From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 21 Dec 2015 11:11:21 +0000 (+0000)
Subject: Prefer spf1 records as spf2 records are usually rotten
X-Git-Tag: 1.1.0~232
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9dcf6a0b3f49b63be438d4cfefbcd315a14df6f;p=thirdparty%2Frspamd.git

Prefer spf1 records as spf2 records are usually rotten
---

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index b1dc9a1a10..a421d7a072 100644
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -1654,7 +1654,7 @@ static void
 spf_dns_callback (struct rdns_reply *reply, gpointer arg)
 {
 	struct spf_record *rec = arg;
-	struct rdns_reply_entry *elt;
+	struct rdns_reply_entry *elt, *selected = NULL;
 	struct spf_resolved_element *resolved;
 
 	rec->requests_inflight--;
@@ -1666,11 +1666,28 @@ spf_dns_callback (struct rdns_reply *reply, gpointer arg)
 			rec->ttl = reply->entries->ttl;
 		}
 
+		/*
+		 * We prefer spf version 1 as other records are mostly likely garbadge
+		 * or incorrect records (e.g. spf2 records)
+		 */
 		LL_FOREACH (reply->entries, elt) {
-			if (start_spf_parse (rec, resolved, elt->content.txt.data)) {
+			if (strncmp (elt->content.txt.data, "v=spf1", sizeof ("v=spf1") - 1)
+						== 0) {
+				selected = elt;
 				break;
 			}
 		}
+
+		if (!selected) {
+			LL_FOREACH (reply->entries, elt) {
+				if (start_spf_parse (rec, resolved, elt->content.txt.data)) {
+					break;
+				}
+			}
+		}
+		else {
+			start_spf_parse (rec, resolved, elt->content.txt.data);
+		}
 	}
 
 	rspamd_spf_maybe_return (rec);