SPF: use exim facilities for DNS lookups

This enables testing with the testsuite

11 files changed, 110 insertions, 22 deletions

diff --git a/test/confs/4600 b/test/confs/4600
index a566535cd..34baa999b 100644
--- a/test/confs/4600
+++ b/test/confs/4600
@@ -20,7 +20,7 @@ check_rcpt:
 		logwrite =	${authresults {$primary_hostname}}
 
   accept	condition =	${if eq {$received_port}{PORT_S}}
-		spf =		pass : softfail : neutral
+		spf =		pass : softfail : neutral : none
 		logwrite =	spf_result         $spf_result
 		logwrite =	spf_header_comment $spf_header_comment
 		logwrite =	spf_smtp_comment   $spf_smtp_comment
diff --git a/test/dnszones-src/db.example.com b/test/dnszones-src/db.example.com
index ba0e35a2f..b9aca04d1 100644
--- a/test/dnszones-src/db.example.com
+++ b/test/dnszones-src/db.example.com
@@ -18,6 +18,10 @@
 
 example.com.     NS      exim.example.com.
 
+; The real example.com has an SPF record; duplicate that here
+
+example.com.	TXT     v=spf1 -all
+
 ; Alias A record for the local host, under the name "server1"
 
 server1     A       HOSTIPV4
diff --git a/test/log/4600 b/test/log/4600
index cafe722c9..195cb4b7b 100644
--- a/test/log/4600
+++ b/test/log/4600
@@ -1,18 +1,30 @@
 
