Re: need help

2019-09-30 Thread gilles
September 30, 2019 4:25 PM, "Denis Fondras"  wrote:

> On Mon, Sep 30, 2019 at 01:55:28PM +, gil...@poolp.org wrote:
> 
>> Hello,
>> 
>> I'd like to bring native support for SPF in OpenSMTPD in a future release,
>> but for this I need a bit of help to make sure my SPF resolver works fine.
>> 
>> I have created a repository with a standalone executable that performs the
>> SPF lookup and checks if an IP address is allowed to send on behalf of the
>> sending domain:
>> 
>> https://github.com/poolpOrg/spf
>> 
>> https://github.com/poolpOrg/spf/blob/master/README.md
>> 
>> If you could test and report issues, it would be nice,
> 
> It seems IPv6 check is broken :
> 
> $ dig ledeuns.net TXT +short
> "v=spf1 ip4:185.22.129.11 ip6:2a00:6060:1::1 ip6:2a00:6060:::1005:ff02 
> -all"
> 
> $ ./spf ledeuns.net 185.22.129.1
> checking if 185.22.129.1 can send for ledeuns.net: fail
> $ ./spf ledeuns.net 185.22.129.11
> checking if 185.22.129.11 can send for ledeuns.net: pass
> $ ./spf ledeuns.net 2a00:6060:1::1
> checking if 2a00:6060:1::1 can send for ledeuns.net: fail


will fix that, thanks



Re: need help

2019-09-30 Thread gilles
September 30, 2019 4:51 PM, "Joel Carnat"  wrote:

> Le 30/09/2019 15:55, gil...@poolp.org a écrit :
> 
>> Hello,
>> I'd like to bring native support for SPF in OpenSMTPD in a future > release,
>> but for this I need a bit of help to make sure my SPF resolver works > fine.
>> I have created a repository with a standalone executable that performs > the
>> SPF lookup and checks if an IP address is allowed to send on behalf of > the
>> sending domain:
>> https://github.com/poolpOrg/spf
>> https://github.com/poolpOrg/spf/blob/master/README.md
>>> If you could test and report issues, it would be nice,
> 
> As much as I can understand it, recursion seem to not work.
> 
> Working example:
> # dig -t TXT carnat.net
> carnat.net. 14314 IN TXT "v=spf1 mx -all"
> # ./spf carnat.net 108.61.176.54
> checking if 108.61.176.54 can send for carnat.net: pass
> # ./spf carnat.net 157.55.9.128
> checking if 157.55.9.128 can send for carnat.net: fail
> 
> Not fully working example:
> # dig -t TXT outlook.com
> outlook.com. 600 IN TXT "v=spf1 include:spf-a.outlook.com 
> include:spf-b.outlook.com
> ip4:157.55.9.128/25 include:spf.protection.outlook.com 
> include:spf-a.hotmail.com
> include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> # ./spf outlook.com 157.55.9.128
> checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
> EXISTS: 0
> pass
> 
> # dig -t TXT spf-a.hotmail.com
> spf-a.hotmail.com. 3600 IN TXT "v=spf1 ip4:157.55.0.192/26 
> ip4:157.55.1.128/26 ip4:157.55.2.0/25
> ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 
> ip4:65.55.116.0/25
> ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 
> ~all"
> # ./spf outlook.com 65.54.190.5
> checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> soft-fail

I'll look into that, I thought I had handled this case already but I may have 
missed something



Re: need help

2019-09-30 Thread gilles
I'll investigate that, but spfwalk isn't a real SPF resolver and may
yield incorrect results, it just helps a bit.


