commit 7404f80: [Feature] SPF: Allow to disable AAAA checks in configuration

Fri Oct 25 15:14:06 UTC 2019

Author: Vsevolod Stakhov
Date: 2019-10-25 16:11:47 +0100
URL: https://github.com/rspamd/rspamd/commit/7404f80d47ce4af8513611ffa29f742bf3934705 (HEAD -> master)

[Feature] SPF: Allow to disable AAAA checks in configuration

---
 src/libserver/spf.c | 83 ++++++++++++++++++++++++++++++++++++++---------------
 src/libserver/spf.h |  3 +-
 src/plugins/spf.c   | 33 +++++++--------------
 3 files changed, 71 insertions(+), 48 deletions(-)

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index d362a7293..b085467db 100644
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -66,6 +66,7 @@ struct rspamd_spf_library_ctx {
 	guint max_dns_nesting;
 	guint max_dns_requests;
 	guint min_cache_ttl;
+	gboolean disable_ipv6;
 };
 
 struct rspamd_spf_library_ctx *spf_lib_ctx = NULL;
@@ -144,6 +145,7 @@ RSPAMD_CONSTRUCTOR(rspamd_spf_lib_ctx_ctor) {
 	spf_lib_ctx->max_dns_nesting = SPF_MAX_NESTING;
 	spf_lib_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS;
 	spf_lib_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL;
+	spf_lib_ctx->disable_ipv6 = FALSE;
 }
 
 RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) {
@@ -152,20 +154,40 @@ RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) {
 }
 
 void
-spf_library_config (gint max_dns_nesting, gint max_dns_requests,
-						 gint min_cache_ttl)
+spf_library_config (const ucl_object_t *obj)
 {
-	if (max_dns_nesting >= 0) {
-		spf_lib_ctx->max_dns_nesting = max_dns_nesting;
+	const ucl_object_t *value;
+	guint64 ival;
+	bool bval;
+
+	if (obj == NULL) {
+		/* No specific config */
+		return;
+	}
+
+	if ((value = ucl_object_find_key (obj, "min_cache_ttl")) != NULL) {
+		if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+			spf_lib_ctx->min_cache_ttl = ival;
+		}
 	}
 
-	if (max_dns_requests >= 0) {
-		spf_lib_ctx->max_dns_requests = max_dns_requests;
+	if ((value = ucl_object_find_key (obj, "max_dns_nesting")) != NULL) {
+		if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+			spf_lib_ctx->max_dns_nesting = ival;
+		}
 	}
 
-	if (min_cache_ttl >= 0) {
-		spf_lib_ctx->min_cache_ttl = min_cache_ttl;
+	if ((value = ucl_object_find_key (obj, "max_dns_requests")) != NULL) {
+		if (ucl_object_toint_safe (value, &ival) && ival >= 0) {
+			spf_lib_ctx->max_dns_requests = ival;
+		}
+	}
+	if ((value = ucl_object_find_key (obj, "disable_ipv6")) != NULL) {
+		if (ucl_object_toboolean_safe (value, &bval)) {
+			spf_lib_ctx->disable_ipv6 = bval;
+		}
 	}
+
 }
 
 static gboolean start_spf_parse (struct spf_record *rec,
@@ -767,11 +789,16 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
 							cb->rec->requests_inflight++;
 						}
 
-						if (rspamd_dns_resolver_request_task_forced (task,
-								spf_record_dns_callback, (void *) cb,
-								RDNS_REQUEST_AAAA,
-								elt_data->content.mx.name)) {
-							cb->rec->requests_inflight++;
+						if (!spf_lib_ctx->disable_ipv6) {
+							if (rspamd_dns_resolver_request_task_forced (task,
+									spf_record_dns_callback, (void *) cb,
+									RDNS_REQUEST_AAAA,
+									elt_data->content.mx.name)) {
+								cb->rec->requests_inflight++;
+							}
+						}
+						else {
+							msg_debug_spf ("skip AAAA request for MX resolution");
 						}
 					}
 					else {
@@ -792,7 +819,7 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
 						/* Validate returned records prior to making A requests */
 						if (spf_check_ptr_host (cb,
 								elt_data->content.ptr.name)) {
-							msg_debug_spf ("resolve %s after resolving of PTR",
+							msg_debug_spf ("resolve PTR %s after resolving of PTR",
 									elt_data->content.ptr.name);
 							if (rspamd_dns_resolver_request_task_forced (task,
 									spf_record_dns_callback, (void *) cb,
@@ -800,11 +827,17 @@ spf_record_dns_callback (struct rdns_reply *reply, gpointer arg)
 									elt_data->content.ptr.name)) {
 								cb->rec->requests_inflight++;
 							}
-							if (rspamd_dns_resolver_request_task_forced (task,
-									spf_record_dns_callback, (void *) cb,
-									RDNS_REQUEST_AAAA,
-									elt_data->content.ptr.name)) {
-								cb->rec->requests_inflight++;
+
+							if (!spf_lib_ctx->disable_ipv6) {
+								if (rspamd_dns_resolver_request_task_forced (task,
+										spf_record_dns_callback, (void *) cb,
+										RDNS_REQUEST_AAAA,
+										elt_data->content.ptr.name)) {
+									cb->rec->requests_inflight++;
+								}
+							}
+							else {
+								msg_debug_spf ("skip AAAA request for PTR resolution");
 							}
 						}
 						else {
@@ -1149,11 +1182,15 @@ parse_spf_a (struct spf_record *rec,
 		cb->addr = addr;
 		cb->cur_action = SPF_RESOLVE_AAA;
 		cb->resolved = resolved;
-		msg_debug_spf ("resolve aaa %s", host);
 
