From b8e976847808b6a4d1ba51ce70ee4f114d91e357 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 13 Aug 2019 11:58:10 +0100 Subject: SPF: use exim facilities for DNS lookups This enables testing with the testsuite --- test/confs/4600 | 2 +- test/dnszones-src/db.example.com | 4 ++++ test/log/4600 | 26 +++++++++++++++++++------- test/scripts/4600-SPF/4600 | 36 ++++++++++++++++++++++++++---------- test/stderr/0275 | 4 ++++ test/stderr/0303 | 8 ++++++++ test/stderr/0371 | 4 ++++ test/stderr/0479 | 4 ++++ test/stderr/0487 | 4 ++++ test/stderr/3400 | 4 ++++ test/stdout/4600 | 36 ++++++++++++++++++++++++++++++++---- 11 files changed, 110 insertions(+), 22 deletions(-) (limited to 'test') diff --git a/test/confs/4600 b/test/confs/4600 index a566535cd..34baa999b 100644 --- a/test/confs/4600 +++ b/test/confs/4600 @@ -20,7 +20,7 @@ check_rcpt: logwrite = ${authresults {$primary_hostname}} accept condition = ${if eq {$received_port}{PORT_S}} - spf = pass : softfail : neutral + spf = pass : softfail : neutral : none logwrite = spf_result $spf_result logwrite = spf_header_comment $spf_header_comment logwrite = spf_smtp_comment $spf_smtp_comment diff --git a/test/dnszones-src/db.example.com b/test/dnszones-src/db.example.com index ba0e35a2f..b9aca04d1 100644 --- a/test/dnszones-src/db.example.com +++ b/test/dnszones-src/db.example.com @@ -18,6 +18,10 @@ example.com. NS exim.example.com. +; The real example.com has an SPF record; duplicate that here + +example.com. TXT v=spf1 -all + ; Alias A record for the local host, under the name "server1" server1 A HOSTIPV4 diff --git a/test/log/4600 b/test/log/4600 index cafe722c9..195cb4b7b 100644 --- a/test/log/4600 +++ b/test/log/4600 @@ -1,18 +1,30 @@ ******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S -1999-03-02 09:44:33 spf_result pass (guess ) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D port PORT_S port PORT_N +1999-03-02 09:44:33 spf_result pass 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed. 1999-03-02 09:44:33 spf_smtp_comment 1999-03-02 09:44:33 spf_received Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=a@example.com; helo=testclient; 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=example.com -1999-03-02 09:44:33 spf_result pass (guess ) -1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed. +1999-03-02 09:44:33 spf_result none +1999-03-02 09:44:33 spf_header_comment myhost.test.ex: domain of test.example.com does not provide an SPF record 1999-03-02 09:44:33 spf_smtp_comment -1999-03-02 09:44:33 spf_received Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=b@test.example.com; helo=testclient; -1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=test.example.com -1999-03-02 09:44:33 spf_result pass +1999-03-02 09:44:33 spf_received Received-SPF: none (myhost.test.ex: domain of test.example.com does not provide an SPF record) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient; +1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=none smtp.mailfrom=test.example.com +1999-03-02 09:44:33 spf_result pass (guess ) 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed. 1999-03-02 09:44:33 spf_smtp_comment 1999-03-02 09:44:33 spf_received Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=c@example.com; helo=testclient; 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=example.com +1999-03-02 09:44:33 spf_result neutral (guess ) +1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com +1999-03-02 09:44:33 spf_smtp_comment Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism +1999-03-02 09:44:33 