Mailing List Archive

----- Original Message -----
From: <philip-spf@gladstonefamily.net>
To: <spf-devel@v2.listbox.com>
Sent: Wednesday, January 21, 2004 4:15 AM
Subject: [spf-devel] Changes for Mail::SPQ::Query 1.98

Philip,

I stumbled on another small bug; or is it a feature? :)

I applied your latest patch, and made an SPF query, using the following set:

ip => '209.6.17.217',
sender => 'admin@asarian-host.com',
helo => 'asarian-host.com',
debug => 1,
trusted => 0

(mind you, in this Vmware test environment, I published a local "+mx -all"
record for asarian-host.com). The result, as expected, is a 'fail'

---------------------------------------------

| asarian-host.com new: ipv4=209.6.17.217,
sender@˜Ê¡Ëè?Öž—Å`ˆÜ¸Ó, helo=asarian-host.com
| admin asarian-host.com localpart is admin
| admin asarian-host.com DirectiveSet->new(): doing TXT query on
asarian-host.com
| admin asarian-host.com myquery: doing TXT query on
asarian-host.com
| admin asarian-host.com DirectiveSet->new(): SPF policy: +mx -all
report=abuse
| admin asarian-host.com lookup: TXT +mx -all report=abuse
| admin asarian-host.com lookup: TXT prefix=+, lhs=mx, rhs=
| admin asarian-host.com lookup: TXT prefix=-, lhs=all, rhs=
| admin asarian-host.com lookup: mec mechanisms=+mx() -all()
| admin asarian-host.com evaluate_mechanism: +mx() for
domain=asarian-host.com
| admin asarian-host.com myquery: doing MX query on
asarian-host.com
| admin asarian-host.com myquery: doing A query on
anonymizer.asarian-host.net
| admin asarian-host.com myquery: doing A query on
mail.asarian-host.net
| admin asarian-host.com evaluate_mechanism: +mx() returned
| admin asarian-host.com evaluate_mechanism: -all() for
domain=asarian-host.com
| admin asarian-host.com evaluate_mechanism: -all() returned hit
| admin asarian-host.com saving result fail to cache point and
returning.
| admin asarian-host.com macro_substitute_item: S: field=S, num=,
reverse=, delim=., newval=admin%40asarian-host.com
| admin asarian-host.com macro_substitute_item: I: field=I, num=,
reverse=, delim=., newval=209.6.17.217
| admin asarian-host.com macro_substitute:
http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=asarian-host.net ->
http://spf.pobox.com/why.html?sender=admin%40asarian-host.com&ip=209.6.17.217&receiver=asarian-host.net

fail, please see
http://spf.pobox.com/why.html?sender=admin%40asarian-host.com&ip=209.6.17.217&receiver=asarian-host.net,
asarian-host.net: domain of admin@asarian-host.com does not designate
209.6.17.217 as permitted sender

---------------------------------------------

When I enable the new "trusted" parameter, the result is unexpected:

ip => '209.6.17.217',
sender => 'admin@asarian-host.com',
helo => 'asarian-host.com',
debug => 1,
trusted => 1

