From 150961ab8910f301a0f053121ad6429b80f488ca Mon Sep 17 00:00:00 2001 From: martijn Date: Mon, 14 Sep 2020 09:48:08 +0000 Subject: Make "spf walk" report if an spf-record has macro's and can't be resolved. Originally reported by and OK on earlier version giovanni@ Looks good to deraadt@ feedback and OK jmc@ feedback semarie@ OK sthen@ --- usr.sbin/smtpd/smtpctl.8 | 11 ++++++++--- usr.sbin/smtpd/spfwalk.c | 10 ++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/usr.sbin/smtpd/smtpctl.8 b/usr.sbin/smtpd/smtpctl.8 index 1efcff63..b29f2063 100644 --- a/usr.sbin/smtpd/smtpctl.8 +++ b/usr.sbin/smtpd/smtpctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpctl.8,v 1.64 2018/09/18 06:21:45 miko Exp $ +.\" $OpenBSD: smtpctl.8,v 1.65 2020/09/14 09:48:08 martijn Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard .\" Copyright (c) 2012 Gilles Chehade @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 18 2018 $ +.Dd $Mdocdate: September 14 2020 $ .Dt SMTPCTL 8 .Os .Sh NAME @@ -247,8 +247,13 @@ Shows if MTA, MDA and SMTP systems are currently running or paused. Recursively look up SPF records for the domains read from stdin. For example: .Bd -literal -offset indent -# smtpctl spf walk < domains.txt +$ smtpctl spf walk < domains.txt .Ed +.Pp +SPF records may contain macros which cannot be included in a static list and +must be resolved dynamically at connection time. +.Cm spf walk +cannot provide full results in these cases. .It Cm trace Ar subsystem Enables real-time tracing of .Ar subsystem . diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c index 0832d1bc..d23f43a1 100644 --- a/usr.sbin/smtpd/spfwalk.c +++ b/usr.sbin/smtpd/spfwalk.c @@ -124,7 +124,17 @@ lookup_record(int type, const char *record, struct target *tgt) { struct asr_query *as; struct target *ntgt; + size_t i; + if (strchr(record, '%') != NULL) { + for (i = 0; record[i] != '\0'; i++) { + if (!isprint(record[i])) + record[i] = '?'; + } + warnx("%s: %s contains macros and can't be resolved", __func__, + record); + return; + } as = res_query_async(record, C_IN, type, NULL); if (as == NULL) err(1, "res_query_async"); -- cgit v1.2.3-59-g8ed1b