September 30, 2019 4:51 PM, "Joel Carnat" <j...@carnat.net> wrote:
> Le 30/09/2019 15:55, gil...@poolp.org a écrit : > >> Hello, >> I'd like to bring native support for SPF in OpenSMTPD in a future > release, >> but for this I need a bit of help to make sure my SPF resolver works > fine. >> I have created a repository with a standalone executable that performs > the >> SPF lookup and checks if an IP address is allowed to send on behalf of > the >> sending domain: >> https://github.com/poolpOrg/spf >> https://github.com/poolpOrg/spf/blob/master/README.md >>> If you could test and report issues, it would be nice, > > As much as I can understand it, recursion seem to not work. > > Working example: > # dig -t TXT carnat.net > carnat.net. 14314 IN TXT "v=spf1 mx -all" > # ./spf carnat.net 108.61.176.54 > checking if 108.61.176.54 can send for carnat.net: pass > # ./spf carnat.net 157.55.9.128 > checking if 157.55.9.128 can send for carnat.net: fail > > Not fully working example: > # dig -t TXT outlook.com > outlook.com. 600 IN TXT "v=spf1 include:spf-a.outlook.com > include:spf-b.outlook.com > ip4:157.55.9.128/25 include:spf.protection.outlook.com > include:spf-a.hotmail.com > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all" > # ./spf outlook.com 157.55.9.128 > checking if 157.55.9.128 can send for outlook.com: EXISTS: 0 > EXISTS: 0 > pass > > # dig -t TXT spf-a.hotmail.com > spf-a.hotmail.com. 3600 IN TXT "v=spf1 ip4:157.55.0.192/26 > ip4:157.55.1.128/26 ip4:157.55.2.0/25 > ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 > ip4:65.55.116.0/25 > ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 > ~all" > # ./spf outlook.com 65.54.190.5 > checking if 65.54.190.5 can send for outlook.com: EXISTS: 0 > EXISTS: 0 > EXISTS: 0 > EXISTS: 0 > EXISTS: 0 > EXISTS: 0 > soft-fail I'll look into that, I thought I had handled this case already but I may have missed something