---------------------------------------------

| asarian-host.com new: ipv4=209.6.17.217,
sender@˜Ê¡Ëè?Öž—Å`ˆÜ¸Ó, helo=asarian-host.com
| admin asarian-host.com localpart is admin
| admin asarian-host.com DirectiveSet->new(): doing TXT query on
asarian-host.com
| admin asarian-host.com myquery: doing TXT query on
asarian-host.com
| admin asarian-host.com DirectiveSet->new(): SPF policy: +mx -all
report=abuse
| admin asarian-host.com lookup: TXT +mx -all report=abuse
| admin asarian-host.com lookup: TXT prefix=+, lhs=mx, rhs=
| admin asarian-host.com lookup: TXT prefix=-, lhs=all, rhs=
| admin asarian-host.com locating place to insert local policy
mechanisms=+mx() -all()
| admin asarian-host.com DirectiveSet->new(): SPF policy: v=spf1
include:spf.trusted-forwarder.org ?all
| admin asarian-host.com lookup: TXT v=spf1
include:spf.trusted-forwarder.org ?all
| admin asarian-host.com lookup: TXT version=spf1
| admin asarian-host.com lookup: TXT prefix=+, lhs=include,
rhs=spf.trusted-forwarder.org
| admin asarian-host.com lookup: TXT prefix=?, lhs=all, rhs=
| admin asarian-host.com lookup: mec
mechanisms=+include(spf.trusted-forwarder.org) ?all()
| admin asarian-host.com lookup: mec mechanisms=+mx()
+include(spf.trusted-forwarder.org) -all()
| admin asarian-host.com evaluate_mechanism: +mx() for
domain=asarian-host.com
| admin asarian-host.com myquery: doing MX query on
asarian-host.com
| admin asarian-host.com myquery: doing A query on
anonymizer.asarian-host.net
| admin asarian-host.com myquery: doing A query on
mail.asarian-host.net
| admin asarian-host.com evaluate_mechanism: +mx() returned
| admin asarian-host.com evaluate_mechanism:
+include(spf.trusted-forwarder.org) for domain=asarian-host.com
| admin asarian-host.com mechanism include: recursing into
spf.trusted-forwarder.org
| admin asarian-host.com clone: new object:
|| admin spf.trusted-forwarder.org clone: local =
include:spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org clone: res =
Net::DNS::Resolver=HASH(0x81a3580)
|| admin spf.trusted-forwarder.org clone: domain =
spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org clone: myhostname =
asarian-host.net
|| admin spf.trusted-forwarder.org clone: debug = 1
|| admin spf.trusted-forwarder.org clone: lookup_count = 1
|| admin spf.trusted-forwarder.org clone: helo =
asarian-host.com
|| admin spf.trusted-forwarder.org clone: parent =
Mail::SPF::Query=HASH(0x8128974)
|| admin spf.trusted-forwarder.org clone: localpart = admin
|| admin spf.trusted-forwarder.org clone: ipv4 =
209.6.17.217
|| admin spf.trusted-forwarder.org clone: directive_set =
DirectiveSet=HASH(0x81a78b4)
|| admin spf.trusted-forwarder.org clone: trusted = 1
|| admin spf.trusted-forwarder.org clone: depth = 1
|| admin spf.trusted-forwarder.org clone: orig_domain =
asarian-host.com
|| admin spf.trusted-forwarder.org clone: Reversed_IP =
217.17.6.209
|| admin spf.trusted-forwarder.org clone: spf_source = local
policy
|| admin spf.trusted-forwarder.org clone: sender =
admin@asarian-host.com
|| admin spf.trusted-forwarder.org clone: loop_report =
ARRAY(0x81afaac)
|| admin spf.trusted-forwarder.org DirectiveSet->new(): doing TXT
query on spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing TXT query on
spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org DirectiveSet->new(): SPF policy:
exists:%{ir}.wl.trusted-forwarder.org exists:%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT
exists:%{ir}.wl.trusted-forwarder.org exists:%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT prefix=+,
lhs=exists, rhs=%{ir}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT prefix=+,
lhs=exists, rhs=%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: mec
mechanisms=+exists(%{ir}.wl.trusted-forwarder.org)
+exists(%{p}.wl.trusted-forwarder.org)
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{ir}.wl.trusted-forwarder.org) for domain=spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org macro_substitute_item: ir:
field=i, num=, reverse=r, delim=., newval=217.17.6.209
|| admin spf.trusted-forwarder.org macro_substitute:
%{ir}.wl.trusted-forwarder.org -> 217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org mechanism exists: looking up
217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing A query on
217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery:
217.17.6.209.wl.trusted-forwarder.org A failed: NXDOMAIN.
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{ir}.wl.trusted-forwarder.org) returned
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{p}.wl.trusted-forwarder.org) for domain=spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing PTR query on
217.17.6.209.in-addr.arpa
|| admin spf.trusted-forwarder.org get_ptr_domain: 209.6.17.217 is
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org get_ptr_domain: checking hostname
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com for legitimacy.
|| admin spf.trusted-forwarder.org myquery: doing A query on
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org get_ptr_domain: hostname
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com -> 209.6.17.217
|| admin spf.trusted-forwarder.org macro_substitute_item: p:
field=p, num=, reverse=, delim=.,
newval=209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org macro_substitute:
%{p}.wl.trusted-forwarder.org ->
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org mechanism exists: looking up
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing A query on
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery:
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
A failed: NXDOMAIN.
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{p}.wl.trusted-forwarder.org) returned
|| admin spf.trusted-forwarder.org mechanisms returned unknown;
deleting cache point and using unknown
| admin asarian-host.com mechanism include: got back result unknown
/ /
| admin asarian-host.com evaluate_mechanism:
+include(spf.trusted-forwarder.org) returned UNKNOWN
| admin asarian-host.com saving result UNKNOWN to cache point and
returning.

