On Wed, 15 Jul 2015, @lbutlr wrote:
On Jul 15, 2015, at 6:53 PM, Jeremiah Rothschild <jerem...@franz.com> wrote:
On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
running SA 3.3.1-3. Upon funneling a message through SA, however, this is
what is occurring:
Jul 15 15:05:10.366 [7318] dbg: spf: checking HELO (helo=1.2.3.4,
ip=5.6.7.8)
Jul 15 15:05:10.366 [7318] dbg: spf: cannot check HELO of '1.2.3.4', skipping
Any ideas on why the SPF plugin is not functioning as expected?
Are you literally giving a HELO name of '1.2.3.4' or is that redaction-bait?
That '1.2.3.4' looks like a IPv4 address, not a FQDN host name.
HELO should be a host FQDN, not IP address.
Ah. I didn't realize HELO had to be FQDN. Nice catch, David. Thanks!
HELO does not have to be a FQDN, an IP is acceptable.
o The domain name given in the EHLO command MUST be either a primary
host name (a domain name that resolves to an address RR) or, if
the host has no name, an address literal, as described in
Section 4.1.3 and discussed further in the EHLO discussion of
Section 4.1.4.
OK,
as far as SMTP is concerned (you're quoting one of the SMTP RFCs there), you can
use an address literal for HELO but for SPF it needs to be something that has
DNS zone entries so you can put TXT records in it.
Kind'a hard to add TXT records to the .in-addr.arpa zone. Maybe it's possible
but I've never seen it.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
