Phil Pennock wrote:
> On 2009-07-28 at 22:26 +0200, MarkdV wrote:
>> Just playing, when I ran into:
>>
>> # exim -d+resolver -be
>> > ${lookup dnsdb{txt=_spf.google.com}}
>> database lookup required for txt=_spf.google.com
>> dnsdb key: _spf.google.com
>> DNS name syntax check failed: _spf.google.com (TXT)
>> lookup failed
>>
>> My guess is it doesn't like the underscore to start the name/label.
>>
>> Which seems like a bug because as far as I know underscores are only
>> illegal in hostnames. And not all _names_ in a domain name are also
>> _hostnames_. The name in an SRV record being the most well-known example.
>
> The SRV record is indeed special-cased from this, by skipping over the
> first two labels.
I'd be willing to call them _different_. Different from the host-names
that we see/use the most. And different from a lot of other records and
their specific syntax. But they are not special, at least no more - or
less - than any other record type. Ok, I admit I can be a bit pedantic
about these things. :)
> In fact, the underscore is also forbidden in mail-domains, which is
> often of more interest to Exim.
No coincidence. They need to be compatible with host-names for delivery
based on hostname when there are no MX records.
And I understand what/why dnsdb only supports only record types that are
relevant to the realm of mail delivery. Which is fine.
> Agreed though, that it's probably a bug that TXT record lookup, or in
> fact lookups for anything except A/AAAA/MX, apply the syntax checks.
>
> You can work around it with the "dns_check_names_pattern" option.
> Adjust the regexp to remove the underscore restrictions.
Thanks, hadn't thought of that.
> However, the SPF record for a domain is always associated with the
> domain itself (whether TXT or SPF); the _spf.google.com record exists to
> be used in things like the TXT record for gmail.com:
> gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
> and if you want to handle that, you need to use the Experimental SPF
> support; anything you do with checks in Exim directly will be somewhat
> fragile as you case referral chains -- handling recursive references
> safely in Exim's syntax would be highly awkward (as in, I wouldn't like
> to write such rules).
Oh yeah, like I said I was just playing... I wasn't planning to to
implement spf record validation in exim directly. Although, I am now
wondering if it could be done... Thank god I don't have enough spare
time to actually try. :)
Cheers,
Mark.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
