Re: spf walk: lookup aaaa records with "a" mechanism

[Todd T. Fries]

In principal I like this.

In practice, I note something is missing.  I get a different output:

$ echo netsend.nl | smtpctl spf walk
32.1.9.129
32.1.9.132
80.127.98.234
80.127.135.115

I also note the dns is being requested, as per below, just not printed for some 
reason.

09:42:12.175535 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 70: 192.168.1.85.11695 
> 8.8.8.8.53: [udp sum ok] 49902+ TXT? netsend.nl.(28) (ttl 64, id 37703, len 
56)
09:42:12.504853 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 112: 8.8.8.8.53 > 
192.168.1.85.11695: [udp sum ok] 49902 1/0/0 netsend.nl. TXT "v=spf1 
a:smtp.netsend.nl -all[|domain] (ttl 119, id 12691, len 98)
09:42:12.505483 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.45977 
> 8.8.8.8.53: [udp sum ok] 37034+ A? smtp.netsend.nl.(33) (ttl 64, id 19808, 
len 61)
09:42:12.505526 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.31571 
> 8.8.8.8.53: [udp sum ok] 58052+ ? smtp.netsend.nl.(33) (ttl 64, id 22845, 
len 61)
09:42:12.668825 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 131: 8.8.8.8.53 > 
192.168.1.85.31571: [udp sum ok] 58052 2/0/0 smtp.netsend.nl.  
2001:981:8a34:1:80:127:135:115, smtp.netsend.nl.  
2001:984:6a6f:1:468a:5bff:fed9:87(89) (ttl 119, id 58881, len 117)
09:42:12.748121 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 107: 8.8.8.8.53 > 
192.168.1.85.45977: [udp sum ok] 37034 2/0/0 smtp.netsend.nl. A 80.127.98.234, 
smtp.netsend.nl. A 80.127.135.115(65) (ttl 56, id 60155, len 93)

Thanks,

Penned by Tim Kuijsten on 20181014 18:08.06, we have:
| Hi,
| 
| When the "a" designated sender mechanism is used in an spf txt record, both
| v4 and v6 addresses are matched according to [1], so let `smtpctl spf walk`
| resolve both A and  records.
| 
| Current output:
| $ echo netsend.nl | smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
| 
| Expected output:
| $ echo netsend.nl | ./smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
| 2001:981:8a34:1:80:127:135:115
| 2001:984:6a6f:1:468a:5bff:fed9:87
| 
| -Tim
| 
| [1] https://tools.ietf.org/html/rfc7208#section-5.3

| diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
| index c4ce2e3d891..22b057963f9 100644
| --- a/usr.sbin/smtpd/spfwalk.c
| +++ b/usr.sbin/smtpd/spfwalk.c
| @@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
|   }
|   if (strncasecmp("a:", *ap, 2) == 0) {
|   lookup_record(T_A, *(ap) + 2, dispatch_a);
| + lookup_record(T_, *(ap) + 2, dispatch_);
|   continue;
|   }
|   if (strncasecmp("exists:", *ap, 7) == 0) {


-- 
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries

Re: spf walk: lookup aaaa records with "a" mechanism

[Gilles Chehade]

On Mon, Oct 15, 2018 at 01:08:06AM +0200, Tim Kuijsten wrote:
> Hi,
> 

Hi,


> When the "a" designated sender mechanism is used in an spf txt record, both
> v4 and v6 addresses are matched according to [1], so let `smtpctl spf walk`
> resolve both A and  records.
> 
> [...]
>
> -Tim
> 
> [1] https://tools.ietf.org/html/rfc7208#section-5.3

Correct, unfortunately this comes slightly too late for 6.4

Thanks for your diff


> diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
> index c4ce2e3d891..22b057963f9 100644
> --- a/usr.sbin/smtpd/spfwalk.c
> +++ b/usr.sbin/smtpd/spfwalk.c
> @@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
>   }
>   if (strncasecmp("a:", *ap, 2) == 0) {
>   lookup_record(T_A, *(ap) + 2, dispatch_a);
> + lookup_record(T_, *(ap) + 2, dispatch_);
>   continue;
>   }
>   if (strncasecmp("exists:", *ap, 7) == 0) {


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

spf walk: lookup aaaa records with "a" mechanism

[Tim Kuijsten]

Hi,

When the "a" designated sender mechanism is used in an spf txt record, 
both v4 and v6 addresses are matched according to [1], so let `smtpctl 
spf walk` resolve both A and  records.


Current output:
$ echo netsend.nl | smtpctl spf walk
80.127.135.115
80.127.98.234

Expected output:
$ echo netsend.nl | ./smtpctl spf walk
80.127.135.115
80.127.98.234
2001:981:8a34:1:80:127:135:115
2001:984:6a6f:1:468a:5bff:fed9:87

-Tim

[1] https://tools.ietf.org/html/rfc7208#section-5.3
diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
index c4ce2e3d891..22b057963f9 100644
--- a/usr.sbin/smtpd/spfwalk.c
+++ b/usr.sbin/smtpd/spfwalk.c
@@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
}
if (strncasecmp("a:", *ap, 2) == 0) {
lookup_record(T_A, *(ap) + 2, dispatch_a);
+   lookup_record(T_, *(ap) + 2, dispatch_);
continue;
}
if (strncasecmp("exists:", *ap, 7) == 0) {