September 30, 2019 4:27 PM, "Nick Ryan"  wrote:

> Seems to work fine for some hosts but not gmail.com or outlook.com
> 
> mail3$ smtpctl spf walk < 1 (this is gmail.com)
> 35.190.247.0/24
> 64.233.160.0/19
> 
> mail3$ ./spf gmail.com 35.190.247.3 <- in the output of spfwalk
> checking if 35.190.247.3 can send for gmail.com: EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> soft-fail
> 
> mail3$ ./spf gmail.com 185.185.185.185 <- made up address
> checking if 185.185.185.185 can send for gmail.com: EXISTS: 0
> EXISTS: 0
> EXISTS: 0
> soft-fail
> 
> mail3$ ./spf poolp.org 45.76.46.201
> checking if 45.76.46.201 can send for poolp.org: pass
> mail3$ ./spf poolp.org 45.76.46.202
> checking if 45.76.46.202 can send for poolp.org: fail
> 
> Regards - Nick
> 
> On 30/09/2019 14:55, gil...@poolp.org wrote:
> 
>> Hello,
>> I'd like to bring native support for SPF in OpenSMTPD in a future > release,
>> but for this I need a bit of help to make sure my SPF resolver works > fine.
>> I have created a repository with a standalone executable that performs > the
>> SPF lookup and checks if an IP address is allowed to send on behalf of > the
>> sending domain:
>> https://github.com/poolpOrg/spf
>> https://github.com/poolpOrg/spf/blob/master/README.md
>>> If you could test and report issues, it would be nice,



Re: need help

2019-09-30 Thread gilles
yup

September 30, 2019 4:23 PM, "Chris Bennett"  
wrote:

> ./spf no-seas-necio.ninja 162.255.139.10: pass
> ./spf no-seas-necio.ninja 162.255.139.11: soft-fail
> 
> Which matches my spf entry. v=spf1 mx ~all.
> Is that the correct response?
> 
> Chris Bennett



Re: need help

2019-09-30 Thread gilles
yes, this is debug code which i don't  want to spend time making portable ;-)


September 30, 2019 4:10 PM, "Reio Remma"  wrote:

> On 30/09/2019 16:55, gil...@poolp.org wrote:
> 
>> Hello,
>> 
>> I'd like to bring native support for SPF in OpenSMTPD in a future release,
>> but for this I need a bit of help to make sure my SPF resolver works fine.
>> 
>> I have created a repository with a standalone executable that performs the
>> SPF lookup and checks if an IP address is allowed to send on behalf of the
>> sending domain:
>> 
>> https://github.com/poolpOrg/spf
>> 
>> https://github.com/poolpOrg/spf/blob/master/README.md
>> 
>> If you could test and report issues, it would be nice,
> 
> Is it OpenBSD only atm?
> 
> On CentOS 7:
> 
> $ make
> Makefile:26: *** missing separator.  Stop.
> 
> Reio



Re: need help

2019-09-30 Thread Denis Fondras
On Mon, Sep 30, 2019 at 01:55:28PM +, gil...@poolp.org wrote:
> Hello,
> 
> I'd like to bring native support for SPF in OpenSMTPD in a future release,
> but for this I need a bit of help to make sure my SPF resolver works fine.
> 
> I have created a repository with a standalone executable that performs the
> SPF lookup and checks if an IP address is allowed to send on behalf of the
> sending domain:
> 
> https://github.com/poolpOrg/spf
> 
> https://github.com/poolpOrg/spf/blob/master/README.md
> 
> 
> If you could test and report issues, it would be nice,
> 

It seems IPv6 check is broken :

$ dig  ledeuns.net TXT +short
"v=spf1 ip4:185.22.129.11 ip6:2a00:6060:1::1 ip6:2a00:6060:::1005:ff02 -all"

$ ./spf ledeuns.net 185.22.129.1
checking if 185.22.129.1 can send for ledeuns.net: fail
$ ./spf ledeuns.net 185.22.129.11
checking if 185.22.129.11 can send for ledeuns.net: pass
$ ./spf ledeuns.net 2a00:6060:1::1
checking if 2a00:6060:1::1 can send for ledeuns.net: fail



Re: need help

2019-09-30 Thread Joel Carnat

Le 30/09/2019 15:55, gil...@poolp.org a écrit :

Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future 
release,
but for this I need a bit of help to make sure my SPF resolver works 
fine.