-		if (rspamd_dns_resolver_request_task_forced (task,
-				spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) {
-			rec->requests_inflight++;
+		if (!spf_lib_ctx->disable_ipv6) {
+			if (rspamd_dns_resolver_request_task_forced (task,
+					spf_record_dns_callback, (void *) cb, RDNS_REQUEST_AAAA, host)) {
+				rec->requests_inflight++;
+			}
+		}
+		else {
+			msg_debug_spf ("skip AAAA request for a record resolution");
 		}
 
 		return TRUE;
diff --git a/src/libserver/spf.h b/src/libserver/spf.h
index cd8eaffac..e9ebbbdf9 100644
--- a/src/libserver/spf.h
+++ b/src/libserver/spf.h
@@ -117,8 +117,7 @@ gchar *spf_addr_mask_to_string (struct spf_addr *addr);
 struct spf_addr *spf_addr_match_task (struct rspamd_task *task,
 									  struct spf_resolved *rec);
 
-void spf_library_config (gint max_dns_nesting, gint max_dns_requests,
-		gint min_cache_ttl);
+void spf_library_config (const ucl_object_t *obj);
 
 #ifdef  __cplusplus
 }
diff --git a/src/plugins/spf.c b/src/plugins/spf.c
index 119d79b69..cc9dd7dd2 100644
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -62,10 +62,6 @@ struct spf_ctx {
 
 	gboolean check_local;
 	gboolean check_authed;
-
-	guint max_dns_nesting;
-	guint max_dns_requests;
-	guint min_cache_ttl;
 };
 
 static void spf_symbol_callback (struct rspamd_task *task,
@@ -103,9 +99,6 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 	spf_module_ctx = rspamd_mempool_alloc0 (cfg->cfg_pool,
 			sizeof (*spf_module_ctx));
 	*ctx = (struct module_ctx *)spf_module_ctx;
-	spf_module_ctx->min_cache_ttl = SPF_MIN_CACHE_TTL;
-	spf_module_ctx->max_dns_nesting = SPF_MAX_NESTING;
-	spf_module_ctx->max_dns_requests = SPF_MAX_DNS_REQUESTS;
 
 	rspamd_rcl_add_doc_by_path (cfg,
 			NULL,
@@ -226,6 +219,15 @@ spf_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 			RSPAMD_CL_FLAG_UINT,
 			NULL,
 			0);
+	rspamd_rcl_add_doc_by_path (cfg,
+			"spf",
+			"Disable ipv6 resolving when doing SPF resolution",
+			"disable_ipv6",
+			UCL_BOOLEAN,
+			NULL,
+			0,
+			NULL,
+			0);
 
 	return 0;
 }
@@ -327,22 +329,7 @@ spf_module_config (struct rspamd_config *cfg)
 		cache_size = DEFAULT_CACHE_SIZE;
 	}
 
-	if ((value =
-				 rspamd_config_get_module_opt (cfg, "spf", "min_cache_ttl")) != NULL) {
-		spf_module_ctx->min_cache_ttl = ucl_obj_toint (value);
-	}
-	if ((value =
-				  rspamd_config_get_module_opt (cfg, "spf", "max_dns_nesting")) != NULL) {
-		spf_module_ctx->max_dns_nesting = ucl_obj_toint (value);
-	}
-	if ((value =
-				 rspamd_config_get_module_opt (cfg, "spf", "max_dns_requests")) != NULL) {
-		spf_module_ctx->max_dns_requests = ucl_obj_toint (value);
-	}
-
-	spf_library_config (spf_module_ctx->max_dns_nesting,
-			spf_module_ctx->max_dns_requests,
-			spf_module_ctx->min_cache_ttl);
+	spf_library_config (ucl_obj_get_key (cfg->rcl_obj, "spf"));
 
 	if ((value =
 		rspamd_config_get_module_opt (cfg, "spf", "whitelist")) != NULL) {
