RMSPF v1.12 (2006.12.04 12:05) Changes since version 1.10 ------------------------------ Changes: - The negativ TTL (SPFDEFTTL) is now 30 minutes (before is was 2 hours). - Looking up the SPF record at the zone cut is disabled. - If the header of the cache file is damaged, it is repaired. (This change is not in RMSPF itself but in the database engine RamaDB). - The maximum number of lookups is increased to 20. Before it was 10. - SPFGetHostName() returns the host name also if it is not validated, but in this case the return value is SPF_Fail. Fixed bug: - If a label in a domain name was longer than 63 characters, then the result was "TempError". Now RMSPF acts as if the domain name does not exist. RMSPF v1.10 (2004.11.15 19:50) Changes since version 1.8 ------------------------------ New features: - You can have the cache in the memory. - SPFInit() has one more parameter: cachesize (size of cache in memory) - New function: SPFSetFallBack(). - New parameter 'domain' for SPFGetHostName(); - SPFHasMX() does not accept special IP addresses like 192.168.0.0/16. - SPFSetBestGuess() accepts two policies, one for IP addresses with an MX record and one for IP addresses with only an A record. - The macro "%/" expands to "/". Changes: - If the domain name does not contain at least one dot, or if it contains an invalid character, or if it is an IP address (without "[]"), then the routine immediately returns the result "None"/"Bad Domain". - "+all" in an included record is no longer ignored. - The routine does not store entries in the cache if the TTL is 1 sec or less. - If DnsQuery() returns DNS_INFO_NO_RECORDS, then it is called again bypassing the cache to get the correct return code. - If the 'client' parameter of SPFQuery() is given, then the 'ptr' mechanism checks it first. This 'client' parameter, if given, should be the verified host name of the client (A record pointing back to the IP address). - After a mechanism matched, unknown mechanisms are ignored. - If the 'client' parameter is given, the 'p' macro expands to the client, otherwise the if present in the list of PTR records, otherwise a subdomain of the if present in the list, otherwise the first domain in the list of PTR records. - "ip6:::FFFF:1.2.3.4" is treated as "ip4:1.2.3.4". - If the client IP address is an IPv4-mapped IPv6 address, then it is treated as an IPv4 address. That means that A records are looked up, not AAAA records. - The values returned by SPFHasMX() have changed. - XML support and the function SPFMSQuery() are removed. - The constants SPF_Error and SPF_Unknown are replaced with SPF_TempError and SPF_PermError. - The strings returned by SPFResultString() have changed: "Pass", "SoftFail", "Fail", "Neutral", "None", "TempError", "PermError" - If the name server returns NOTAUTH, it now means "TempFailure". (Before it meant "None"). - The maximum number of includes and redirects is reduced from 20 to 10. - If the contains other characters than 0x20..0x7E, then the result is "PermError". - The 'c' and 'r' macros are allowed in explanation texts only. - SPFQuery() returns result and reason. To get the result, the returned value must be masked with SPF_ResultMask. - SPFQuery() returns 'PermError' if the 'redirect' modfier appears more than once. - If there is more than one explanation TXT record, then no explanation is returned. - The delimiters in a macro are limited to: .-+,/_= - If a mechanism does a DNS lookup and the result is "Domain does not exist", then the mechanism continues as if the result was "No Records". - Only the SP is accepted. HT, LF, VT, FF and CR are not accepted anymore. - If there is an unknown macro, then the result is "PermError". - The macro syntax must be strictly followed. Otherwise SPF_PermError is returned. - If an SPF record includes itself, then RMSPF aborts with "PermError". - When processing a 'ptr' mechanism, if a DNS error occurs while doing the PTR lookup, then this mechanism fails to match. If a DNS error occurs while doing an A lookup, then that host name is skipped and the search continues. - When looking up MX or PTR records, RMSPF looks up at most 10 MX or PTR records. If there are more, then the result is "PermError". - RMSPF does not process more than 10 mechanisms that do DNS lookups. If there are more, then the result is "PermError". - If the domain has no SPF record and the domain is not at a zone cut and the domain at the zone cut has an SPF record, then RMSPF uses the SPF record of the zone cut instead. Fixed bugs: - The comparision with "v=spf1" was not case-insensitive. - Only 127.0.0.1 instead of 127.0.0.0/8 was treated as the localhost. - IPv6 address literals have not been recognized. - If there was not enough memory, the result was 'unknown' (PermError) instead of 'error' (TempError). - The explanation was also returned if the result was 'softfail' or 'neutral'. Now is it returned only if the result is 'fail'. - SPFSetWhiteList(), SPFSetBestGuess() and SPFSetOurDomain() crashed if the parameter was NULL.