Le 30/09/2019 15:55, gil...@poolp.org a écrit :
Hello,
I'd like to bring native support for SPF in OpenSMTPD in a future
release,
but for this I need a bit of help to make sure my SPF resolver works
fine.
I have created a repository with a standalone executable that performs
the
SPF lookup and checks if an IP address is allowed to send on behalf of
the
sending domain:
https://github.com/poolpOrg/spf
https://github.com/poolpOrg/spf/blob/master/README.md
If you could test and report issues, it would be nice,
As much as I can understand it, recursion seem to not work.
Working example:
# dig -t TXT carnat.net
carnat.net. 14314 IN TXT "v=spf1 mx -all"
# ./spf carnat.net 108.61.176.54
checking if 108.61.176.54 can send for carnat.net: pass
# ./spf carnat.net 157.55.9.128
checking if 157.55.9.128 can send for carnat.net: fail
Not fully working example:
# dig -t TXT outlook.com
outlook.com. 600 IN TXT "v=spf1
include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25
include:spf.protection.outlook.com include:spf-a.hotmail.com
include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
# ./spf outlook.com 157.55.9.128
checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
EXISTS: 0
pass
# dig -t TXT spf-a.hotmail.com
spf-a.hotmail.com. 3600 IN TXT "v=spf1
ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25
ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26
ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24
ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all"
# ./spf outlook.com 65.54.190.5
checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail