Patch to build sid-filter as a "sid-check" utility

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Some time ago I said I would post a patch for building sid-filter as
a utility for manual SPF checking, and I've finally done that.  This
patch is available at
    ftp://ftp.netheaven.com/pub/sid-milter/nh-utility-0.2.9.patch

With this patch applied, sid-filter is unchanged unless NH_UTILITY is
defined for the build, e.g. with this line in site.config.m4:
APPENDDEF(`confENVDEF', `-DNH_UTILITY')

With that defined, sid-filter is built as a utility rather than a
milter.  After building, I rename it to "sid-check".  Usage is
	   sid-check ip-address mfrom-address [pra-address]

If no pra-address is specified, the mfrom-address is used for both the
SPF and PRA checks.  The checks are done by running the exact same
code (except for optional prints) as sid-filter, so it's handy for
seeing what sid-filter would do, especially in verbose (-v) mode.

As a trivial example, sendmail.net's SPF is
		  "v=spf1 mx ip4:209.246.26.40 ~all"
so mail from 209.246.26.40 should pass, and it does:

    # sid-check 209.246.26.40 jo...@se...
    sid-check for sid-milter version 0.2.9
    spf=Pass
    pra=Pass

Verbose mode is more interesting:

    # sid-check -v 209.246.26.40 jo...@se...
    sid-check for sid-milter version 0.2.9
    Using asynchronous resolver ...
    sm_marid_check_host_frame: ip=<209.246.26.40>, domain=<sendmail.net>, sender=<jo...@se...> depth=[-1]
    Trying: <v=spf1 mx ip4:209.246.26.40 ~all>
    Trying: <209.246.26.21>
    spf=Pass
    sm_marid_check_host_frame: ip=<209.246.26.40>, domain=<sendmail.net>, sender=<jo...@se...> depth=[-1]
    Trying: <v=spf1 mx ip4:209.246.26.40 ~all>
    Trying: <209.246.26.21>
    pra=Pass

As a much more complex example, v2.listbox.com has SPF record
		    "v=spf1 redirect=listbox.com"
and listbox.com's record is
"v=spf1 mx a:dream.listbox.com a:emerald.pobox.com mx:fallback-relay.pobox.com ptr redirect=%{l1r+}._at_.%{o2}._spf.pobox.com"

Picking an IP that's sure to fail and trimming the redundant PRA check:

    # sid-check -v 192.168.0.1 jo...@v2...
    sid-check for sid-milter version 0.2.9
    Using asynchronous resolver ...
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<v2.listbox.com>, sender=<jo...@v2...> depth=[-1]
    Trying: <v=spf1 redirect=listbox.com>
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<listbox.com>, sender=<jo...@v2...> depth=[0]
    Trying: <v=spf1 mx a:dream.listbox.com a:emerald.pobox.com mx:fallback-relay.pobox.com ptr redirect=%{l1r+}._at_.%{o2}._spf.pobox.com>
    Trying: <208.210.124.79>
    Trying: <208.58.1.195>
    Trying: <207.8.214.5>
    Trying: <207.8.214.6>
    Trying: <207.8.226.12>
    Trying: <208.58.1.197>
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<joe._at_.listbox.com._spf.pobox.com>, sender=<jo...@v2...> depth=[1]
    Trying: <v=spf1 ~all>
    spf=SoftFail

Note the expansion to "joe._at_.listbox.com._spf.pobox.com".  You
won't get that without the "NH_BACKFIX" fix from my patch for
0.2.8. Instead, you'll get this:

    # sid-check-nobackfix -v 192.168.0.1 jo...@v2...
    sid-check for sid-milter version 0.2.9
    Using asynchronous resolver ...
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<v2.listbox.com>, sender=<jo...@v2...> depth=[-1]
    Trying: <v=spf1 redirect=listbox.com>
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<listbox.com>, sender=<jo...@v2...> depth=[0]
    Trying: <v=spf1 mx a:dream.listbox.com a:emerald.pobox.com mx:fallback-relay.pobox.com ptr redirect=%{l1r+}._at_.%{o2}._spf.pobox.com>
    Trying: <207.8.214.5>
    Trying: <208.210.124.79>
    Trying: <208.58.1.195>
    Trying: <207.8.214.6>
    Trying: <207.8.226.12>
    Trying: <208.58.1.197>
    sm_marid_check_host_frame: ip=<192.168.0.1>, domain=<joe._at_..com._spf.pobox.com>, sender=<jo...@v2...> depth=[1]
    spf=Fail (MalformedDomain)

The "joe._at_..com._spf.pobox.com" comes from a bug in backwards
parsing during expansion of %{o2}.

I will be posting an updated patch for 0.2.9 (or later), but first I
need help from someone who builds the sid-check utility for something
other than a Linux box.  I need the output of

	sid-check -v 198.69.28.162 jo...@sp...

--
Dick St.Peters, stpeters@NetHeaven.com 
Gatekeeper, NetHeaven, Saratoga Springs, NY