1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of either:
4  *
5  *   a) The GNU Lesser General Public License as published by the Free
6  *      Software Foundation; either version 2.1, or (at your option) any
7  *      later version,
8  *
9  *   OR
10  *
11  *   b) The two-clause BSD license.
12  *
13  * These licenses can be found with the distribution in the file LICENSES
14  */
15 
16 #ifndef INC_SPF_SERVER
17 #define INC_SPF_SERVER
18 
19 typedef struct SPF_server_struct SPF_server_t;
20 
21 #include "spf_record.h"
22 #include "spf_dns.h"
23 
24 #ifndef SPF_MAX_DNS_MECH
25 /* It is a bad idea to change this for two reasons.
26  *
27  * First, the obvious reason is the delays caused on the mail server
28  * you are running.  DNS lookups that timeout can be *very* time
29  * consuming, and even successful DNS lookups can take 200-500ms.
30  * Many MTAs can't afford to wait long and even 2sec is pretty bad.
31  *
32  * The second, and more important reason, is the SPF records come from
33  * a third party which may be malicious.  This third party can direct
34  * DNS lookups to be sent to anyone.  If there isn't a limit, then it
35  * is easy for someone to create a distributed denial of service
36  * attack simply by sending a bunch of emails.  Unlike the delays on
37  * your system caused by many DNS lookups, you might not even notice
38  * that you are being used as part of a DDoS attack.
39  */
40 #define SPF_MAX_DNS_MECH 10
41 #endif
42 #ifndef SPF_MAX_DNS_PTR
43 /* It is a bad idea to change this for the same reasons as mentioned
44  * above for SPF_MAX_DNS_MECH
45  */
46 #define SPF_MAX_DNS_PTR   10
47 #endif
48 #ifndef SPF_MAX_DNS_MX
49 /* It is a bad idea to change this for the same reasons as mentioned
50  * above for SPF_MAX_DNS_MECH
51  */
52 #define SPF_MAX_DNS_MX    10
53 #endif
54 
55 struct SPF_server_struct {
56 	SPF_dns_server_t*resolver;		/**< SPF DNS resolver. */
57 	SPF_record_t	*local_policy;	/**< Local policies. */
58 	SPF_macro_t		*explanation;	/**< Explanation string. */
59 
60 	char			*rec_dom;		/**< Default receiving domain. */
61 
62 	int				 max_dns_mech;	/**< DoS limit on SPF mechanisms. */
63 	int				 max_dns_ptr;	/**< DoS limit on PTR records. */
64 	int				 max_dns_mx;	/**< DoS limit on MX records. */
65 
66 	int				 sanitize;		/**< Limit charset in messages. */
67 	int				 debug;			/**< Print debug info. */
68 	int				 destroy_resolver;	/**< true if we own the resolver. */
69 };
70 
71 typedef
72 enum SPF_server_dnstype_enum {
73 	SPF_DNS_RESOLV, SPF_DNS_CACHE, SPF_DNS_ZONE
74 } SPF_server_dnstype_t;
75 
76 SPF_server_t	*SPF_server_new(SPF_server_dnstype_t dnstype,int debug);
77 SPF_server_t	*SPF_server_new_dns(SPF_dns_server_t *dns,int debug);
78 void			 SPF_server_free(SPF_server_t *sp);
79 SPF_errcode_t	 SPF_server_set_rec_dom(SPF_server_t *sp,
80 					const char *dom);
81 SPF_errcode_t	 SPF_server_set_sanitize(SPF_server_t *sp,
82 					int sanitize);
83 SPF_errcode_t	 SPF_server_set_explanation(SPF_server_t *sp,
84 					const char *exp, SPF_response_t **spf_responsep);
85 SPF_errcode_t	 SPF_server_set_localpolicy(SPF_server_t *sp,
86 					const char *policy, int use_default_whitelist,
87 					SPF_response_t **spf_responsep);
88 
89 SPF_errcode_t	 SPF_server_get_record(SPF_server_t *spf_server,
90 					SPF_request_t *spf_request,
91 					SPF_response_t *spf_response,
92 					SPF_record_t **spf_recordp);
93 
94 /**
95  * Prototypes for the various maximum accessors.
96  */
97 #define SPF_DECL_ACCESS_INT(f) \
98 	SPF_errcode_t \
99 		SPF_server_set_ ## f(SPF_server_t *spf_server, int n); \
100 	int \
101 		SPF_server_get_ ## f(SPF_server_t *spf_server);
102 
103 SPF_DECL_ACCESS_INT(max_dns_mech);
104 SPF_DECL_ACCESS_INT(max_dns_ptr);
105 SPF_DECL_ACCESS_INT(max_dns_mx);
106 
107 #endif
108