Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Devel

Re: Which SPF implementation to choose?

 

 

SPF devel RSS feed   Index | Next | Previous | View Threaded


julian at mehnle

Aug 28, 2006, 3:39 PM

Post #1 of 1 (1172 views)
Permalink
Re: Which SPF implementation to choose?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote on spf-discuss:
> I added this test:
>
> tests:
> redirect-is-modifier:
> description: |-
> Invalid mechanism. Redirect is a modifier.
> spec: 4.6.1/4
> helo: mail.example.com
> host: 1.2.3.4
> mailfrom: foo [at] t8
> result: permerror
> zonedata:
> mail.example.com:
> - A: 1.2.3.4
> t8.example.com:
> - SPF: v=spf1 ip4:1.2.3.4 redirect:t2.example.com
>
> It is not clear which spec paragraph is being tested. Could also
> be 6/2, or maybe the list of defined mechanisms.

I think the primary spec reference should be 6.1/2 (the grammar definition
in 6.1), but I think 4.6.1/2 (not /4) could be listed as a secondary
reference.

(And, again, watch the indentation of the DNS records below the domains!
That of the "SPF" record is correct YAML, that of the "A" record isn't.
See my posting on spf-devel.)

> I think the spec should be able to list multiple paragraphs. Julian -
> what is the recommended YAML syntax? Should it be an explicit YAML list?
> Or just comma or space separate the string?

Yes, it's allowed to list multiple spec references. Explicit list syntax
is required, e.g.:

spec: [6.1/2, 4.6.1/2]

Omitting the brackets would make it a single, unstructured string.

> > test5.spam.co.nz it is an invalid netmask
>
> The RFC defines the CIDR as:
>
> ip4-cidr-length = "/" 1*DIGIT
>
> which certainly includes /0. It also includes /33, which will never
> match - or perhaps matches randomly :-). In any case, 0 is clearly
> allowed, as in ip4:0.0.0.0/0 - which is a synonym for all.

No, "ip4:0.0.0.0/0" is NOT a synonym for "all". It doesn't match IPv6
addresses (other than IPv4-mapped ones, i.e. ::ffff:n.n.n.n, which are
treated as IPv4 addresses, of course).

> Pyspf currently insists that CIDR be /1 - /32, and gives permerror
> for /0, /33, and /032. Unless someone wants to argue that pyspf
> behaviour is implied in the penumbras of the RFC (e.g. because
> ip4-network is spelled out that way), I maintain that pyspf is wrong.

Agreed. It may not be nice that leading zeroes are permitted, but they
undeniably are.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE83CLwL7PKlBZWjsRAoU+AKD236TQ+BLm1UYfPX4bJ8QyYbF7VQCg3Ri+
agtwamY/wuvSBt4PjQyJ/jM=
=+CqZ
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel [at] v2

SPF devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.