stuart at bmsi
Oct 6, 2006, 12:06 PM
Post #3 of 4
(1395 views)
Permalink
|
On Fri, 6 Oct 2006, Scott Kitterman wrote:
> On Friday 06 October 2006 14:17, Stuart D. Gathman wrote:
> > On Fri, 6 Oct 2006, Stuart D. Gathman wrote:
> > > tests:
> > > require-valid-helo:
> > > helo: OEMCOMPUTER
> > > host: 1.2.3.4
> > > mailfrom: test [at] example
> > > result: fail
> > > zonedata:
> > > example.com:
> > > - SPF: v=spf1 -include:_spfh.%{d} ip4:1.2.3.0/24 -all
> > > _spfh.example.com:
> > > - SPF: v=spf1 -a:%{h} +all
> >
> > For SPF3, I would like to see '!' negate the following mechanism.
> > This would remove the need for many includes used simply
> > to negate the logic (like the above). The above would simplify to:
> > SPF: v=spf1 -!a:%{h} ip4:1.2.3.0/24 -all
>
> It's not clear to me from your description what that would do. Would you
> please amplify?
For any mechanism, the '!' qualifier would negate the matching condition.
For instance, ip4:1.2.3.0/24 matches when the connect ip is in the
subnet 1.2.3.0/24. !ip4:1.2.3.0/24 matches when the connect ip is NOT
in the subnet 1.2.3.0/24. With v=spf1, this can be done via include.
But you only get 10 includes (if you use only ip4/ip6).
Fun project - accept an extended SPF language with features like
the above, and output an equivalent v=spf1 policy (with mind boggling
reversed includes).
--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel [at] v2
|
