On Fri, 2021-03-19 at 11:46 +0100, Peter N. M. Hansteen wrote:
> Watching indly while I run the script that refreshes my nospamd data[1] I see
> several occurences of messages like
>
>
> processing verticalresponse.com
> smtpctl: lookup_record: %{i}._spf.mta.salesforce.com contains macros and
> can't be resolved
>
> digging through the dig $domain txt output turns up the salesforce.com record
> is
>
> _spf.salesforce.com. 3512 IN TXT "v=spf1
> exists:%{i}._spf.mta.salesforce.com -all"
>
> is there a way to shoehorn this into something useful in our context?
I don't see how this can be done in a sane way, since the content of
the macro's isn't know at the time of resolving via spf walk.
In this particular case we would have to walk over every single ipv4
and ipv6 ip-address in existence and paste it before
_spf.mta.salesforce.com in order to know which hosts are allowed to
mail from spf.salesforce.com. Not something that's very likely.
*Maybe* there could be some option where we could add something like
`smtpctl spf walk -i 127.0.0.1 verticalresponse.com`, but I guess
that would not be a useful option for you, since you want to know
which hosts are allowed to begin with.
martijn@
>
> All the best,
> Peter
>
> [1] Described in
> https://bsdly.blogspot.com/2018/11/goodness-enumerated-by-robots-or.html
>