unknown, , asarian-host.net: unable to determine SPF status for
admin@asarian-host.com

---------------------------------------------

This is unexpected; and, imho, unwanted; the result should still be 'fail'
when the 'trusted' mech did not yield a 'pass'. Or, rather, if the 'trusted'
mech did not explicitely say 'pass', SPF Query should preserve the
pre-trusted result, in this case 'fail'.

Or am I missing something?

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

It turns out that there is a problem in include processing in 1.98. I've
fixed this problem.

I've updated the patch at http://pond.gladstonefamily.net/msq-1.98.pf

It contains the following changes:

* Addition of trusted, local, guess parameters on object creation. This
integrates trusted_forwarder and best_guess and regular SPF lookup into
a single call.

* Change the header comment to indicate more exactly why the decision
was made. Now reflects local policy or spf.trusted_forwarder.org

* change result2(), message_result2() to be return value compatible with
result()

* Made include mechanism work correctly (you can now get past an include
that doesn;t match)

* Added another 30 test cases to handle local policy. Also fixed tests
to handle the changed returns for result2() and message_result2().

* Updated the man page to reflect changes.

Philip



Mark wrote:

> ----- Original Message -----
> From: <philip-spf@gladstonefamily.net>
> To: <spf-devel@v2.listbox.com>
> Sent: Wednesday, January 21, 2004 4:15 AM
> Subject: [spf-devel] Changes for Mail::SPQ::Query 1.98
>
> Philip,
>
> I stumbled on another small bug; or is it a feature? :)
>
> I applied your latest patch, and made an SPF query, using the following set:
>
> ip => '209.6.17.217',
> sender => 'admin@asarian-host.com',
> helo => 'asarian-host.com',
> debug => 1,
> trusted => 0
>
> (mind you, in this Vmware test environment, I published a local "+mx -all"
> record for asarian-host.com). The result, as expected, is a 'fail'
>


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

There is one open issue -- what to do about the smtp_comment that is
returned from the various methods. Currently, you get the pobox.com
message if the matching mechanism is -all. In the patch below, I have
managed to break this behaviour. However, you didn't get the message if
the match was anything else in the stock 1.98.

It does seem useful to have the pobox.com redirect message, and yet it
also seems useful to be able to override it with the exp= modifier.

Does anybody have any great ideas on what the smtp_comment should
contain? In particular, what should it contain on 'pass' and 'unknown'
statuses? Should we always jam in the pobox.com URL unless the exp=
modifier is present?

Philip

philip-spf@gladstonefamily.net wrote:

> It turns out that there is a problem in include processing in 1.98. I've
> fixed this problem.
>
> I've updated the patch at http://pond.gladstonefamily.net/msq-1.98.pf
>
> It contains the following changes:
>
> * Addition of trusted, local, guess parameters on object creation. This
> integrates trusted_forwarder and best_guess and regular SPF lookup into
> a single call.
>
> * Change the header comment to indicate more exactly why the decision
> was made. Now reflects local policy or spf.trusted_forwarder.org
>
> * change result2(), message_result2() to be return value compatible with
> result()
>
> * Made include mechanism work correctly (you can now get past an include
> that doesn;t match)
>
> * Added another 30 test cases to handle local policy. Also fixed tests
> to handle the changed returns for result2() and message_result2().
>
> * Updated the man page to reflect changes.
>
> Philip
>
>
>
> Mark wrote:
>
>> ----- Original Message ----- From: <philip-spf@gladstonefamily.net>
>> To: <spf-devel@v2.listbox.com>
>> Sent: Wednesday, January 21, 2004 4:15 AM
>> Subject: [spf-devel] Changes for Mail::SPQ::Query 1.98
>>
>> Philip,
>>
>> I stumbled on another small bug; or is it a feature? :)
>>
>> I applied your latest patch, and made an SPF query, using the
>> following set:
>>
>> ip => '209.6.17.217',
>> sender => 'admin@asarian-host.com',
>> helo => 'asarian-host.com',
>> debug => 1,
>> trusted => 0
>>
>> (mind you, in this Vmware test environment, I published a local "+mx
>> -all"
>> record for asarian-host.com). The result, as expected, is a 'fail'
>>
>
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
>
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

> Does anybody have any great ideas on what the smtp_comment should
> contain? In particular, what should it contain on 'pass' and 'unknown'
> statuses? Should we always jam in the pobox.com URL unless the exp=
> modifier is present?

libspf uses the pobox.com url unless the exp modifier is specified, I
possibly did this out of ignorance, but reading your post I take it its
actually not specified anywhere (as I had thought).

James

--
James Couzens,
Programmer

obscurity.org
libspf.org

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com

On Wed, Jan 21, 2004 at 10:21:06PM -0500, philip-spf@gladstonefamily.net wrote:
| There is one open issue -- what to do about the smtp_comment that is
| returned from the various methods. Currently, you get the pobox.com
| message if the matching mechanism is -all. In the patch below, I have
| managed to break this behaviour. However, you didn't get the message if
| the match was anything else in the stock 1.98.
|
| It does seem useful to have the pobox.com redirect message, and yet it
| also seems useful to be able to override it with the exp= modifier.
|
| Does anybody have any great ideas on what the smtp_comment should
| contain? In particular, what should it contain on 'pass' and 'unknown'
| statuses? Should we always jam in the pobox.com URL unless the exp=
| modifier is present?

if exp is present, use that.
if it is not present, use the spf.pobox.com/why message.

On "pass" and "unknown" you can return "SPF pass" and "SPF unknown"
since the MTA will probably override them anyway and just return an "OK".

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

In <20040122172549.GF28357@dumbo.pobox.com> Meng Weng Wong <mengwong@dumbo.pobox.com> writes:

> if exp is present, use that.
> if it is not present, use the spf.pobox.com/why message.

I think that the spf.pobox.com/why URL should be easily changeable by
the receiving MTA, just like I think that the use of t-f.org should be
easily changeable, and for the same reasons. These are good global
defaults, but better defaults may develop in the future, and local
mail admins might not want to use the global defaults anyway. For
example, a local mail admin might want to send people to a web page
written in French.


-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

On Wed, Jan 21, 2004 at 09:52:33PM -0800, James Couzens wrote:

| > Does anybody have any great ideas on what the smtp_comment should
| > contain? In particular, what should it contain on 'pass' and 'unknown'
| > statuses? Should we always jam in the pobox.com URL unless the exp=
| > modifier is present?
|
| libspf uses the pobox.com url unless the exp modifier is specified, I
| possibly did this out of ignorance, but reading your post I take it its
| actually not specified anywhere (as I had thought).

A library shouldn't force a coded setting like that. Maybe as a default,
with an piece of the API provided to let the caller set it.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

On Thu, 2004-01-22 at 11:47, Phil Howard wrote:
> On Wed, Jan 21, 2004 at 09:52:33PM -0800, James Couzens wrote:
>
> | > Does anybody have any great ideas on what the smtp_comment should
> | > contain? In particular, what should it contain on 'pass' and 'unknown'
> | > statuses? Should we always jam in the pobox.com URL unless the exp=
> | > modifier is present?
> |
> | libspf uses the pobox.com url unless the exp modifier is specified, I
> | possibly did this out of ignorance, but reading your post I take it its
> | actually not specified anywhere (as I had thought).
>
> A library shouldn't force a coded setting like that. Maybe as a default,
> with an piece of the API provided to let the caller set it.

