SPF and DKIM checks

vendor/blitiri.com.ar/go/spf/.gitignore

@@ -0,0 +1,10 @@
+# Ignore anything beginning with a dot: these are usually temporary or
+# unimportant.
+.*
+
+# Exceptions to the rule above: files we care about that would otherwise be
+# excluded.
+!.gitignore
+
+# go-fuzz build artifacts.
+*-fuzz.zip

vendor/blitiri.com.ar/go/spf/LICENSE

@@ -0,0 +1,27 @@
+
+Licensed under the MIT licence, which is reproduced below (from
+https://opensource.org/licenses/MIT).
+
+-----
+
+Copyright (c) 2016
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+

vendor/blitiri.com.ar/go/spf/README.md

@@ -0,0 +1,49 @@
+
+# blitiri.com.ar/go/spf
+
+[![GoDoc](https://godoc.org/blitiri.com.ar/go/spf?status.svg)](https://pkg.go.dev/blitiri.com.ar/go/spf)
+[![Build Status](https://gitlab.com/albertito/spf/badges/master/pipeline.svg)](https://gitlab.com/albertito/spf/-/pipelines)
+[![Go Report Card](https://goreportcard.com/badge/github.com/albertito/spf)](https://goreportcard.com/report/github.com/albertito/spf)
+[![Coverage Status](https://coveralls.io/repos/github/albertito/spf/badge.svg?branch=next)](https://coveralls.io/github/albertito/spf)
+
+[spf](https://godoc.org/blitiri.com.ar/go/spf) is an open source
+implementation of the [Sender Policy Framework
+(SPF)](https://en.wikipedia.org/wiki/Sender_Policy_Framework) in Go.
+
+It is used by the [chasquid](https://blitiri.com.ar/p/chasquid/) and
+[maddy](https://maddy.email) SMTP servers.
+
+
+## Example
+
+```go
+// Check if `sender` is authorized to send from the given `ip`. The `domain`
+// is used if the sender doesn't have one.
+result, err := spf.CheckHostWithSender(ip, domain, sender)
+if result == spf.Fail {
+	// Not authorized to send.
+}
+```
+
+See the [package documentation](https://pkg.go.dev/blitiri.com.ar/go/spf) for
+more details.
+
+
+## Status
+
+All SPF mechanisms, modifiers, and macros are supported.
+
+The API should be considered stable. Major version changes will be announced
+to the mailing list (details below).
+
+
+## Contact
+
+If you have any questions, comments or patches please send them to the mailing
+list, `chasquid@googlegroups.com`.
+
+To subscribe, send an email to `chasquid+subscribe@googlegroups.com`.
+
+You can also browse the
+[archives](https://groups.google.com/forum/#!forum/chasquid).
+

vendor/blitiri.com.ar/go/spf/fuzz.go

@@ -0,0 +1,58 @@
+// Fuzz testing for package spf.
+//
+// Run it with:
+//
+//   go-fuzz-build blitiri.com.ar/go/spf
+//   go-fuzz -bin=./spf-fuzz.zip -workdir=testdata/fuzz
+//
+
+//go:build gofuzz
+// +build gofuzz
+
+package spf
+
+import (
+	"net"
+
+	"blitiri.com.ar/go/spf/internal/dnstest"
+)
+
+// Parsed IP addresses, for convenience.
+var (
+	ip1110 = net.ParseIP("1.1.1.0")
+	ip1111 = net.ParseIP("1.1.1.1")
+	ip6666 = net.ParseIP("2001:db8::68")
+	ip6660 = net.ParseIP("2001:db8::0")
+)
+
+// DNS resolver to use. Will be initialized once with the expected fixtures,
+// and then reused on each fuzz run.
+var dns = dnstest.NewResolver()
+
+func init() {
+	dns.Ip["d1111"] = []net.IP{ip1111}
+	dns.Ip["d1110"] = []net.IP{ip1110}
+	dns.Mx["d1110"] = []*net.MX{{"d1110", 5}, {"nothing", 10}}
+	dns.Ip["d6666"] = []net.IP{ip6666}
+	dns.Ip["d6660"] = []net.IP{ip6660}
+	dns.Mx["d6660"] = []*net.MX{{"d6660", 5}, {"nothing", 10}}
+	dns.Addr["2001:db8::68"] = []string{"sonlas6.", "domain.", "d6666."}
+	dns.Addr["1.1.1.1"] = []string{"lalala.", "domain.", "d1111."}
+}
+
+func Fuzz(data []byte) int {
+	// The domain's TXT record comes from the fuzzer.
+	dns.Txt["domain"] = []string{string(data)}
+
+	v4result, _ := CheckHostWithSender(
+		ip1111, "helo", "domain", WithResolver(dns))
+	v6result, _ := CheckHostWithSender(
+		ip6666, "helo", "domain", WithResolver(dns))
+
+	// Raise priority if any of the results was something other than
+	// PermError, as it means the data was better formed.
+	if v4result != PermError || v6result != PermError {
+		return 1
+	}
+	return 0
+}