I have created a repository with a standalone executable that performs 
the
SPF lookup and checks if an IP address is allowed to send on behalf of 
the

sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,


As much as I can understand it, recursion seem to not work.

Working example:
# dig -t TXT carnat.net
carnat.net. 14314   IN  TXT "v=spf1 mx -all"
# ./spf carnat.net 108.61.176.54
checking if 108.61.176.54 can send for carnat.net: pass
# ./spf carnat.net 157.55.9.128
checking if 157.55.9.128 can send for carnat.net: fail

Not fully working example:
# dig -t TXT outlook.com
outlook.com.600 IN  TXT "v=spf1 
include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 
include:spf.protection.outlook.com include:spf-a.hotmail.com 
include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"

# ./spf outlook.com 157.55.9.128
checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
EXISTS: 0
pass

# dig -t TXT spf-a.hotmail.com
spf-a.hotmail.com.  3600IN  TXT "v=spf1 
ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 
ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 
ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 
ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all"

# ./spf outlook.com 65.54.190.5
checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail



Re: need help

2019-09-30 Thread Nick Ryan

Seems to work fine for some hosts but not gmail.com or outlook.com

mail3$ smtpctl spf walk < 1   (this is gmail.com)
35.190.247.0/24
64.233.160.0/19

mail3$ ./spf gmail.com 35.190.247.3   <- in the output of spfwalk
checking if 35.190.247.3 can send for gmail.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail

mail3$ ./spf gmail.com 185.185.185.185 <- made up address
checking if 185.185.185.185 can send for gmail.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail

mail3$ ./spf poolp.org 45.76.46.201
checking if 45.76.46.201 can send for poolp.org: pass
mail3$ ./spf poolp.org 45.76.46.202
checking if 45.76.46.202 can send for poolp.org: fail

Regards - Nick

On 30/09/2019 14:55, gil...@poolp.org wrote:

Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future 
release,
but for this I need a bit of help to make sure my SPF resolver works 
fine.


I have created a repository with a standalone executable that performs 
the
SPF lookup and checks if an IP address is allowed to send on behalf of 
the

sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,




Re: need help

2019-09-30 Thread Chris Bennett
./spf no-seas-necio.ninja 162.255.139.10: pass
./spf no-seas-necio.ninja 162.255.139.11: soft-fail

Which matches my spf entry. v=spf1 mx ~all.
Is that the correct response?

Chris Bennett





Re: need help

2019-09-30 Thread Edgar Pettijohn

On Sep 30, 2019 9:10 AM, Reio Remma  wrote:
>
> On 30/09/2019 16:55, gil...@poolp.org wrote:
> > Hello,
> >
> > I'd like to bring native support for SPF in OpenSMTPD in a future release,
> > but for this I need a bit of help to make sure my SPF resolver works fine.
> >
> > I have created a repository with a standalone executable that performs the
> > SPF lookup and checks if an IP address is allowed to send on behalf of the
> > sending domain:
> >
> > https://github.com/poolpOrg/spf
> >
> > https://github.com/poolpOrg/spf/blob/master/README.md
> >
> >
> > If you could test and report issues, it would be nice,
> >
>
> Is it OpenBSD only atm?
>
> On CentOS 7:
>
> $ make
> Makefile:26: *** missing separator.  Stop.
>
> Reio
>
>

Looking at the makefile. My guess is yes, but you could try bmake and see if it 
gets further.

Edgar

Re: need help

2019-09-30 Thread Reio Remma

On 30/09/2019 16:55, gil...@poolp.org wrote:

Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future release,
but for this I need a bit of help to make sure my SPF resolver works fine.

I have created a repository with a standalone executable that performs the
SPF lookup and checks if an IP address is allowed to send on behalf of the
sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,



Is it OpenBSD only atm?

On CentOS 7:

$ make
Makefile:26: *** missing separator.  Stop.

Reio




need help

2019-09-30 Thread gilles
Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future release,
but for this I need a bit of help to make sure my SPF resolver works fine.

I have created a repository with a standalone executable that performs the
SPF lookup and checks if an IP address is allowed to send on behalf of the
sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,