLC_SPF_GUESS, #endif @@ -312,7 +312,7 @@ static condition_def conditions[] = { (1<<ACL_WHERE_NOTSMTP)), }, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF [ACLC_SPF] = { US"spf", TRUE, FALSE, (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| (1<<ACL_WHERE_HELO)| @@ -3682,7 +3682,7 @@ for (; cb != NULL; cb = cb->next) break; #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF case ACLC_SPF: rc = spf_process(&arg, sender_address, SPF_PROCESS_NORMAL); break; diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index a9d071765..810d8969b 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -147,6 +147,7 @@ Do not put spaces between # and the 'define'. #define SUPPORT_PAM #define SUPPORT_PROXY #define SUPPORT_SOCKS +#define SUPPORT_SPF #define SUPPORT_TLS #define SUPPORT_TRANSLATE_IP_ADDRESS @@ -196,7 +197,6 @@ Do not put spaces between # and the 'define'. #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds" #define EXPERIMENTAL_LMDB #define EXPERIMENTAL_QUEUEFILE -#define EXPERIMENTAL_SPF #define EXPERIMENTAL_SRS diff --git a/src/src/dmarc.c b/src/src/dmarc.c index 6cb5b19fe..37ac9c555 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -12,7 +12,7 @@ #include "exim.h" #ifdef EXPERIMENTAL_DMARC -# if !defined EXPERIMENTAL_SPF +# if !defined SUPPORT_SPF # error SPF must also be enabled for DMARC # elif defined DISABLE_DKIM # error DKIM must also be enabled for DMARC @@ -632,7 +632,7 @@ if (header_from_sender) return hdr_tmp; } -# endif /* EXPERIMENTAL_SPF */ +# endif /* SUPPORT_SPF */ #endif /* EXPERIMENTAL_DMARC */ /* vi: aw ai sw=2 */ diff --git a/src/src/dmarc.h b/src/src/dmarc.h index 78e2a5b7b..764ff88ff 100644 --- a/src/src/dmarc.h +++ b/src/src/dmarc.h @@ -12,9 +12,9 @@ #ifdef EXPERIMENTAL_DMARC # include "opendmarc/dmarc.h" -# ifdef EXPERIMENTAL_SPF +# ifdef SUPPORT_SPF # include "spf2/spf.h" -# endif /* EXPERIMENTAL_SPF */ +# endif /* SUPPORT_SPF */ /* prototypes */ int dmarc_init(); diff --git a/src/src/drtables.c b/src/src/drtables.c index d8904ac4f..36bf64261 100644 --- a/src/src/drtables.c +++ b/src/src/drtables.c @@ -578,7 +578,7 @@ extern lookup_module_info redis_lookup_module_info; #if defined(EXPERIMENTAL_LMDB) extern lookup_module_info lmdb_lookup_module_info; #endif -#if defined(EXPERIMENTAL_SPF) +#if defined(SUPPORT_SPF) extern lookup_module_info spf_lookup_module_info; #endif #if defined(LOOKUP_SQLITE) && LOOKUP_SQLITE!=2 @@ -669,7 +669,7 @@ init_lookup_list(void) addlookupmodule(NULL, &lmdb_lookup_module_info); #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF addlookupmodule(NULL, &spf_lookup_module_info); #endif diff --git a/src/src/exim.c b/src/src/exim.c index 2189bc051..01c0e306a 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -840,6 +840,9 @@ fprintf(f, "Support for:"); #ifdef SUPPORT_SOCKS fprintf(f, " SOCKS"); #endif +#ifdef SUPPORT_SPF + fprintf(f, " SPF"); +#endif #ifdef TCP_FASTOPEN deliver_init(); if (tcp_fastopen_ok) fprintf(f, " TCP_Fast_Open"); @@ -850,9 +853,6 @@ fprintf(f, "Support for:"); #ifdef EXPERIMENTAL_QUEUEFILE fprintf(f, " Experimental_QUEUEFILE"); #endif -#ifdef EXPERIMENTAL_SPF - fprintf(f, " Experimental_SPF"); -#endif #ifdef EXPERIMENTAL_SRS fprintf(f, " Experimental_SRS"); #endif diff --git a/src/src/exim.h b/src/src/exim.h index 770fd6333..faeb6455b 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -502,7 +502,7 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #ifdef EXPERIMENTAL_BRIGHTMAIL # include "bmi_spam.h" #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF # include "spf.h" #endif #ifdef EXPERIMENTAL_SRS diff --git a/src/src/expand.c b/src/src/expand.c index 3a63a7c78..2b40823c9 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -700,7 +700,7 @@ static var_entry var_table[] = { { "spam_score", vtype_stringptr, &spam_score }, { "spam_score_int", vtype_stringptr, &spam_score_int }, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF { "spf_guess", vtype_stringptr, &spf_guess }, { "spf_header_comment", vtype_stringptr, &spf_header_comment }, { "spf_received", vtype_stringptr, &spf_received }, diff --git a/src/src/globals.c b/src/src/globals.c index 5df84bd10..346bb0744 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1360,7 +1360,7 @@ uschar *spam_action = NULL; uschar *spam_score = NULL; uschar *spam_score_int = NULL; #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF uschar *spf_guess = US"v=spf1 a/24 mx/24 ptr ?all"; uschar *spf_header_comment = NULL; uschar *spf_received = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 37d4cada3..0c1b6ccbc 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -867,7 +867,7 @@ extern uschar *spam_action; /* the spamd recommended-action */ extern uschar *spam_score; /* the spam score (float) */ extern uschar *spam_score_int; /* spam_score * 10 (int) */ #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF extern uschar *spf_guess; /* spf best-guess record */ extern uschar *spf_header_comment; /* spf header comment */ extern uschar *spf_received; /* Received-SPF: header */ diff --git a/src/src/lookups/spf.c b/src/src/lookups/spf.c index ad56a2a8d..b32a73e6a 100644 --- a/src/src/lookups/spf.c +++ b/src/src/lookups/spf.c @@ -18,7 +18,7 @@ #include "../exim.h" -#ifndef EXPERIMENTAL_SPF +#ifndef SUPPORT_SPF static void dummy(int x); static void dummy2(int x) { dummy(x-1); } static void dummy(int x) { dummy2(x-1); } @@ -118,4 +118,4 @@ static lookup_info _lookup_info = { static lookup_info *_lookup_list[] = { &_lookup_info }; lookup_module_info spf_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 }; -#endif /* EXPERIMENTAL_SPF */ +#endif /* SUPPORT_SPF */ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index 08028bf5b..47ba3fdd1 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -174,7 +174,7 @@ due to conflicts with other common macros. */ #ifdef EXPERIMENTAL_LMDB builtin_macro_create(US"_HAVE_LMDB"); #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF builtin_macro_create(US"_HAVE_SPF"); #endif #ifdef EXPERIMENTAL_SRS diff --git a/src/src/readconf.c b/src/src/readconf.c index 8d5f38c58..007e8444e 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -304,7 +304,7 @@ static optionlist optionlist_config[] = { #ifdef WITH_CONTENT_SCAN { "spamd_address", opt_stringptr, &spamd_address }, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF { "spf_guess", opt_stringptr, &spf_guess }, #endif { "split_spool_directory", opt_bool, &split_spool_directory }, diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 92e4a2908..498cfab5e 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2007,7 +2007,7 @@ deliver_host = deliver_host_address = NULL; /* Can be set by ACL */ #ifndef DISABLE_PRDR prdr_requested = FALSE; #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF spf_header_comment = NULL; spf_received = NULL; spf_result = NULL; @@ -4082,7 +4082,7 @@ while (done <= 0) } } -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF /* set up SPF context */ spf_init(sender_helo_name, sender_host_address); #endif diff --git a/src/src/spf.c b/src/src/spf.c index ffd278af8..1d4e032e9 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -11,7 +11,7 @@ /* Code for calling spf checks via libspf-alt. Called from acl.c. */ #include "exim.h" -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF /* must be kept in numeric order */ static spf_result_id spf_result_id_list[] = { diff --git a/src/src/spf.h b/src/src/spf.h index 0d982f336..23ad325f1 100644 --- a/src/src/spf.h +++ b/src/src/spf.h @@ -8,7 +8,7 @@ Copyright (c) The Exim Maintainers 2016 */ -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF /* Yes, we do have ns_type. spf.h redefines it if we don't set this. Doh */ #ifndef HAVE_NS_TYPE diff --git a/test/scripts/4600-SPF/REQUIRES b/test/scripts/4600-SPF/REQUIRES index c4c433924..0fde5fb3f 100644 --- a/test/scripts/4600-SPF/REQUIRES +++ b/test/scripts/4600-SPF/REQUIRES @@ -1 +1 @@ -support Experimental_SPF +support SPF |