diff --git a/src/libspf2/spf_interpret.c b/src/libspf2/spf_interpret.c index 78fa81a..6dbdd8d 100644 --- a/src/libspf2/spf_interpret.c +++ b/src/libspf2/spf_interpret.c @@ -594,10 +594,6 @@ SPF_record_interpret(SPF_record_t *spf_record, SPF_data_t *data; SPF_data_t *data_end; /* XXX Replace with size_t data_len */ - /* Where to insert the local policy (whitelist) */ - SPF_mech_t *local_policy; /* Not the local policy */ - int found_all; /* A crappy temporary. */ - char *buf = NULL; size_t buf_len = 0; ns_type fetch_ns_type; @@ -662,58 +658,6 @@ SPF_record_interpret(SPF_record_t *spf_record, #endif /* - * Do some start up stuff if we haven't recursed yet - */ - - local_policy = NULL; - - if ( spf_request->use_local_policy ) { - /* - * find the location for the whitelist execution - * - * Philip Gladstone says: - * - * I think that the localpolicy should only be inserted if the - * final mechanism is '-all', and it should be inserted after - * the last mechanism which is not '-'. - * - * Thus for the case of 'v=spf1 +a +mx -all', this would be - * interpreted as 'v=spf1 +a +mx +localpolicy -all'. Whereas - * 'v=spf1 -all' would remain the same (no non-'-' - * mechanism). 'v=spf1 +a +mx -exists:%stuff -all' would - * become 'v=spf1 +a +mx +localpolicy -exists:%stuff -all'. - */ - - if ( spf_server->local_policy ) { - mech = spf_record->mech_first; - - found_all = FALSE; - for(m = 0; m < spf_record->num_mech; m++) - { - if ( mech->mech_type == MECH_ALL - && (mech->prefix_type == PREFIX_FAIL - || mech->prefix_type == PREFIX_UNKNOWN - || mech->prefix_type == PREFIX_SOFTFAIL - ) - ) - found_all = TRUE; - - if ( mech->prefix_type != PREFIX_FAIL - && mech->prefix_type != PREFIX_SOFTFAIL - ) - local_policy = mech; - - mech = SPF_mech_next( mech ); - } - - if ( !found_all ) - local_policy = NULL; - } - - } - - - /* * evaluate the mechanisms */ @@ -751,6 +695,35 @@ SPF_record_interpret(SPF_record_t *spf_record, resolver = spf_server->resolver; + /* + * execute the local policy + */ + if ( spf_request->use_local_policy && spf_server->local_policy ) { + spf_request->use_local_policy = 0; + err = SPF_record_interpret(spf_server->local_policy, + spf_request, spf_response, depth + 1); + spf_request->use_local_policy = 1; + + if ( spf_server->debug > 0 ) + SPF_debugf( "local_policy: executed SPF record: %s result: %s reason: %s", + SPF_strerror( err ), + SPF_strresult( spf_response->result ), + SPF_strreason( spf_response->reason ) ); + + if (spf_response->result != SPF_RESULT_INVALID && + spf_response->result != SPF_RESULT_NONE && + spf_response->result != SPF_RESULT_NEUTRAL) { + SPF_FREE_LOOKUP_DATA(); + return err; + } + + if ( spf_server->debug > 0 ) + SPF_debugf( "local_policy: not definite", + SPF_strerror( err ), + SPF_strresult( spf_response->result ), + SPF_strreason( spf_response->reason ) ); + } + mech = spf_record->mech_first; for (m = 0; m < spf_record->num_mech; m++) { @@ -1256,26 +1229,6 @@ SPF_record_interpret(SPF_record_t *spf_record, break; } - /* - * execute the local policy - */ - - if ( mech == local_policy ) { - err = SPF_record_interpret(spf_server->local_policy, - spf_request, spf_response, depth + 1); - - if ( spf_server->debug > 0 ) - SPF_debugf( "local_policy: executed SPF record: %s result: %s reason: %s", - SPF_strerror( err ), - SPF_strresult( spf_response->result ), - SPF_strreason( spf_response->reason ) ); - - if (spf_response->result != SPF_RESULT_INVALID) { - SPF_FREE_LOOKUP_DATA(); - return err; - } - } - mech = SPF_mech_next( mech ); } diff --git a/src/libspf2/spf_request.c b/src/libspf2/spf_request.c index 7614141..9eb1774 100644 --- a/src/libspf2/spf_request.c +++ b/src/libspf2/spf_request.c @@ -47,6 +47,7 @@ SPF_request_new(SPF_server_t *spf_server) return sr; memset(sr, 0, sizeof(SPF_request_t)); + sr->use_local_policy = 1; sr->spf_server = spf_server; sr->client_ver = AF_UNSPEC; sr->ipv4.s_addr = htonl(INADDR_ANY);