vendor/blitiri.com.ar/go/spf/internal/dnstest/dns.go

@@ -0,0 +1,111 @@
+// DNS resolver for testing purposes.
+//
+// In the future, when go fuzz can make use of _test.go files, we can rename
+// this file dns_test.go and remove this extra package entirely.
+// Until then, unfortunately this is the most reasonable way to share these
+// helpers between go and fuzz tests.
+package dnstest
+
+import (
+	"context"
+	"net"
+	"strings"
+)
+
+// Testing DNS resolver.
+//
+// Not exported since this is not part of the public API and only used
+// internally on tests.
+//
+type TestResolver struct {
+	Txt    map[string][]string
+	Mx     map[string][]*net.MX
+	Ip     map[string][]net.IP
+	Addr   map[string][]string
+	Cname  map[string]string
+	Errors map[string]error
+}
+
+func NewResolver() *TestResolver {
+	return &TestResolver{
+		Txt:    map[string][]string{},
+		Mx:     map[string][]*net.MX{},
+		Ip:     map[string][]net.IP{},
+		Addr:   map[string][]string{},
+		Cname:  map[string]string{},
+		Errors: map[string]error{},
+	}
+}
+
+var nxDomainErr = &net.DNSError{
+	Err:        "domain not found (for testing)",
+	IsNotFound: true,
+}
+
+func (r *TestResolver) LookupTXT(ctx context.Context, domain string) (txts []string, err error) {
+	if ctx.Err() != nil {
+		return nil, ctx.Err()
+	}
+	domain = strings.ToLower(domain)
+	domain = strings.TrimRight(domain, ".")
+	if cname, ok := r.Cname[domain]; ok {
+		return r.LookupTXT(ctx, cname)
+	}
+	if _, ok := r.Txt[domain]; !ok && r.Errors[domain] == nil {
+		return nil, nxDomainErr
+	}
+	return r.Txt[domain], r.Errors[domain]
+}
+
+func (r *TestResolver) LookupMX(ctx context.Context, domain string) (mxs []*net.MX, err error) {
+	if ctx.Err() != nil {
+		return nil, ctx.Err()
+	}
+	domain = strings.ToLower(domain)
+	domain = strings.TrimRight(domain, ".")
+	if cname, ok := r.Cname[domain]; ok {
+		return r.LookupMX(ctx, cname)
+	}
+	if _, ok := r.Mx[domain]; !ok && r.Errors[domain] == nil {
+		return nil, nxDomainErr
+	}
+	return r.Mx[domain], r.Errors[domain]
+}
+
+func (r *TestResolver) LookupIPAddr(ctx context.Context, host string) (as []net.IPAddr, err error) {
+	if ctx.Err() != nil {
+		return nil, ctx.Err()
+	}
+	host = strings.ToLower(host)
+	host = strings.TrimRight(host, ".")
+	if cname, ok := r.Cname[host]; ok {
+		return r.LookupIPAddr(ctx, cname)
+	}
+	if _, ok := r.Ip[host]; !ok && r.Errors[host] == nil {
+		return nil, nxDomainErr
+	}
+	return ipsToAddrs(r.Ip[host]), r.Errors[host]
+}
+
+func ipsToAddrs(ips []net.IP) []net.IPAddr {
+	as := []net.IPAddr{}
+	for _, ip := range ips {
+		as = append(as, net.IPAddr{IP: ip, Zone: ""})
+	}
+	return as
+}
+
+func (r *TestResolver) LookupAddr(ctx context.Context, host string) (addrs []string, err error) {
+	if ctx.Err() != nil {
+		return nil, ctx.Err()
+	}
+	host = strings.ToLower(host)
+	host = strings.TrimRight(host, ".")
+	if cname, ok := r.Cname[host]; ok {
+		return r.LookupAddr(ctx, cname)
+	}
+	if _, ok := r.Addr[host]; !ok && r.Errors[host] == nil {
+		return nil, nxDomainErr
+	}
+	return r.Addr[host], r.Errors[host]
+}