 ******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S
-1999-03-02 09:44:33 spf_result         pass (guess <no>)
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S port PORT_N
+1999-03-02 09:44:33 spf_result         pass
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
 1999-03-02 09:44:33 spf_smtp_comment   
 1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=a@example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=pass smtp.mailfrom=example.com
-1999-03-02 09:44:33 spf_result         pass (guess <no>)
-1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
+1999-03-02 09:44:33 spf_result         none
+1999-03-02 09:44:33 spf_header_comment myhost.test.ex: domain of test.example.com does not provide an SPF record
 1999-03-02 09:44:33 spf_smtp_comment   
-1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=b@test.example.com; helo=testclient;
-1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=pass smtp.mailfrom=test.example.com
-1999-03-02 09:44:33 spf_result         pass
+1999-03-02 09:44:33 spf_received       Received-SPF: none (myhost.test.ex: domain of test.example.com does not provide an SPF record) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
+1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=none smtp.mailfrom=test.example.com
+1999-03-02 09:44:33 spf_result         pass (guess <no>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
 1999-03-02 09:44:33 spf_smtp_comment   
 1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=c@example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=pass smtp.mailfrom=example.com
+1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
+1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
+1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
+1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
+1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>
+1999-03-02 09:44:33 spf_result          (guess <no>)
+1999-03-02 09:44:33 spf_header_comment 
+1999-03-02 09:44:33 spf_smtp_comment   
+1999-03-02 09:44:33 spf_received       
+1999-03-02 09:44:33 Authentication-Results: myhost.test.ex
+1999-03-02 09:44:33 H=(testclient) [127.0.0.1] F=<c@example.com> rejected RCPT <fred@test.ex>
diff --git a/test/scripts/4600-SPF/4600 b/test/scripts/4600-SPF/4600
index d24fa9d94..582394879 100644
--- a/test/scripts/4600-SPF/4600
+++ b/test/scripts/4600-SPF/4600
@@ -1,15 +1,11 @@
 # acl condition and variables
 #
-# It is rather difficult to properly test spf.  We use libspf2 to do the work, and it
-# does the DNS lookups, so we cannot intercept them in the testsuite's usual fashion
-# to provide values for testcases.
+# The 127.0.0.1 source addr seems to be a builtin in the spf library; no dns lookup is done.
+# HOSTIPV4 does get a series of lookups (see server debug output to verify that).
 #
-# For now just check that what should be working syntax does not cause us to fall over.
-# Be careful with envelope-domains and IPs used for testcases, as real DNS lookups will be done.
-#
-exim -bd -DSERVER=server -oX PORT_D:PORT_S
+exim -bd -DSERVER=server -oX PORT_D:PORT_S:PORT_N
 ****
-client 127.0.0.1 PORT_D
+client 127.0.0.1 PORT_S
 ??? 220
 helo testclient
 ??? 250
@@ -19,7 +15,7 @@ rcpt to:<fred@test.ex>
 ??? 250
 quit
 ****
-client 127.0.0.1 PORT_D
+client HOSTIPV4 PORT_S
 ??? 220
 helo testclient
 ??? 250
@@ -29,7 +25,7 @@ rcpt to:<fred@test.ex>
 ??? 250
 quit
 ****
-client 127.0.0.1 PORT_S
+client 127.0.0.1 PORT_D
 ??? 220
 helo testclient
 ??? 250
@@ -39,5 +35,25 @@ rcpt to:<fred@test.ex>
 ??? 250
 quit
 ****
+client HOSTIPV4 PORT_D
+??? 220
+helo testclient
+??? 250
+mail from:<b@test.example.com>
+??? 250
+rcpt to:<fred@test.ex>
+??? 550
+quit
+****
+client 127.0.0.1 PORT_N
+??? 220
+helo testclient
+??? 250
+mail from:<c@example.com>
+??? 250
+rcpt to:<fred@test.ex>
+??? 550
+quit
+****
 #
 killdaemon
diff --git a/test/stderr/0275 b/test/stderr/0275
index af5aaef50..4b60d4e3f 100644
--- a/test/stderr/0275
+++ b/test/stderr/0275
@@ -361,6 +361,10 @@ test in helo_lookup_domains? no (end of list)
 sender_fullhost = (test) [127.0.0.1]
 sender_rcvhost = [127.0.0.1] (helo=test)
 set_process_info: pppp handling incoming connection from (test) [127.0.0.1]
+spf_init: test 127.0.0.1
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 SMTP>> 250 myhost.test.ex Hello test [127.0.0.1]
 SMTP<< MAIL FROM:<test@test.ex>
 spool directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 msg_size = 0
diff --git a/test/stderr/0303 b/test/stderr/0303
index 3ed99b66b..02b811307 100644
--- a/test/stderr/0303
+++ b/test/stderr/0303
@@ -68,6 +68,10 @@ SMTP<< EHLO [V4NET.2.3.4]
 sender_fullhost = ([V4NET.2.3.4]) [V4NET.2.3.4]
 sender_rcvhost = [V4NET.2.3.4]
 set_process_info: pppp handling incoming connection from ([V4NET.2.3.4]) [V4NET.2.3.4]
+spf_init: [V4NET.2.3.4] V4NET.2.3.4
