1 /* 2 * This program is free software; you can redistribute it and/or modify 3 * it under the terms of either: 4 * 5 * a) The GNU Lesser General Public License as published by the Free 6 * Software Foundation; either version 2.1, or (at your option) any 7 * later version, 8 * 9 * OR 10 * 11 * b) The two-clause BSD license. 12 * 13 * These licenses can be found with the distribution in the file LICENSES 14 */ 15 16 #ifndef INC_SPF_SERVER 17 #define INC_SPF_SERVER 18 19 typedef struct SPF_server_struct SPF_server_t; 20 21 #include "spf_record.h" 22 #include "spf_dns.h" 23 24 #ifndef SPF_MAX_DNS_MECH 25 /* It is a bad idea to change this for two reasons. 26 * 27 * First, the obvious reason is the delays caused on the mail server 28 * you are running. DNS lookups that timeout can be *very* time 29 * consuming, and even successful DNS lookups can take 200-500ms. 30 * Many MTAs can't afford to wait long and even 2sec is pretty bad. 31 * 32 * The second, and more important reason, is the SPF records come from 33 * a third party which may be malicious. This third party can direct 34 * DNS lookups to be sent to anyone. If there isn't a limit, then it 35 * is easy for someone to create a distributed denial of service 36 * attack simply by sending a bunch of emails. Unlike the delays on 37 * your system caused by many DNS lookups, you might not even notice 38 * that you are being used as part of a DDoS attack. 39 */ 40 #define SPF_MAX_DNS_MECH 10 41 #endif 42 #ifndef SPF_MAX_DNS_PTR 43 /* It is a bad idea to change this for the same reasons as mentioned 44 * above for SPF_MAX_DNS_MECH 45 */ 46 #define SPF_MAX_DNS_PTR 10 47 #endif 48 #ifndef SPF_MAX_DNS_MX 49 /* It is a bad idea to change this for the same reasons as mentioned 50 * above for SPF_MAX_DNS_MECH 51 */ 52 #define SPF_MAX_DNS_MX 10 53 #endif 54 55 struct SPF_server_struct { 56 SPF_dns_server_t*resolver; /**< SPF DNS resolver. */ 57 SPF_record_t *local_policy; /**< Local policies. */ 58 SPF_macro_t *explanation; /**< Explanation string. */ 59 60 char *rec_dom; /**< Default receiving domain. */ 61 62 int max_dns_mech; /**< DoS limit on SPF mechanisms. */ 63 int max_dns_ptr; /**< DoS limit on PTR records. */ 64 int max_dns_mx; /**< DoS limit on MX records. */ 65 66 int sanitize; /**< Limit charset in messages. */ 67 int debug; /**< Print debug info. */ 68 int destroy_resolver; /**< true if we own the resolver. */ 69 }; 70 71 typedef 72 enum SPF_server_dnstype_enum { 73 SPF_DNS_RESOLV, SPF_DNS_CACHE, SPF_DNS_ZONE 74 } SPF_server_dnstype_t; 75 76 SPF_server_t *SPF_server_new(SPF_server_dnstype_t dnstype,int debug); 77 SPF_server_t *SPF_server_new_dns(SPF_dns_server_t *dns,int debug); 78 void SPF_server_free(SPF_server_t *sp); 79 SPF_errcode_t SPF_server_set_rec_dom(SPF_server_t *sp, 80 const char *dom); 81 SPF_errcode_t SPF_server_set_sanitize(SPF_server_t *sp, 82 int sanitize); 83 SPF_errcode_t SPF_server_set_explanation(SPF_server_t *sp, 84 const char *exp, SPF_response_t **spf_responsep); 85 SPF_errcode_t SPF_server_set_localpolicy(SPF_server_t *sp, 86 const char *policy, int use_default_whitelist, 87 SPF_response_t **spf_responsep); 88 89 SPF_errcode_t SPF_server_get_record(SPF_server_t *spf_server, 90 SPF_request_t *spf_request, 91 SPF_response_t *spf_response, 92 SPF_record_t **spf_recordp); 93 94 /** 95 * Prototypes for the various maximum accessors. 96 */ 97 #define SPF_DECL_ACCESS_INT(f) \ 98 SPF_errcode_t \ 99 SPF_server_set_ ## f(SPF_server_t *spf_server, int n); \ 100 int \ 101 SPF_server_get_ ## f(SPF_server_t *spf_server); 102 103 SPF_DECL_ACCESS_INT(max_dns_mech); 104 SPF_DECL_ACCESS_INT(max_dns_ptr); 105 SPF_DECL_ACCESS_INT(max_dns_mx); 106 107 #endif 108