From cff5a7b49c4151fdc55e085b150385259d0dc781 Mon Sep 17 00:00:00 2001
From: John Denker <jsd@av8n.com>
Date: Tue, 31 Jul 2012 18:48:21 -0700
Subject: might actually have a working SPF check

---
 tools/sepofra.c | 10 ++++++++--
 tools/sepofra.h |  1 +
 tools/skrewt.c  | 39 +++++++++++++++++++++++++++++++--------
 3 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/tools/sepofra.c b/tools/sepofra.c
index a0b9294..d41e5ad 100644
--- a/tools/sepofra.c
+++ b/tools/sepofra.c
@@ -2,12 +2,16 @@
 #include <sstream>
 
 #include "sepofra.h"
-
+#include "utils.h"
 
 #ifndef HOST_NAME_MAX
 #define HOST_NAME_MAX 255
 #endif
 
+///// Important reference:
+///// http://www.ietf.org/rfc/rfc4408.txt
+/////
+
 using namespace std;
 
 string domain_part(const string ema){
@@ -58,7 +62,8 @@ void sepofra::check(
   SPF_server_t*     spf_server = NULL;
   sepofra rslt;
   ip = opt_ip;
-  mailfrom = opt_mailfrom;
+  helo = opt_helo;
+  mailfrom = trim(opt_mailfrom, " \t\r\n<>");
   string mailfrom_domain = domain_part(opt_mailfrom);
 
   do {
@@ -139,6 +144,7 @@ string sepofra::explain() const {
     /* ( */  build << ")";
     build << " client-ip=" << ip << ";";
     build << " envelope-from=" << mailfrom << ";";
+    build << " helo=" << helo;
     return build.str();
 }
 
diff --git a/tools/sepofra.h b/tools/sepofra.h
index 89719fb..2e4b831 100644
--- a/tools/sepofra.h
+++ b/tools/sepofra.h
@@ -21,6 +21,7 @@ public:
   std::list<std::string> authorities;
   std::string ip;
   std::string mailfrom;
+  std::string helo;
   SPF_request_t*   spf_request;
   SPF_response_t* spf_response;
 
diff --git a/tools/skrewt.c b/tools/skrewt.c
index a7e144f..bcbfb16 100644
--- a/tools/skrewt.c
+++ b/tools/skrewt.c
@@ -39,6 +39,7 @@ void usage(const int sts){
 
 #include "qq_exit_codes.h"
 #include "utils.h"
+#include "sepofra.h"
 
 /////////////////////////////////////////////////////////
 // Case insensitive comparison of strings
@@ -224,8 +225,15 @@ Received: from ip68-231-191-153.tc.ph.cox.net (HELO asclepias.av8n.net) (smtp@68
 #endif
 
 #if 0   /* good for testing */
+// random mail from FAA
 /home/jsd/Maildir/cur/1343769926.24228.cloud\:2\,
 
+// has a good SPF result buried inside, at an earlier hop:
+/home/jsd/Maildir/cur/1342372942.24810.cloud:2,
+
+// has a good SPF as delivered to us:
+/home/jsd/Maildir/cur/1343671179.10420.cloud:2,
+
 // The following msg has no message-id, but does have an
 // authorized submitter:
 /home/jsd/Maildir/cur/1342363199.24320.cloud:2,
@@ -352,14 +360,29 @@ int skrewt::interstage(){
   if (saw_blank_line) {/* ignore */}
 // Note that the headers are in reverse-chronological order:
   cerr << progid <<" Return-path: " << return_path <<endl;
-  cerr << "        Received: " << received_from <<endl;
-  int rslt = krunch_rfrom();
-  if (rslt) return rslt;
-  cerr << "         rDNS:     " << proximta_rDNS << endl;
-  cerr << "         HELO:     " << proximta_HELO << endl;
-  cerr << "         IP:       "   << proximta_IP << endl;
-  cerr << "         AuthUser: "   << proximta_AuthUser << endl;
-  cerr << "         Mid       '"  << message_id << "'" << endl;
+
+  { // parse the 'Received: from' line:
+    cerr << "        Received: " << received_from <<endl;
+    int rslt = krunch_rfrom();
+    if (rslt) return rslt;
+    cerr << "         rDNS:     " << proximta_rDNS << endl;
+    cerr << "         HELO:     " << proximta_HELO << endl;
+    cerr << "         IP:       "   << proximta_IP << endl;
+    cerr << "         AuthUser: "   << proximta_AuthUser << endl;
+    cerr << "         Mid       '"  << message_id << "'" << endl;
+  }
+
+  sepofra my_spf;
+  try {
+    my_spf.check(proximta_IP,
+        proximta_HELO,
+        return_path,
+        "junk", 0/* verbosity */);
+    cerr << "*** " << my_spf.explain() << endl;
+  } catch (bad_thing foo) {
+    cerr << "Caught bad thing: " << foo.what() << endl;
+    return ex_syserr;
+  }
 
 // The logic here is:  In order:
 // 1) If whitelisted, accept.  No greylisting, no spam-checking.
-- 
cgit v1.2.3