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 host in dsn_advertise_hosts? no (option unset)
 host in pipelining_advertise_hosts? yes (matched "*")
 host in chunking_advertise_hosts? no (end of list)
@@ -142,6 +146,10 @@ SMTP<< EHLO [V4NET.2.3.4]
 sender_fullhost = host.name.tld [V4NET.2.3.4]
 sender_rcvhost = host.name.tld ([V4NET.2.3.4])
 set_process_info: pppp handling incoming connection from host.name.tld [V4NET.2.3.4]
+spf_init: [V4NET.2.3.4] V4NET.2.3.4
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 host in dsn_advertise_hosts? no (option unset)
 host in pipelining_advertise_hosts? yes (matched "*")
 host in chunking_advertise_hosts? no (end of list)
diff --git a/test/stderr/0371 b/test/stderr/0371
index 1546b0279..d31d61580 100644
--- a/test/stderr/0371
+++ b/test/stderr/0371
@@ -35,6 +35,10 @@ something in helo_lookup_domains? no (end of list)
 sender_fullhost = (something) [V4NET.0.0.0]
 sender_rcvhost = [V4NET.0.0.0] (helo=something)
 set_process_info: pppp handling incoming connection from (something) [V4NET.0.0.0]
+spf_init: something V4NET.0.0.0
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 host in dsn_advertise_hosts? no (option unset)
 host in pipelining_advertise_hosts? yes (matched "*")
 host in chunking_advertise_hosts? no (end of list)
diff --git a/test/stderr/0479 b/test/stderr/0479
index d62ca39f3..4f73548c1 100644
--- a/test/stderr/0479
+++ b/test/stderr/0479
@@ -27,6 +27,10 @@ SMTP<< helo [1.2.3.4]
 sender_fullhost = ([1.2.3.4]) [1.2.3.4]
 sender_rcvhost = [1.2.3.4]
 set_process_info: pppp handling incoming connection from ([1.2.3.4]) [1.2.3.4]
+spf_init: [1.2.3.4] 1.2.3.4
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 SMTP>> 250 the.local.host.name Hello [1.2.3.4] [1.2.3.4]
 SMTP<< mail from:<a@b>
 spool directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 msg_size = 0
diff --git a/test/stderr/0487 b/test/stderr/0487
index 887f78ef5..97acc460a 100644
--- a/test/stderr/0487
+++ b/test/stderr/0487
@@ -19,6 +19,10 @@ LOG: smtp_connection MAIN
 SMTP>> 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 smtp_setup_msg entered
 SMTP<< ehlo x.y
+spf_init: x.y NULL
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
  in dsn_advertise_hosts? no (option unset)
  in pipelining_advertise_hosts? yes (matched "*")
  in chunking_advertise_hosts? no (end of list)
diff --git a/test/stderr/3400 b/test/stderr/3400
index da04b7f37..c5d7c2787 100644
--- a/test/stderr/3400
+++ b/test/stderr/3400
@@ -432,6 +432,10 @@ testing.testing in helo_lookup_domains? no (end of list)
 sender_fullhost = (testing.testing) [10.0.0.5]
 sender_rcvhost = [10.0.0.5] (helo=testing.testing ident=CALLER)
 set_process_info: pppp handling incoming connection from (testing.testing) [10.0.0.5] U=CALLER
+spf_init: testing.testing 10.0.0.5
+SPF_dns_exim_new
+spf_compile.c:523    Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
+spf_compile.c:1210   Debug: Compiling record v=spf1 
 host in dsn_advertise_hosts? no (option unset)
 host in pipelining_advertise_hosts? yes (matched "*")
 host in "10.0.0.1"? no (end of list)
diff --git a/test/stdout/4600 b/test/stdout/4600
index e1089a58b..030d1ebd4 100644
--- a/test/stdout/4600
+++ b/test/stdout/4600
@@ -1,4 +1,4 @@
-Connecting to 127.0.0.1 port 1225 ... connected
+Connecting to 127.0.0.1 port 1224 ... connected
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 >>> helo testclient
@@ -12,12 +12,12 @@ Connecting to 127.0.0.1 port 1225 ... connected
 <<< 250 Accepted
 >>> quit
 End of script
-Connecting to 127.0.0.1 port 1225 ... connected
+Connecting to ip4.ip4.ip4.ip4 port 1224 ... connected
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 >>> helo testclient
 ??? 250
-<<< 250 myhost.test.ex Hello testclient [127.0.0.1]
+<<< 250 myhost.test.ex Hello testclient [ip4.ip4.ip4.ip4]
 >>> mail from:<b@test.example.com>
 ??? 250
 <<< 250 OK
@@ -26,7 +26,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 <<< 250 Accepted
 >>> quit
 End of script
-Connecting to 127.0.0.1 port 1224 ... connected
+Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 >>> helo testclient
@@ -40,3 +40,31 @@ Connecting to 127.0.0.1 port 1224 ... connected
 <<< 250 Accepted
 >>> quit
 End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> helo testclient
+??? 250
+<<< 250 myhost.test.ex Hello testclient [ip4.ip4.ip4.ip4]
+>>> mail from:<b@test.example.com>
+??? 250
+<<< 250 OK
+>>> rcpt to:<fred@test.ex>
+??? 550
+<<< 550 Administrative prohibition
+>>> quit
+End of script
+Connecting to 127.0.0.1 port 1223 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> helo testclient
+??? 250
+<<< 250 myhost.test.ex Hello testclient [127.0.0.1]
+>>> mail from:<c@example.com>
+??? 250
+<<< 250 OK
+>>> rcpt to:<fred@test.ex>
+??? 550
+<<< 550 Administrative prohibition
+>>> quit
+End of script