Mailing List Archive

On Friday 06 October 2006 14:17, Stuart D. Gathman wrote:
> On Fri, 6 Oct 2006, Stuart D. Gathman wrote:
> > tests:
> > require-valid-helo:
> > helo: OEMCOMPUTER
> > host: 1.2.3.4
> > mailfrom: test@example.com
> > result: fail
> > zonedata:
> > example.com:
> > - SPF: v=spf1 -include:_spfh.%{d} ip4:1.2.3.0/24 -all
> > _spfh.example.com:
> > - SPF: v=spf1 -a:%{h} +all
>
> For SPF3, I would like to see '!' negate the following mechanism.
> This would remove the need for many includes used simply
> to negate the logic (like the above). The above would simplify to:
> SPF: v=spf1 -!a:%{h} ip4:1.2.3.0/24 -all

It's not clear to me from your description what that would do. Would you
please amplify?

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Fri, 6 Oct 2006, Scott Kitterman wrote:

> On Friday 06 October 2006 14:17, Stuart D. Gathman wrote:
> > On Fri, 6 Oct 2006, Stuart D. Gathman wrote:
> > > tests:
> > > require-valid-helo:
> > > helo: OEMCOMPUTER
> > > host: 1.2.3.4
> > > mailfrom: test@example.com
> > > result: fail
> > > zonedata:
> > > example.com:
> > > - SPF: v=spf1 -include:_spfh.%{d} ip4:1.2.3.0/24 -all
> > > _spfh.example.com:
> > > - SPF: v=spf1 -a:%{h} +all
> >
> > For SPF3, I would like to see '!' negate the following mechanism.
> > This would remove the need for many includes used simply
> > to negate the logic (like the above). The above would simplify to:
> > SPF: v=spf1 -!a:%{h} ip4:1.2.3.0/24 -all
>
> It's not clear to me from your description what that would do. Would you
> please amplify?

For any mechanism, the '!' qualifier would negate the matching condition.
For instance, ip4:1.2.3.0/24 matches when the connect ip is in the
subnet 1.2.3.0/24. !ip4:1.2.3.0/24 matches when the connect ip is NOT
in the subnet 1.2.3.0/24. With v=spf1, this can be done via include.
But you only get 10 includes (if you use only ip4/ip6).

Fun project - accept an extended SPF language with features like
the above, and output an equivalent v=spf1 policy (with mind boggling
reversed includes).

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote:
> For SPF3, I would like to see '!' negate the following mechanism.
> This would remove the need for many includes used simply
> to negate the logic (like the above). The above would simplify to:
> SPF: v=spf1 -!a:%{h} ip4:1.2.3.0/24 -all

That's an excellent idea.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFW0zNwL7PKlBZWjsRAs7mAJoCWkZpLcMF7tDPCUiuueRcA7K31QCghBy4
YTsJA5pgxAMVbTB/xIoNfr0=
=oYqT
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1007