Prefer spf1 records as spf2 records are usually rotten

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index b1dc9a1a10cc6fc138babc9042dc11f2de5f6e5a..a421d7a072f1fc4f470486ed749842ec202aa023 100644 (file)
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -1654,7 +1654,7 @@ static void
 spf_dns_callback (struct rdns_reply *reply, gpointer arg)
 {
        struct spf_record *rec = arg;
-       struct rdns_reply_entry *elt;
+       struct rdns_reply_entry *elt, *selected = NULL;
        struct spf_resolved_element *resolved;
 
        rec->requests_inflight--;
@@ -1666,11 +1666,28 @@ spf_dns_callback (struct rdns_reply *reply, gpointer arg)
                        rec->ttl = reply->entries->ttl;
                }
 
+               /*
+                * We prefer spf version 1 as other records are mostly likely garbadge
+                * or incorrect records (e.g. spf2 records)
+                */
                LL_FOREACH (reply->entries, elt) {
-                       if (start_spf_parse (rec, resolved, elt->content.txt.data)) {
+                       if (strncmp (elt->content.txt.data, "v=spf1", sizeof ("v=spf1") - 1)
+                                               == 0) {
+                               selected = elt;
                                break;
                        }
                }
+
+               if (!selected) {
+                       LL_FOREACH (reply->entries, elt) {
+                               if (start_spf_parse (rec, resolved, elt->content.txt.data)) {
+                                       break;
+                               }
+                       }
+               }
+               else {
+                       start_spf_parse (rec, resolved, elt->content.txt.data);
+               }
        }
 
        rspamd_spf_maybe_return (rec);