September 30, 2019 4:51 PM, "Joel Carnat" <j...@carnat.net> wrote:

> Le 30/09/2019 15:55, gil...@poolp.org a écrit :
> 
>> Hello,
>> I'd like to bring native support for SPF in OpenSMTPD in a future > release,
>> but for this I need a bit of help to make sure my SPF resolver works > fine.
>> I have created a repository with a standalone executable that performs > the
>> SPF lookup and checks if an IP address is allowed to send on behalf of > the
>> sending domain:
>> https://github.com/poolpOrg/spf
>> https://github.com/poolpOrg/spf/blob/master/README.md
>>> If you could test and report issues, it would be nice,
> 
> As much as I can understand it, recursion seem to not work.
> 
> Working example:
> # dig -t TXT carnat.net
> carnat.net. 14314 IN TXT "v=spf1 mx -all"
> # ./spf carnat.net 108.61.176.54
> checking if 108.61.176.54 can send for carnat.net: pass
> # ./spf carnat.net 157.55.9.128
> checking if 157.55.9.128 can send for carnat.net: fail
> 
> Not fully working example:
> # dig -t TXT outlook.com
> outlook.com. 600 IN TXT "v=spf1 include:spf-a.outlook.com 
> include:spf-b.outlook.com
> ip4:157.55.9.128/25 include:spf.protection.outlook.com 
> include:spf-a.hotmail.com
> include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> # ./spf outlook.com 157.55.9.128
> checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
> EXISTS: 0
> pass
> 
> # dig -t TXT spf-a.hotmail.com
> spf-a.hotmail.com. 3600 IN TXT "v=spf1 ip4:157.55.0.192/26 
> ip4:157.55.1.128/26 ip4:157.55.2.0/25
> ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 
> ip4:65.55.116.0/25
> ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 
> ~all"
> # ./spf outlook.com 65.54.190.5
> checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> soft-fail

I'll look into that, I thought I had handled this case already but I may have 
missed something

Reply via email to