Mailing List Archive

Is 'ip4:' without an ip address actually correct? doesn't this mean the domain2 spf record can not be parsed??

Check the specifications on http://spf.pobox.com/spf-draft-200406.txt, i'm happy to here if you found anything about the 'ip4:' there..

Koen

On Fri, Aug 20, 2004 at 01:06:06PM +0400, Roman Suzi wrote:
>
> I've ancountered a problem with spf.py. It
>
> domain1 has:
> v=spf1 redirect=domain2 ~all
>
> domain2 has:
> v=spf1 ip4: ip4:1.1.1.1/24 ~all
>
> sender is good: from 1.1.1.1/24, has domain1
> But spf.py reads ~all and tells "softfail"!
>
> My idea of redirect is that any other checks are redirected to another
> domain! This means, that in the example above ths should be "pass".
>
> >From spfquery I get:
>
> problem=Warning: Mechanisms found after the "all:" mechanism will be ignored;
>
> for the same ip and sender.
>
>
> Sincerely yours, Roman A.Suzi
> --
> - Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Sincerely yours, Roman A.Suzi
--
- Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -

On Fri, 20 Aug 2004, Koen Martens wrote:

> Is 'ip4:' without an ip address actually correct? doesn't this mean the
> domain2 spf record can not be parsed??

oops! It was a mistake, I deleted specific IP-address but forgot to
delete ip4:.

> Check the specifications on http://spf.pobox.com/spf-draft-200406.txt, i'm happy to here if you found anything about the 'ip4:' there..
>
> Koen
>
> On Fri, Aug 20, 2004 at 01:06:06PM +0400, Roman Suzi wrote:
> >
> > I've ancountered a problem with spf.py. It
> >
> > domain1 has:
> > v=spf1 redirect=domain2 ~all
> >
> > domain2 has:
> > v=spf1 ip4: ip4:1.1.1.1/24 ~all
> >
> > sender is good: from 1.1.1.1/24, has domain1
> > But spf.py reads ~all and tells "softfail"!
> >
> > My idea of redirect is that any other checks are redirected to another
> > domain! This means, that in the example above ths should be "pass".
> >
> > >From spfquery I get:
> >
> > problem=Warning: Mechanisms found after the "all:" mechanism will be ignored;
> >
> > for the same ip and sender.
> >
> >
> > Sincerely yours, Roman A.Suzi
> > --
> > - Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi again,

I checked with my own spfquery, and indeed it does a pass, and gives the
warning about mechanisms after the 'all:' thing. I think that should be
'redirect:' instead of 'all:', which spf library are you using (and
which version?). This might be a minor bug in the library, and if so the
author can be notified.

Wait, I checked the specs..

5.1 of the spf classic spec says (and the marid draft on spf.pobox.com)

If all mechanisms fail to match, and a redirect modifier is present,
then processing proceeds as follows.

redirect = "redirect" "=" domain-spec

The domain-spec portion of the redirect section is expanded as per
the macro rules in section 7. Then check_host() is evaluated with
the resulting string as the <domain>. The <ip> and <sender>
arguments remain the same as current evaluation of check_host().

So it appears the python implementation got it right, and spfquery got
it wrong.

