summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt7
-rw-r--r--doc/doc-txt/NewStuff2
-rw-r--r--src/src/lookups/spf.c68
3 files changed, 50 insertions, 27 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 32d57d027..736ac0fe4 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -40323,7 +40323,11 @@ would relax host matching rules to a broader network range.
.cindex SPF "lookup expansion"
.cindex lookup spf
A lookup expansion is also available. It takes an email
-address as the key and an IP address as the database:
+address as the key and an IP address
+.new
+(v4 or v6)
+.wen
+as the database:
.code
${lookup {username@domain} spf {ip.ip.ip.ip}}
@@ -40331,7 +40335,6 @@ address as the key and an IP address as the database:
The lookup will return the same result strings as can appear in
&$spf_result$& (pass,fail,softfail,neutral,none,err_perm,err_temp).
-Currently, only IPv4 addresses are supported.
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index a416b8c1f..bcfbe7c77 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -31,6 +31,8 @@ Version 4.93
9. Router variables, $r_... settable from router options and usable in routers
and transports.
+10. The spf lookup now supports IPv6.
+
Version 4.92
--------------
diff --git a/src/src/lookups/spf.c b/src/src/lookups/spf.c
index 48d6ce3b5..6defad72b 100644
--- a/src/src/lookups/spf.c
+++ b/src/src/lookups/spf.c
@@ -35,50 +35,68 @@ static void dummy(int x) { dummy2(x-1); }
static void *
spf_open(uschar *filename, uschar **errmsg)
{
- SPF_server_t *spf_server = NULL;
- spf_server = SPF_server_new(SPF_DNS_CACHE, 0);
- if (spf_server == NULL) {
- *errmsg = US"SPF_server_new() failed";
- return NULL;
- }
+SPF_server_t *spf_server;
+if ((spf_server = SPF_server_new(SPF_DNS_CACHE, 0)))
return (void *) spf_server;
+*errmsg = US"SPF_server_new() failed";
+return NULL;
}
static void
spf_close(void *handle)
{
- SPF_server_t *spf_server = handle;
- if (spf_server) SPF_server_free(spf_server);
+SPF_server_t *spf_server = handle;
+if (spf_server) SPF_server_free(spf_server);
}
static int
spf_find(void *handle, uschar *filename, const uschar *keystring, int key_len,
uschar **result, uschar **errmsg, uint *do_cache)
{
- SPF_server_t *spf_server = handle;
- SPF_request_t *spf_request = NULL;
- SPF_response_t *spf_response = NULL;
+SPF_server_t *spf_server = handle;
+SPF_request_t *spf_request;
+SPF_response_t *spf_response = NULL;
+
+if (!(spf_request = SPF_request_new(spf_server)))
+ {
+ *errmsg = US"SPF_request_new() failed";
+ return FAIL;
+ }
- spf_request = SPF_request_new(spf_server);
- if (spf_request == NULL) {
- *errmsg = US"SPF_request_new() failed";
+#if HAVE_IPV6
+switch (string_is_ip_address(filename, NULL))
+ {
+ case 4:
+#endif
+ if (!SPF_request_set_ipv4_str(spf_request, CS filename))
+ break;
+ *errmsg = string_sprintf("invalid IPv4 address '%s'", filename);
return FAIL;
- }
+#if HAVE_IPV6
- if (SPF_request_set_ipv4_str(spf_request, CS filename)) {
- *errmsg = string_sprintf("invalid IP address '%s'", filename);
+ case 6:
+ if (!SPF_request_set_ipv6_str(spf_request, CS filename))
+ break;
+ *errmsg = string_sprintf("invalid IPv6 address '%s'", filename);
return FAIL;
- }
- if (SPF_request_set_env_from(spf_request, CS keystring)) {
- *errmsg = string_sprintf("invalid envelope from address '%s'", keystring);
+
+ default:
+ *errmsg = string_sprintf("invalid IP address '%s'", filename);
return FAIL;
}
+#endif
+
+if (SPF_request_set_env_from(spf_request, CS keystring))
+ {
+ *errmsg = string_sprintf("invalid envelope from address '%s'", keystring);
+ return FAIL;
+}
- SPF_request_query_mailfrom(spf_request, &spf_response);
- *result = string_copy(US SPF_strresult(SPF_response_result(spf_response)));
- SPF_response_free(spf_response);
- SPF_request_free(spf_request);
- return OK;
+SPF_request_query_mailfrom(spf_request, &spf_response);
+*result = string_copy(US SPF_strresult(SPF_response_result(spf_response)));
+SPF_response_free(spf_response);
+SPF_request_free(spf_request);
+return OK;
}