SPF: additional variable $spf_result_guessed; tweak authresults string indicating guess

12 files changed, 60 insertions, 9 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 295cb15c1..a439a7b5e 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -12891,6 +12891,7 @@ is compiled with the content-scanning extension. For details, see section
 .vitem &$spf_header_comment$& &&&
        &$spf_received$& &&&
        &$spf_result$& &&&
+       &$spf_result_guessed$& &&&
        &$spf_smtp_comment$&
 These variables are only available if Exim is built with SPF support.
 For details see section &<<SECSPF>>&.
@@ -39348,6 +39349,11 @@ variables:
   one of pass, fail, softfail, none, neutral, permerror or
   temperror.
 
+.vitem &$spf_result_guessed$&
+.vindex &$spf_result_guessed$&
+  This boolean is trus only if a best-guess operation was used
+  and required in order to obtain a result.
+
 .vitem &$spf_smtp_comment$&
 .vindex &$spf_smtp_comment$&
   This contains a string that can be used in a SMTP response
diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index ba9aa6695..1c917aa15 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -605,7 +605,7 @@ if (dmarc_has_been_checked)
   {
   g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail);
   if (header_from_sender)
-    g = string_append(g, 2, US"header.from=", header_from_sender);
+    g = string_append(g, 2, US" header.from=", header_from_sender);
   }
 return g;
 }
diff --git a/src/src/expand.c b/src/src/expand.c
index f1c8544c9..a1ac7d198 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -710,6 +710,7 @@ static var_entry var_table[] = {
   { "spf_header_comment",  vtype_stringptr,   &spf_header_comment },
   { "spf_received",        vtype_stringptr,   &spf_received },
   { "spf_result",          vtype_stringptr,   &spf_result },
+  { "spf_result_guessed",  vtype_bool,        &spf_result_guessed },
   { "spf_smtp_comment",    vtype_stringptr,   &spf_smtp_comment },
 #endif
   { "spool_directory",     vtype_stringptr,   &spool_directory },
diff --git a/src/src/globals.c b/src/src/globals.c
index 55154646c..aed695066 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1382,6 +1382,7 @@ uschar *spf_guess              = US"v=spf1 a/24 mx/24 ptr ?all";
 uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
+BOOL    spf_result_guessed     = FALSE;
 uschar *spf_smtp_comment       = NULL;
 #endif
 
diff --git a/src/src/globals.h b/src/src/globals.h
index 7bd681fe9..66d6c26be 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -881,6 +881,7 @@ extern uschar *spf_guess;              /* spf best-guess record */
 extern uschar *spf_header_comment;     /* spf header comment */
 extern uschar *spf_received;           /* Received-SPF: header */
 extern uschar *spf_result;             /* spf result in string form */
+extern BOOL    spf_result_guessed;     /* spf result is of best-guess operation */
 extern uschar *spf_smtp_comment;       /* spf comment to include in SMTP reply */
 #endif
 extern BOOL    split_spool_directory;  /* TRUE to use multiple subdirs */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index c7eedf346..7d6298160 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2006,6 +2006,7 @@ prdr_requested = FALSE;
 #endif
 #ifdef SUPPORT_SPF
 spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL;
+spf_result_guessed = FALSE;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 dmarc_has_been_checked = dmarc_disable_verify = dmarc_enable_forensic = FALSE;
diff --git a/src/src/spf.c b/src/src/spf.c
index 12994a690..0f0a05d4d 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -112,7 +112,10 @@ else
   {
   /* get SPF result */
   if (action == SPF_PROCESS_FALLBACK)
+    {
     SPF_request_query_fallback(spf_request, &spf_response, CS spf_guess);
+    spf_result_guessed = TRUE;
+    }
   else
     SPF_request_query_mailfrom(spf_request, &spf_response);
 
@@ -151,10 +154,17 @@ return FAIL;
 gstring *
 authres_spf(gstring * g)
 {
+uschar * s;
 if (!spf_result) return g;
 