Koen


On Fri, Aug 20, 2004 at 04:55:14PM +0400, Roman Suzi wrote:
>
> Sincerely yours, Roman A.Suzi
> --
> - Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -
>
> On Fri, 20 Aug 2004, Koen Martens wrote:
>
> > Is 'ip4:' without an ip address actually correct? doesn't this mean the
> > domain2 spf record can not be parsed??
>
> oops! It was a mistake, I deleted specific IP-address but forgot to
> delete ip4:.
>
> > Check the specifications on http://spf.pobox.com/spf-draft-200406.txt, i'm happy to here if you found anything about the 'ip4:' there..
> >
> > Koen
> >
> > On Fri, Aug 20, 2004 at 01:06:06PM +0400, Roman Suzi wrote:
> > >
> > > I've ancountered a problem with spf.py. It
> > >
> > > domain1 has:
> > > v=spf1 redirect=domain2 ~all
> > >
> > > domain2 has:
> > > v=spf1 ip4: ip4:1.1.1.1/24 ~all
> > >
> > > sender is good: from 1.1.1.1/24, has domain1
> > > But spf.py reads ~all and tells "softfail"!
> > >
> > > My idea of redirect is that any other checks are redirected to another
> > > domain! This means, that in the example above ths should be "pass".
> > >
> > > >From spfquery I get:
> > >
> > > problem=Warning: Mechanisms found after the "all:" mechanism will be ignored;
> > >
> > > for the same ip and sender.
> > >
> > >
> > > Sincerely yours, Roman A.Suzi
> > > --
> > > - Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -
> > >
> > > -------
> > > Archives at http://archives.listbox.com/spf-help/current/
> > > Donate! http://spf.pobox.com/donations.html
> > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
> > --
> > K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> > Networking, embedded systems, unix expertise, artificial intelligence.
> > Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> > Wondering about the funny attachment your mail program
> > can't read? Visit http://www.openpgp.org/
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

The issue has been noted on spf-devel i now see in the libspf2 ticket
system. Unfortunatelly the archive of that list seems to end somewhere
at the end of february 2004, but here is what is in the rt for libspf2:


---------- Forwarded message ----------
From: wayne <wayne@midwestcs.com>
To: SPF Development <spf-devel@v2.listbox.com>
Date: Sun, 11 Jul 2004 20:25:39 -0500
Subject: Re: [spf-devel] redirect
Reply-To: spf-devel@v2.listbox.com
X-Spam-Status: No, hits=1.5 required=5.0 tests=SH_TO_UNKNOWN
autolearn=no
version=2.61

In <014301c46767$c8e72360$01030101@pamho.net> "Roger Moser"
<roger_moser_spf@greenmail.ch> writes:

> At least three SPF implementations (spflib, spflib-alt and SPF-Delphi)
> immediately execute "redirect=..." when encountered (like
> "include:...").
> This is wrong. The redirection should be done only at the end and only
> if
> none of the mechanisms matched (see section 5.1 of the
> specifications). The
> 'redirect' modifier is not position-dependent!

If, by "spflib-alt" you mean libspf-alt (aka libspf2), then yes, that
is a known bug that has been documented since the very first release.
I'm afraid it hasn't been very high on my priority list since in the
1.3 million email domain names, I have found only one (agst.com) that
this breaks on.

-wayne

-------

On Sat, Aug 21, 2004 at 03:28:26PM +0200, Koen Martens wrote:
> So it appears the python implementation got it right, and spfquery got
> it wrong.

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Sat, 21 Aug 2004, Koen Martens wrote:

>The issue has been noted on spf-devel i now see in the libspf2 ticket
>system. Unfortunatelly the archive of that list seems to end somewhere
>at the end of february 2004, but here is what is in the rt for libspf2:
>
>
>---------- Forwarded message ----------
>From: wayne <wayne@midwestcs.com>
>To: SPF Development <spf-devel@v2.listbox.com>
>Date: Sun, 11 Jul 2004 20:25:39 -0500
>Subject: Re: [spf-devel] redirect
>Reply-To: spf-devel@v2.listbox.com
>X-Spam-Status: No, hits=1.5 required=5.0 tests=SH_TO_UNKNOWN
>autolearn=no
>version=2.61
>
>In <014301c46767$c8e72360$01030101@pamho.net> "Roger Moser"
><roger_moser_spf@greenmail.ch> writes:
>
>> At least three SPF implementations (spflib, spflib-alt and SPF-Delphi)
>> immediately execute "redirect=..." when encountered (like
>> "include:...").
>> This is wrong. The redirection should be done only at the end and only
>> if
>> none of the mechanisms matched (see section 5.1 of the
>> specifications). The
>> 'redirect' modifier is not position-dependent!

Well, but ~alt at the end gives softfail. Maybe it's better to give a
chance to redirect?




Sincerely yours, Roman Suzi
--
rnd@onego.ru =\= My AI powered by GNU/Linux RedHat 7.3

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com