From: Jean-Marc Pigeon <jmp@safe.c>
Date: Sun, 16 Nov 2025 21:53:44 +0000 (-0500)
Subject: Detecting wrong SPF
X-Git-Tag: tag-0.18~33
X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=26d9aa9a114f85c35d6c3ba9f4dd9a864b2c92db;p=jmp%2Fmailleur

Detecting wrong SPF
---

diff --git a/lib/lvleml.c b/lib/lvleml.c
index 91c7faf..5592692 100644
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -1773,7 +1773,7 @@ while (proceed==true) {
       break;
     case 5      :       //Checking if the SPF is good from the originator
       contact->fromspf=spf_getspf(mailfrom,contact->peerip);
-      (void) rou_dbglive(5,OPEP,"found SPF for <%s/[%s]> SPF set to <%s>",
+      (void) rou_dbglive(5,OPEP,"found SPF for <%s/[%s]> to be <%s>",
                                   mailfrom,contact->peerip,
                                   spf_spfASCII(contact->fromspf));
       break;
@@ -1854,8 +1854,8 @@ while (proceed==true) {
     case 4      :       //Do we have a domain MX
       if (setlocdom(contact,neu)==false) {
         (void) note_rcpt(contact,rcptto,MISSMX,"5.6.4 %s (domain=%s)",
-                                              "No valid MX found for recipient "
-                                              "domain name",neu->domain);
+                                               "No valid MX found for recipient "
+                                               "domain name",neu->domain);
         phase=999;      //no need to go further
         }
       break;
@@ -1878,13 +1878,32 @@ while (proceed==true) {
           break;
         }
       break;
-    case 6      :       //Storing rcpt to
+    case 6      :       //IS originator spf good enough
+      switch (contact->fromspf) {
+        case spf_pass   :       //good SPF
+          break;
+        case spf_fail   :       //Bad SPF
+          (void) eml_transmit(contact,true,"%d 5.6.6 %s from IP=[%s]",
+                                            FAILED,
+                                            "Relaying not allowed",
+                                            contact->peerip);
+          break;
+        default :
+          (void) eml_transmit(contact,true,"%d 5.6.6 %s (domain=%s SPF unknown)",
+                                            FAILED,
+                                            "Originator domain BAD SPF definition",
+                                            neu->domain);
+          phase=999;      //no need to go further
+          break;
+        }
+      break;
+    case 7      :       //Storing rcpt to
       if (eml_addrecipient(&(contact->recipients),neu)==false) {
         detail="duplicate recipients will be consolidated";
         neu=eml_freerecipient(neu);
         }
       break;
-    case 7      :       //everything ok
+    case 8      :       //everything ok
       (void) note_rcpt(contact,rcptto,CMDOK,"5.6.7 %s <%s>",detail,rcptto);
       success=true;
       break;
diff --git a/lib/lvleml.h b/lib/lvleml.h
index a26487c..864f533 100644
--- a/lib/lvleml.h
+++ b/lib/lvleml.h
@@ -37,7 +37,7 @@ typedef struct  {
         char *termend;          //contact ending condition
         SESTYP *session;        //SMTP current session information
         char *mailfrom;         //current mail from originator
-        SPFENU fromspf;         //remote email spf status
+        SPFENU fromspf;         //remote email SPF status
         RCPTYP **recipients;    //List of email recipient
         LOGPTR *logptr;         //reference to session log
         char *transout;         //data to be flush out to remote