Le 30/09/2019 15:55, gil...@poolp.org a écrit :
Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future release, but for this I need a bit of help to make sure my SPF resolver works fine.

I have created a repository with a standalone executable that performs the SPF lookup and checks if an IP address is allowed to send on behalf of the
sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,

As much as I can understand it, recursion seem to not work.

Working example:
# dig -t TXT carnat.net
carnat.net.             14314   IN      TXT     "v=spf1 mx -all"
# ./spf carnat.net 108.61.176.54
checking if 108.61.176.54 can send for carnat.net: pass
# ./spf carnat.net 157.55.9.128
checking if 157.55.9.128 can send for carnat.net: fail

Not fully working example:
# dig -t TXT outlook.com
outlook.com. 600 IN TXT "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
# ./spf outlook.com 157.55.9.128
checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
EXISTS: 0
pass

# dig -t TXT spf-a.hotmail.com
spf-a.hotmail.com. 3600 IN TXT "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all"
# ./spf outlook.com 65.54.190.5
checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail

Reply via email to