Its a configurable value much like the other available settings that are
part of the library, which are configurable using the configuration
file(s) provided by the MTA.

James

--
James Couzens,
Programmer

Obtain my public PGP key from:
http://pgp.mit.edu:11371/pks/lookup?op=get&search@å—FŠÎóþÄvô5¿±Š¢$Þ(æÖ·[Ç

My current project(s):
http://libspf.org - C SPF library

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com

I'll redo the M:S:Q tonight to make the default explanation
configurable. The explanation record in the DNS will always override the
locally specified default or the pobox one if there is nothing else
specified.

Philip

James Couzens wrote:
> On Thu, 2004-01-22 at 11:47, Phil Howard wrote:
>
>>On Wed, Jan 21, 2004 at 09:52:33PM -0800, James Couzens wrote:
>>
>>| > Does anybody have any great ideas on what the smtp_comment should
>>| > contain? In particular, what should it contain on 'pass' and 'unknown'
>>| > statuses? Should we always jam in the pobox.com URL unless the exp=
>>| > modifier is present?
>>|
>>| libspf uses the pobox.com url unless the exp modifier is specified, I
>>| possibly did this out of ignorance, but reading your post I take it its
>>| actually not specified anywhere (as I had thought).
>>
>>A library shouldn't force a coded setting like that. Maybe as a default,
>>with an piece of the API provided to let the caller set it.
>
>
> Its a configurable value much like the other available settings that are
> part of the library, which are configurable using the configuration
> file(s) provided by the MTA.
>
> James
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

Philip,

Would it be possible to convince you to join us for technical discussion
on the irc server? irc.pobox.com #spf, unless you are there already
under some alias and I've just not picked up on it ;)

James

On Thu, 2004-01-22 at 16:57, philip-spf@gladstonefamily.net wrote:
> I'll redo the M:S:Q tonight to make the default explanation
> configurable. The explanation record in the DNS will always override the
> locally specified default or the pobox one if there is nothing else
> specified.
>
> Philip
>
> James Couzens wrote:
> > On Thu, 2004-01-22 at 11:47, Phil Howard wrote:
> >
> >>On Wed, Jan 21, 2004 at 09:52:33PM -0800, James Couzens wrote:
> >>
> >>| > Does anybody have any great ideas on what the smtp_comment should
> >>| > contain? In particular, what should it contain on 'pass' and 'unknown'
> >>| > statuses? Should we always jam in the pobox.com URL unless the exp=
> >>| > modifier is present?
> >>|
> >>| libspf uses the pobox.com url unless the exp modifier is specified, I
> >>| possibly did this out of ignorance, but reading your post I take it its
> >>| actually not specified anywhere (as I had thought).
> >>
> >>A library shouldn't force a coded setting like that. Maybe as a default,
> >>with an piece of the API provided to let the caller set it.
> >
> >
> > Its a configurable value much like the other available settings that are
> > part of the library, which are configurable using the configuration
> > file(s) provided by the MTA.
> >
> > James
> >
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGHÝÜîU;±¤Þ¬bÆß®2x.com
--
James Couzens,
Programmer

Obtain my public PGP key from:
http://pgp.mit.edu:11371/pks/lookup?op=get&search@å—FŠÎóþÄvô5¿±Š¢$Þ(æÖ·[Ç

My current project(s):
http://libspf.org - C SPF library

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com

I added the default_explanation to M:S:Q.

See http://pond.gladstonefamily.net/msq-1.98b.pf

for the latest patch.

Philip

James Couzens wrote:

