For the last 4 years, I've used this little script to look a select domain's SPF records, get the associated IP addresses, and then add them to a group that could later be used for NoDelay or other ASSP settings.
It's worked great. One of the providers that I use it for just moved completely to SPF2.0/pra though. Mail::SPF::Query doesn't seem to support spf 2.0 / sender id. Any suggestions on how to get the SPF 2.0 record in perl? Here's the original script and how to use it: #!/usr/bin/perl -- # GetDomainIPSfromSPF v0.1 # Output all IP4 addresses, one per line, from a hostname's SPF record(s) # does NOT consider PTR records # Copyright (C) 2015 Ken Post under the terms of GPL v3 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License (http://www.gnu.org/licenses/) for more details. use strict; use warnings; use Mail::SPF::Query; # get initial hostname from the commandline my $hostname=shift @ARGV; RecurseSPF($hostname); sub RecurseSPF { my ($hostname) = @_ ; # get SPF record for the hostname. Using Mail::SPF::Query out of convenience, # bogus IP and helo sent my $query = eval { new Mail::SPF::Query ( ip => '1.1.1.1', sender => 'someone@' . $hostname, helo => 'helo' )}; # spf_record gets populated with the SPF record my ($result, $smtp_comment, $header_comment, $spf_record, $detail) = $query->result(); # split into an array of words based on spaces my @SplitSPFLines = split /\s+/, $spf_record; foreach (@SplitSPFLines) { # if the word starts include: or redirect: run RecurseSPF recursively again, # pulling up the SPF record for the referenced hostname if (/(include|redirect):/) { # strip off include:/redirect: s/(include|redirect)://; # run it recursively RecurseSPF($_); #if we've found and IP4 record, print that IP address (assumes validity) or range to stdout } elsif (/ip4:/) { s/ip4://; print $_."\n"; } } } I call this in the groups config file, like this: [GROUP-GOOGLE-IPS] exec:c:/perl/bin/perl.exe "c:\ASSP\GetDomainIPSfromSPF.pl" google.com
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
