Issues with vali.email SPF macros

[devicenull]

vali.email uses macros in their SPF records, they suggest a record of v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all

OpenDMARC reports SPF failures for any domains that are relying on this - after enabling DEBUG mode in libspf2 (and copy over some extra debugging into opendmarc), I was seeing the following issue:

ass start compute_length=1
 Item type=12 at 0x5559f4a6ae34
Pass end compute_length=1
Pass start compute_length=0
 Item type=12 at 0x5559f4a6ae34
Pass end compute_length=0
Pass start compute_length=1
 Item type=12 at 0x5559f4a69228
 Item type=1 at 0x5559f4a69258
 Item type=12 at 0x5559f4a6925c
 Item type=5 at 0x5559f4a69264
 Item type=12 at 0x5559f4a69268
 Item type=10 at 0x5559f4a69278
Pass end compute_length=1
Pass start compute_length=0
 Item type=12 at 0x5559f4a69228
 Item type=1 at 0x5559f4a69258
 Item type=12 at 0x5559f4a6925c
 Item type=5 at 0x5559f4a69264
 Item type=12 at 0x5559f4a69268
 Item type=10 at 0x5559f4a69278
Pass end compute_length=0
Pass start compute_length=1
 Item type=4 at 0x5559f4a6ae60
 Item type=12 at 0x5559f4a6ae64
 Item type=9 at 0x5559f4a6ae70
result = permerror (7)
err = Uninitialized variable (23)
spf response permerror

In this case, item type=9 is PARM_HELO_DOM in libspf2. In opendmarc_spf2_test, the HELO domain is only provided to libspf2 if opendmarc_spf2_test fails to find an mfrom domain. This seems to be incorrect, and that it should always provide the HELO domain to libspf2 if available.

Without the HELO domain, libspf2 can't create the proper DNS record for this sort of macro, which means opendmarc can't be used to receive mail from anyone using this service.

related to #176 (probably)

(Note: I'm not affiliated with valimail in any way, we're not even a customer)