shevek / libspf2

Implementation of the Sender Policy Framework for SMTP authorization
http://www.libspf2.net/
37 stars 32 forks source link

/**

/**

An example client implementation is in spf_example.c with a little more error checking. The basic cases are as follows:

The SPF server is reusable, and thread-safe. It must be freed using SPF_server_free.

@code SPF_server_t *spf_server = SPF_server_new(SPF_DNS_CACHE, 0); @endcode

Create a request, and set the relevant fields in it. Each setter method returns an SPF_errcode_t, which will inform you of error conditions, such as out-of-memory or invalid argument.

@code SPF_request_t *spf_request = SPF_request_new(spf_server); SPF_request_set_ipv4_str(spf_request, "123.45.6.7"); SPF_request_set_env_from(spf_request, "clientdomain.com"); @endcode

Now that we have built a query, we may execute it. It will use the SPF_server_t which was passed to the query constructor. As usual, the SPF_request_query_mailfrom method returns an error code, although much richer errors are returned inside the SPF_response_t - see spf_response.h for more details of that API.

@code SPF_response_t *spf_response = NULL; SPF_request_query_mailfrom(spf_request, &spf_response); printf("Result is %s\n", SPF_strresult(SPF_response_result(spf_response))); @endcode

When we have finished with the response, we must free it and the request.

@code SPF_response_free(spf_response); SPF_request_free(spf_request); @endcode

We can execute many requests in parallel threads on the same server, but before the program exits, we must free the server.

@code SPF_server_free(spf_server); @endcode

This program is free software; you can redistribute it and/or modify it under the terms of either:

a) the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1, or (at your option) any later version, or

OR

b) The two-clause BSD license.

Some code in the 'replace' subdirectory was obtained form other sources and have different, but compatible, licenses. These routines are used only when the native libraries for the OS do not contain these functions. You should review the licenses and copyright statments in these functions if you are using an OS that needs these functions.

Libspf2 is an implementation of the SPF specification as found at http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt or doc/draft-mengwong-spf-00.txt

Libspf2 is in beta testing and should only be used in production systems with caution. It has not been widely compiled and tested on machines with different operating systems, CPU architectures, or network configurations. It has not been audited for security errors.

While libspf2 is beta code, a lot of effort has been put into making it secure by design, and a great deal of effort has been put into the regression tests. Functions such as sprintf() are never used, things like snprintf() are used instead. There are few fixed sized buffers/arrays, instead, most data structures are dynamically allocated with the allocation sized recorded so I can check to make sure the buffer isn't overflowed. The return values from malloc() and other system calls are checked and handled as gracefully as I can. The valgrind program is regularly run to make sure that there are no memory leaks and reads/writes to invalid memory.

This code has been compiled and passed its regression tests on Debian Linux (sid/testing) on the x86, FreeBSD 4.3 (x86), FreeBSD 4.9 (x86??), NetBSD 1.62 (x86?), SunOS 5.8 on the ultrasparc, and a few others. It uses the autotools (autoconfig, libtools, automake, etc.) to try and make things more portable, so it will likely work on other systems also.

-wayne

*/