spf_received Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient; +1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com +1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F= rejected RCPT +1999-03-02 09:44:33 spf_result (guess ) +1999-03-02 09:44:33 spf_header_comment +1999-03-02 09:44:33 spf_smtp_comment +1999-03-02 09:44:33 spf_received +1999-03-02 09:44:33 Authentication-Results: myhost.test.ex +1999-03-02 09:44:33 H=(testclient) [127.0.0.1] F= rejected RCPT diff --git a/test/scripts/4600-SPF/4600 b/test/scripts/4600-SPF/4600 index d24fa9d94..582394879 100644 --- a/test/scripts/4600-SPF/4600 +++ b/test/scripts/4600-SPF/4600 @@ -1,15 +1,11 @@ # acl condition and variables # -# It is rather difficult to properly test spf. We use libspf2 to do the work, and it -# does the DNS lookups, so we cannot intercept them in the testsuite's usual fashion -# to provide values for testcases. +# The 127.0.0.1 source addr seems to be a builtin in the spf library; no dns lookup is done. +# HOSTIPV4 does get a series of lookups (see server debug output to verify that). # -# For now just check that what should be working syntax does not cause us to fall over. -# Be careful with envelope-domains and IPs used for testcases, as real DNS lookups will be done. -# -exim -bd -DSERVER=server -oX PORT_D:PORT_S +exim -bd -DSERVER=server -oX PORT_D:PORT_S:PORT_N **** -client 127.0.0.1 PORT_D +client 127.0.0.1 PORT_S ??? 220 helo testclient ??? 250 @@ -19,7 +15,7 @@ rcpt to: ??? 250 quit **** -client 127.0.0.1 PORT_D +client HOSTIPV4 PORT_S ??? 220 helo testclient ??? 250 @@ -29,7 +25,7 @@ rcpt to: ??? 250 quit **** -client 127.0.0.1 PORT_S +client 127.0.0.1 PORT_D ??? 220 helo testclient ??? 250 @@ -39,5 +35,25 @@ rcpt to: ??? 250 quit **** +client HOSTIPV4 PORT_D +??? 220 +helo testclient +??? 250 +mail from: +??? 250 +rcpt to: +??? 550 +quit +**** +client 127.0.0.1 PORT_N +??? 220 +helo testclient +??? 250 +mail from: +??? 250 +rcpt to: +??? 550 +quit +**** # killdaemon diff --git a/test/stderr/0275 b/test/stderr/0275 index af5aaef50..4b60d4e3f 100644 --- a/test/stderr/0275 +++ b/test/stderr/0275 @@ -361,6 +361,10 @@ test in helo_lookup_domains? no (end of list) sender_fullhost = (test) [127.0.0.1] sender_rcvhost = [127.0.0.1] (helo=test) set_process_info: pppp handling incoming connection from (test) [127.0.0.1] +spf_init: test 127.0.0.1 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 SMTP>> 250 myhost.test.ex Hello test [127.0.0.1] SMTP<< MAIL FROM: spool directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 msg_size = 0 diff --git a/test/stderr/0303 b/test/stderr/0303 index 3ed99b66b..02b811307 100644 --- a/test/stderr/0303 +++ b/test/stderr/0303 @@ -68,6 +68,10 @@ SMTP<< EHLO [V4NET.2.3.4] sender_fullhost = ([V4NET.2.3.4]) [V4NET.2.3.4] sender_rcvhost = [V4NET.2.3.4] set_process_info: pppp handling incoming connection from ([V4NET.2.3.4]) [V4NET.2.3.4] +spf_init: [V4NET.2.3.4] V4NET.2.3.4 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in chunking_advertise_hosts? no (end of list) @@ -142,6 +146,10 @@ SMTP<< EHLO [V4NET.2.3.4] sender_fullhost = host.name.tld [V4NET.2.3.4] sender_rcvhost = host.name.tld ([V4NET.2.3.4]) set_process_info: pppp handling incoming connection from host.name.tld [V4NET.2.3.4] +spf_init: [V4NET.2.3.4] V4NET.2.3.4 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in chunking_advertise_hosts? no (end of list) diff --git a/test/stderr/0371 b/test/stderr/0371 index 1546b0279..d31d61580 100644 --- a/test/stderr/0371 +++ b/test/stderr/0371 @@ -35,6 +35,10 @@ something in helo_lookup_domains? no (end of list) sender_fullhost = (something) [V4NET.0.0.0] sender_rcvhost = [V4NET.0.0.0] (helo=something) set_process_info: pppp handling incoming connection from (something) [V4NET.0.0.0] +spf_init: something V4NET.0.0.0 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in chunking_advertise_hosts? no (end of list) diff --git a/test/stderr/0479 b/test/stderr/0479 index d62ca39f3..4f73548c1 100644 --- a/test/stderr/0479 +++ b/test/stderr/0479 @@ -27,6 +27,10 @@ SMTP<< helo [1.2.3.4] sender_fullhost = ([1.2.3.4]) [1.2.3.4] sender_rcvhost = [1.2.3.4] set_process_info: pppp handling incoming connection from ([1.2.3.4]) [1.2.3.4] +spf_init: [1.2.3.4] 1.2.3.4 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 SMTP>> 250 the.local.host.name Hello [1.2.3.4] [1.2.3.4] SMTP<< mail from: spool directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 msg_size = 0 diff --git a/test/stderr/0487 b/test/stderr/0487 index 887f78ef5..97acc460a 100644 --- a/test/stderr/0487 +++ b/test/stderr/0487 @@ -19,6 +19,10 @@ LOG: smtp_connection MAIN SMTP>> 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 smtp_setup_msg entered SMTP<< ehlo x.y +spf_init: x.y NULL +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 in dsn_advertise_hosts? no (option unset) in pipelining_advertise_hosts? yes (matched "*") in chunking_advertise_hosts? no (end of list) diff --git a/test/stderr/3400 b/test/stderr/3400 index da04b7f37..c5d7c2787 100644 --- a/test/stderr/3400 +++ b/test/stderr/3400 @@ -432,6 +432,10 @@ testing.testing in helo_lookup_domains? no (end of list) sender_fullhost = (testing.testing) [10.0.0.5] sender_rcvhost = [10.0.0.5] (helo=testing.testing ident=CALLER) set_process_info: pppp handling incoming connection from (testing.testing) [10.0.0.5] U=CALLER +spf_init: testing.testing 10.0.0.5 +SPF_dns_exim_new +spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R} +spf_compile.c:1210 Debug: Compiling record v=spf1 host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in "10.0.0.1"? no (end of list) diff --git a/test/stdout/4600 b/test/stdout/4600 index e1089a58b..030d1ebd4 100644 --- a/test/stdout/4600 +++ b/test/stdout/4600 @@ -1,4 +1,4 @@ -Connecting to 127.0.0.1 port 1225 ... connected +Connecting to 127.0.0.1 port 1224 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> helo testclient @@ -12,12 +12,12 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 250 Accepted >>> quit End of script -Connecting to 127.0.0.1 port 1225 ... connected +Connecting to ip4.ip4.ip4.ip4 port 1224 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> helo testclient ??? 250 -<<< 250 myhost.test.ex Hello testclient [127.0.0.1] +<<< 250 myhost.test.ex Hello testclient [ip4.ip4.ip4.ip4] >>> mail from: ??? 250 <<< 250 OK @@ -26,7 +26,7 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 250 Accepted >>> quit End of script -Connecting to 127.0.0.1 port 1224 ... connected +Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> helo testclient @@ -40,3 +40,31 @@ Connecting to 127.0.0.1 port 1224 ... connected <<< 250 Accepted >>> quit End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> helo testclient +??? 250 +<<< 250 myhost.test.ex Hello testclient [ip4.ip4.ip4.ip4] +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 550 +<<< 550 Administrative prohibition +>>> quit +End of script +Connecting to 127.0.0.1 port 1223 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> helo testclient +??? 250 +<<< 250 myhost.test.ex Hello testclient [127.0.0.1] +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 550 +<<< 550 Administrative prohibition +>>> quit +End of script -- cgit v1.2.3