-return string_append(g, 4, US";\n\tspf=", spf_result,
-         US" smtp.mailfrom=", expand_string(US"$sender_address_domain"));
+g = string_append(g, 2, US";\n\tspf=", spf_result);
+if (spf_result_guessed)
+  g = string_cat(g, US" (best guess record for domain)");
+
+s = expand_string(US"$sender_address_domain");
+return s && *s
+  ? string_append(g, 2, US" smtp.mailfrom=", s)
+  : string_cat(g, US" smtp.mailfrom=<>");
 }
 
 
diff --git a/test/confs/4600 b/test/confs/4600
index 2934bf160..cce583909 100644
--- a/test/confs/4600
+++ b/test/confs/4600
@@ -13,7 +13,7 @@ begin acl
 check_rcpt:
   accept	hosts = 	HOSTIPV4
 		spf_guess =	pass
-		logwrite =	spf_result         $spf_result
+		logwrite =	spf_result         $spf_result (guess <$spf_result_guessed>)
 		logwrite =	spf_header_comment $spf_header_comment
 		logwrite =	spf_smtp_comment   $spf_smtp_comment
 		logwrite =	spf_received       $spf_received
@@ -28,7 +28,7 @@ check_rcpt:
 		logwrite =	${authresults {$primary_hostname}}
 
   deny
-		logwrite =	spf_result         $spf_result
+		logwrite =	spf_result         $spf_result (guess <$spf_result_guessed>)
 		logwrite =	spf_header_comment $spf_header_comment
 		logwrite =	spf_smtp_comment   $spf_smtp_comment
 		logwrite =	spf_received       $spf_received
diff --git a/test/log/4600 b/test/log/4600
index 4a5e6e3e3..c59607edb 100644
--- a/test/log/4600
+++ b/test/log/4600
@@ -1,14 +1,20 @@
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 spf_result         fail
+1999-03-02 09:44:33 spf_result         fail (guess <no>)
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: domain of example.com does not designate ip4.ip4.ip4.ip4 as permitted sender
 1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=a%40example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
 1999-03-02 09:44:33 spf_received       Received-SPF: fail (myhost.test.ex: domain of example.com does not designate ip4.ip4.ip4.ip4 as permitted sender) client-ip=ip4.ip4.ip4.ip4; envelope-from=a@example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=fail smtp.mailfrom=example.com
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<a@example.com> rejected RCPT <fred@test.ex>
+1999-03-02 09:44:33 spf_result         neutral (guess <yes>)
+1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
+1999-03-02 09:44:33 spf_smtp_comment   Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_received       Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
+1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
+1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>
 1999-03-02 09:44:33 spf_result         pass
 1999-03-02 09:44:33 spf_header_comment myhost.test.ex: localhost is always allowed.
 1999-03-02 09:44:33 spf_smtp_comment   
-1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=b@example.com; helo=testclient;
+1999-03-02 09:44:33 spf_received       Received-SPF: pass (myhost.test.ex: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=c@example.com; helo=testclient;
 1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n	spf=pass smtp.mailfrom=example.com
diff --git a/test/rejectlog/4600 b/test/rejectlog/4600
index 6eeab86c5..abd86c874 100644
--- a/test/rejectlog/4600
+++ b/test/rejectlog/4600
@@ -1,3 +1,4 @@
 
 ******** SERVER ********
 1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<a@example.com> rejected RCPT <fred@test.ex>
+1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>
diff --git a/test/scripts/4600-SPF/4600 b/test/scripts/4600-SPF/4600
index 3907f6861..825efb959 100644
--- a/test/scripts/4600-SPF/4600
+++ b/test/scripts/4600-SPF/4600
@@ -19,11 +19,21 @@ rcpt to:<fred@test.ex>
 ??? 550
 quit
 ****
+client HOSTIPV4 PORT_D
+??? 220
+helo testclient
+??? 250
+mail from:<b@test.example.com>
+??? 250
+rcpt to:<fred@test.ex>
+??? 550
+quit
+****
 client 127.0.0.1 PORT_D
 ??? 220
 helo testclient
 ??? 250
-mail from:<b@example.com>
+mail from:<c@example.com>
 ??? 250
 rcpt to:<fred@test.ex>
 ??? 250
diff --git a/test/stdout/4600 b/test/stdout/4600
index c33a531c2..3b75a04e3 100644
--- a/test/stdout/4600
+++ b/test/stdout/4600
@@ -12,13 +12,27 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
 <<< 550 Administrative prohibition
 >>> quit
 End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> helo testclient
+??? 250
+<<< 250 myhost.test.ex Hello testclient [ip4.ip4.ip4.ip4]
+>>> mail from:<b@test.example.com>
+??? 250
+<<< 250 OK
+>>> rcpt to:<fred@test.ex>
+??? 550
+<<< 550 Administrative prohibition
+>>> quit
+End of script
 Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
 >>> helo testclient
 ??? 250
 <<< 250 myhost.test.ex Hello testclient [127.0.0.1]
->>> mail from:<b@example.com>
+>>> mail from:<c@example.com>
 ??? 250
 <<< 250 OK
 >>> rcpt to:<fred@test.ex>