From 9d9c374678ae4b04869c90bc5980acfcfb68c336 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 1 May 2014 23:26:14 +0100 Subject: Support dnssec in verify-callout use of smtp transport. Use of dnslookup router support is already present. --- src/src/host.c | 2 +- src/src/lookups/dnsdb.c | 2 +- src/src/verify.c | 17 ++++++++++++++--- 3 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/src/host.c b/src/src/host.c index 05bcbe8c7..a1db7717e 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1624,7 +1624,7 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) { if (strcmpic(ordername, US"bydns") == 0) { - dns_init(FALSE, FALSE, FALSE); /*XXX dnssec? */ + dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */ dns_build_reverse(sender_host_address, buffer); rc = dns_lookup(&dnsa, buffer, T_PTR, NULL); diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index ef3376505..5c077fb31 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -362,7 +362,7 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) { if (defer_mode == DEFER) { - dns_init(FALSE, FALSE, FALSE); + dns_init(FALSE, FALSE, FALSE); /* clr dnssec bit */ return DEFER; /* always defer */ } if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */ diff --git a/src/src/verify.c b/src/src/verify.c index f799ff1de..c5ffdae4e 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -379,7 +379,7 @@ else if (Ustrcmp(addr->transport->driver_name, "smtp") != 0) else { smtp_transport_options_block *ob = - (smtp_transport_options_block *)(addr->transport->options_block); + (smtp_transport_options_block *)addr->transport->options_block; /* The information wasn't available in the cache, so we have to do a real callout and save the result in the cache for next time, unless no_cache is set, @@ -1749,9 +1749,20 @@ while (addr_new != NULL) string_is_ip_address(host->name, NULL) != 0) (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE); else + { + uschar * d_request = NULL, * d_require = NULL; + if (Ustrcmp(addr->transport->driver_name, "smtp") == 0) + { + smtp_transport_options_block * ob = + (smtp_transport_options_block *) + addr->transport->options_block; + d_request = ob->dnssec_request_domains; + d_require = ob->dnssec_require_domains; + } + (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL, - NULL, NULL, /*XXX todo: dnssec */ - &canonical_name, NULL); + d_request, d_require, &canonical_name, NULL); + } } } } -- cgit v1.2.3