> Philip,
>
> Would it be possible to convince you to join us for technical discussion
> on the irc server? irc.pobox.com #spf, unless you are there already
> under some alias and I've just not picked up on it ;)
>
> James
>
> On Thu, 2004-01-22 at 16:57, philip-spf@gladstonefamily.net wrote:
>
>>I'll redo the M:S:Q tonight to make the default explanation
>>configurable. The explanation record in the DNS will always override the
>>locally specified default or the pobox one if there is nothing else
>>specified.
>>
>>Philip
>>
>>James Couzens wrote:
>>
>>>On Thu, 2004-01-22 at 11:47, Phil Howard wrote:
>>>
>>>
>>>>On Wed, Jan 21, 2004 at 09:52:33PM -0800, James Couzens wrote:
>>>>
>>>>| > Does anybody have any great ideas on what the smtp_comment should
>>>>| > contain? In particular, what should it contain on 'pass' and 'unknown'
>>>>| > statuses? Should we always jam in the pobox.com URL unless the exp=
>>>>| > modifier is present?
>>>>|
>>>>| libspf uses the pobox.com url unless the exp modifier is specified, I
>>>>| possibly did this out of ignorance, but reading your post I take it its
>>>>| actually not specified anywhere (as I had thought).
>>>>
>>>>A library shouldn't force a coded setting like that. Maybe as a default,
>>>>with an piece of the API provided to let the caller set it.
>>>
>>>
>>>Its a configurable value much like the other available settings that are
>>>part of the library, which are configurable using the configuration
>>>file(s) provided by the MTA.
>>>
>>>James
>>>
>>
>>-------
>>To unsubscribe, change your address, or temporarily deactivate your subscription,
>>please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

Would it be possible to reserve the 'x' macro for implementation use?

I'd like to use macro expansion for the configurable explanation...
actually I'd like to use it for generating the 'Received-SPF:' header.
For instance, when it's time to generate the mail header:
spf_expand(q, "Received-SPF: %{xr} (i=%{i} h=%{h} s=%{s} m=%{xm}
%{xe})\r\n", ...)

This might generate:
"Received-SPF: pass (i=69.55.226.139 h=mx.wayforward.net
s@PuͧïÄ7YPA’ÜD
[ m=+mx SMTP Sender Verified)\r\n"

So, I need to add macro characters for result ('unknown', 'pass', etc)
and for the mechanism. But I don't want to use 'r' or 'm' because
later versions of the spec might have use for that.

So, I propose any macro starting with %{x...} is implementation
specific.

'Sokay?

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

On Thu, Jan 22, 2004 at 11:29:59PM -0500, Terence Way wrote:
|
| So, I propose any macro starting with %{x...} is implementation
| specific.
|

sounds good to me. should we also do that for mechanisms or would that
be covered by modifiers being ignorable?

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

On Friday, January 23, 2004, at 12:23 AM, Meng Weng Wong wrote:

> | So, I propose any macro starting with %{x...} is implementation
> | specific.
> |
>
> sounds good to me. should we also do that for mechanisms or would that
> be covered by modifiers being ignorable?
>
Well, the idea was only for macro strings that would be generated
locally. So, an implementation might have some configuration for
Received-SPF header which uses this, or the local overrides might use
this.

And this is really just a note to you or future RFC editors to not
create any %{x...} macros, and yes, perhaps xsomething mechanisms.
Implementations would still return 'unknown' when they find any
mechanism they don't understand, and I suppose would literally copy in
any macro they don't understand.

Cheers!

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

In <CDFC99C4-4D5C-11D8-B945-00039344A0EC@wayforward.net> Terence Way <terry@wayforward.net> writes:

> Would it be possible to reserve the 'x' macro for implementation use?

Comments:

I think it would be A Bad Idea for for 'x' macros to occur in any SPF
record. Undefined behavior in interpreting SPF records is A Bad Thing.

I once suggested allowing mechanisms that beign with x- to be for
extentions. Since then, I've changed my mind and consider this A Bad
Idea also.


-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

> I think it would be A Bad Idea for for 'x' macros to occur in any SPF
> record. Undefined behavior in interpreting SPF records is A Bad Thing.
>
>
I agree. These are not in the SPF record. These are in local
overrides, or in implementation-specific macros. I just want to use
%{x} macros within my implementation, and I don't want any new macros
to be created that invalidates these macros. If %{x} macros start
showing up in SPF records, then the existing way of ditching
immediately with 'unknown' still holds.

Cheers!

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h

Minor point, but test #75 of M:S:Q v1.99:
(50.spf1-test.mailzone.com with an infinite include loop)

The test shows that it should fail. The spec in 3.7 Processing Limits
says it should return 'unknown'

Is this important? I should think mail shouldn't be dropped because of
an error like this.

Cheers!

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h