[Test] SPF for relay

rspamd · Dec 6, 2019 · def24b4 · def24b4
2 parents 5eee098 + 6dc4448
commit def24b4
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 29 deletions.
diff --git a/lualib/rspamadm/dns_tool.lua b/lualib/rspamadm/dns_tool.lua
@@ -183,7 +183,7 @@ local function spf_handler(opts)
         end
       else
         printf('Error getting SPF record: %s (%s flag)', err,
-            flag_to_str(flag_or_policy))
+            flag_to_str(flag_or_policy or flags))
       end
     else
       printf('Cannot get SPF record: %s', err)

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
@@ -111,6 +111,10 @@ struct rspamd_spf_library_ctx *spf_lib_ctx = NULL;
         rspamd_spf_log_id, "spf", rec->task->task_pool->tag.uid, \
         G_STRFUNC, \
         __VA_ARGS__)
+#define msg_debug_spf_flatten(...)  rspamd_conditional_debug_fast_num_id (NULL, NULL, \
+        rspamd_spf_log_id, "spf", (flat)->digest, \
+        G_STRFUNC, \
+        __VA_ARGS__)
 
 INIT_LOG_MODULE(spf)
 
@@ -157,6 +161,14 @@ RSPAMD_DESTRUCTOR(rspamd_spf_lib_ctx_dtor) {
 	spf_lib_ctx = NULL;
 }
 
+static void
+spf_record_cached_unref_dtor (gpointer p)
+{
+	struct spf_resolved *flat = (struct spf_resolved *)p;
+
+	_spf_record_unref (flat, "LRU cache");
+}
+
 void
 spf_library_config (const ucl_object_t *obj)
 {
@@ -207,16 +219,16 @@ spf_library_config (const ucl_object_t *obj)
 		if (ucl_object_toint_safe (value, &ival) && ival > 0) {
 			spf_lib_ctx->spf_hash = rspamd_lru_hash_new (
 					ival,
-					NULL,
-					(GDestroyNotify) spf_record_unref);
+					g_free,
+					spf_record_cached_unref_dtor);
 		}
 	}
 	else {
 		/* Preserve compatibility */
 		spf_lib_ctx->spf_hash = rspamd_lru_hash_new (
 				2048,
-				NULL,
-				(GDestroyNotify) spf_record_unref);
+				g_free,
+				spf_record_cached_unref_dtor);
 	}
 }
 
@@ -594,7 +606,8 @@ rspamd_spf_maybe_return (struct spf_record *rec)
 
 			if (spf_lib_ctx->spf_hash) {
 				rspamd_lru_hash_insert (spf_lib_ctx->spf_hash,
-						flat->domain, spf_record_ref (flat),
+						g_strdup (flat->domain),
+						spf_record_ref (flat),
 						flat->timestamp, flat->ttl);
 
 				msg_info_task ("stored record for %s (0x%xuL) in LRU cache for %d seconds, "
@@ -608,7 +621,7 @@ rspamd_spf_maybe_return (struct spf_record *rec)
 		}
 
 		rec->callback (flat, rec->task, rec->cbdata);
-		REF_RELEASE (flat);
+		spf_record_unref (flat);
 		rec->done = TRUE;
 	}
 }
@@ -2471,16 +2484,18 @@ rspamd_spf_resolve (struct rspamd_task *task, spf_cb_t callback,
 }
 
 struct spf_resolved *
-spf_record_ref (struct spf_resolved *rec)
+_spf_record_ref (struct spf_resolved *flat, const gchar *loc)
 {
-	REF_RETAIN (rec);
-	return rec;
+	msg_debug_spf_flatten ("record ref %s; refcount=%d++", loc, flat->ref.refcount);
+	REF_RETAIN (flat);
+	return flat;
 }
 
 void
-spf_record_unref (struct spf_resolved *rec)
+_spf_record_unref (struct spf_resolved *flat, const gchar *loc)
 {
-	REF_RELEASE (rec);
+	msg_debug_spf_flatten ("record unref %s; refcount=%d--", loc, flat->ref.refcount);
+	REF_RELEASE (flat);
 }
 
 gchar *

diff --git a/src/libserver/spf.h b/src/libserver/spf.h
@@ -108,12 +108,15 @@ struct rspamd_spf_cred *rspamd_spf_get_cred (struct rspamd_task *task);
 /*
  * Increase refcount
  */
-struct spf_resolved *spf_record_ref (struct spf_resolved *rec);
-
+struct spf_resolved *_spf_record_ref (struct spf_resolved *rec, const gchar *loc);
+#define spf_record_ref(rec) \
+    _spf_record_ref ((rec), G_STRLOC)
 /*
  * Decrease refcount
  */
-void spf_record_unref (struct spf_resolved *rec);
+void _spf_record_unref (struct spf_resolved *rec, const gchar *loc);
+#define spf_record_unref(rec) \
+    _spf_record_unref((rec), G_STRLOC)
 
 /**
  * Prints address + mask in a freshly allocated string (must be freed)

diff --git a/src/libutil/logger.c b/src/libutil/logger.c
@@ -1368,6 +1368,42 @@ rspamd_conditional_debug_fast (rspamd_logger_t *rspamd_log,
 	}
 }
 
