Hi. Mail Avenger (www.mailavenger.org) is an MTA-independent SMTP
server that supports SPF.
It also allows the dynamic construction of SPF records in policy
scripts--essentially exposing SPF
to users as a query language.
I'd like to validate the SPF implementation. I've been looking at the
tests on http://www.midwestcs.com/spf/tests/, but I'm not exactly sure
how to understand the
format of those test files. For example, the same test sometimes
seems to have multiple
results:
spfquery -ip=192.0.2.33 -sender=20.spf1-test.mailzone.com
-helo=20.spf1-test.mailzone.com -rcpt-to="foo@spf1-test.mailzone.com"
result /.*/ pass,pass
spfquery -ip=192.0.2.33 -sender=20.spf1-test.mailzone.com
-helo=20.spf1-test.mailzone.com -rcpt-to="foo@bar.com"
result /.*/ fail,fail
My implementation returns fail, for reasons detailed below. The
difference between the
two tests seems to be the rcpt-to recipient. Why should that even
matter? Searching the
madrid draft, the words "recipient" and "rcpt" never even appear, so I
don't see why that
should affect the results. Obviously there's something I don't
understand about the test
data format.
Anyway, I'm wondering what the best approach is to testing data.
Also, there are a few
examples where my implementation differs from the test suite. I'll
include some examples
below. I'd appreciate any advice on how to test this stuff.
Thanks,
David
FAIL: 127.0.0.1 localhost.localdomain localhost.localdomain
expected pass
got >>>none: 127.0.0.1 localhost.localdomain localhost.localdomain
FAIL: 127.1.2.3 my.domain my.domain
expected pass
got >>>none: 127.1.2.3 my.domain my.domain
Should arguably be "fail" with reason of "Domain Does Not Exist" (not
sure from madrid draft if this is right--what do people think?), but
how would you get pass?
FAIL: 192.0.2.1 05.spf1-test.mailzone.com 05.spf1-test.mailzone.com
expected fail
got >>>neutral: 192.0.2.1 05.spf1-test.mailzone.com
05.spf1-test.mailzone.com
The TXT record here is: "v=spf1 default=deny". The madrid draft says
"There is also one deprecated modifier: "default". Implementations
MUST ignore it." Therefore, I conclude this should fall off the end
and be neutral.
FAIL: 192.0.2.33 20.spf1-test.mailzone.com 20.spf1-test.mailzone.com
expected pass
got >>>fail: 192.0.2.33 20.spf1-test.mailzone.com
20.spf1-test.mailzone.com
The SPF record is "v=spf1 a -all". The domain is
20.spf1-test.mailzone.com, which has A record:
20.spf1-test.mailzone.com. 60 IN A 192.0.2.120
This doesn't match the test IP address. Therefore, I conclude the
result should be fail.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
server that supports SPF.
It also allows the dynamic construction of SPF records in policy
scripts--essentially exposing SPF
to users as a query language.
I'd like to validate the SPF implementation. I've been looking at the
tests on http://www.midwestcs.com/spf/tests/, but I'm not exactly sure
how to understand the
format of those test files. For example, the same test sometimes
seems to have multiple
results:
spfquery -ip=192.0.2.33 -sender=20.spf1-test.mailzone.com
-helo=20.spf1-test.mailzone.com -rcpt-to="foo@spf1-test.mailzone.com"
result /.*/ pass,pass
spfquery -ip=192.0.2.33 -sender=20.spf1-test.mailzone.com
-helo=20.spf1-test.mailzone.com -rcpt-to="foo@bar.com"
result /.*/ fail,fail
My implementation returns fail, for reasons detailed below. The
difference between the
two tests seems to be the rcpt-to recipient. Why should that even
matter? Searching the
madrid draft, the words "recipient" and "rcpt" never even appear, so I
don't see why that
should affect the results. Obviously there's something I don't
understand about the test
data format.
Anyway, I'm wondering what the best approach is to testing data.
Also, there are a few
examples where my implementation differs from the test suite. I'll
include some examples
below. I'd appreciate any advice on how to test this stuff.
Thanks,
David
FAIL: 127.0.0.1 localhost.localdomain localhost.localdomain
expected pass
got >>>none: 127.0.0.1 localhost.localdomain localhost.localdomain
FAIL: 127.1.2.3 my.domain my.domain
expected pass
got >>>none: 127.1.2.3 my.domain my.domain
Should arguably be "fail" with reason of "Domain Does Not Exist" (not
sure from madrid draft if this is right--what do people think?), but
how would you get pass?
FAIL: 192.0.2.1 05.spf1-test.mailzone.com 05.spf1-test.mailzone.com
expected fail
got >>>neutral: 192.0.2.1 05.spf1-test.mailzone.com
05.spf1-test.mailzone.com
The TXT record here is: "v=spf1 default=deny". The madrid draft says
"There is also one deprecated modifier: "default". Implementations
MUST ignore it." Therefore, I conclude this should fall off the end
and be neutral.
FAIL: 192.0.2.33 20.spf1-test.mailzone.com 20.spf1-test.mailzone.com
expected pass
got >>>fail: 192.0.2.33 20.spf1-test.mailzone.com
20.spf1-test.mailzone.com
The SPF record is "v=spf1 a -all". The domain is
20.spf1-test.mailzone.com, which has A record:
20.spf1-test.mailzone.com. 60 IN A 192.0.2.120
This doesn't match the test IP address. Therefore, I conclude the
result should be fail.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com