+void
+rspamd_conditional_debug_fast_num_id (rspamd_logger_t *rspamd_log,
+							   rspamd_inet_addr_t *addr,
+							   guint mod_id, const gchar *module, guint64 id,
+							   const gchar *function, const gchar *fmt, ...)
+{
+	static gchar logbuf[LOGBUF_LEN], idbuf[64];
+	va_list vp;
+	gchar *end;
+
+	if (rspamd_log == NULL) {
+		rspamd_log = default_logger;
+	}
+
+	if (rspamd_logger_need_log (rspamd_log, G_LOG_LEVEL_DEBUG, mod_id) ||
+		rspamd_log->is_debug) {
+		if (rspamd_log->debug_ip && addr != NULL) {
+			if (rspamd_match_radix_map_addr (rspamd_log->debug_ip, addr)
+				== NULL) {
+				return;
+			}
+		}
+
+		rspamd_snprintf (idbuf, sizeof (idbuf), "%XuL", id);
+		va_start (vp, fmt);
+		end = rspamd_vsnprintf (logbuf, sizeof (logbuf), fmt, vp);
+		*end = '\0';
+		va_end (vp);
+		rspamd_log->log_func (module, idbuf,
+				function,
+				G_LOG_LEVEL_DEBUG | RSPAMD_LOG_FORCED,
+				logbuf,
+				rspamd_log);
+	}
+}
+
 /**
  * Wrapper for glib logger
  */

diff --git a/src/libutil/logger.h b/src/libutil/logger.h
@@ -133,7 +133,13 @@ void rspamd_conditional_debug (rspamd_logger_t *logger,
 
 void rspamd_conditional_debug_fast (rspamd_logger_t *logger,
 									rspamd_inet_addr_t *addr,
-									guint mod_id, const gchar *module, const gchar *id,
+									guint mod_id,
+									const gchar *module, const gchar *id,
+									const gchar *function, const gchar *fmt, ...);
+void rspamd_conditional_debug_fast_num_id (rspamd_logger_t *logger,
+									rspamd_inet_addr_t *addr,
+									guint mod_id,
+									const gchar *module, guint64 id,
 									const gchar *function, const gchar *fmt, ...);
 
 /**

diff --git a/src/lua/lua_spf.c b/src/lua/lua_spf.c
@@ -171,19 +171,21 @@ spf_lua_lib_callback (struct spf_resolved *record, struct rspamd_task *task,
 	if (record) {
 		if ((record->flags & RSPAMD_SPF_RESOLVED_NA)) {
 			lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_NA, NULL,
-					"no record found");
-		}
-		else if (record->elts->len == 0 && (record->flags & RSPAMD_SPF_RESOLVED_TEMP_FAILED)) {
-			lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_TEMP_FAILED, NULL,
-					"temporary resolution error");
-		}
-		else if (record->elts->len == 0 && (record->flags & RSPAMD_SPF_RESOLVED_PERM_FAILED)) {
-			lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_PERM_FAILED, NULL,
-					"permanent resolution error");
+					"no SPF record found");
 		}
 		else if (record->elts->len == 0) {
-			lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_PERM_FAILED, NULL,
-					"record is empty");
+			if (record->flags & RSPAMD_SPF_RESOLVED_PERM_FAILED) {
+				lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_PERM_FAILED, NULL,
+			"bad SPF record");
+			}
+			else if ((record->flags & RSPAMD_SPF_RESOLVED_TEMP_FAILED)) {
+				lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_TEMP_FAILED, NULL,
+						"temporary resolution error");
+			}
+			else {
+				lua_spf_push_result (cbd, RSPAMD_SPF_RESOLVED_PERM_FAILED, NULL,
+						"record is empty");
+			}
 		}
 		else if (record->domain) {
 			spf_record_ref (record);
@@ -226,7 +228,10 @@ lua_spf_resolve (lua_State * L)
 		/* TODO: make it as an optional parameter */
 		spf_cred = rspamd_spf_get_cred (task);
 		cbd->item = rspamd_symcache_get_cur_item (task);
-		rspamd_symcache_item_async_inc (task, cbd->item, "lua_spf");
+
+		if (cbd->item) {
+			rspamd_symcache_item_async_inc (task, cbd->item, "lua_spf");
+		}
 		REF_INIT_RETAIN (cbd, lua_spf_dtor);
 
 		if (!rspamd_spf_resolve (task, spf_lua_lib_callback, cbd, spf_cred)) {

diff --git a/test/functional/cases/117_spf.robot b/test/functional/cases/117_spf.robot
@@ -125,7 +125,7 @@ SPF PTRS
 SPF PERMFAIL REDIRECT WITHOUT SPF
   ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/dmarc/bad_dkim4.eml
   ...  -i  192.0.2.1  -F  a@fail1.org.org.za
-  Check Rspamc  ${result}  R_SPF_PERMFAIL
+  Check Rspamc  ${result}  R_SPF_DNSFAIL
 
 SPF EXTERNAL RELAY
   ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/external_relay.eml