spf-discuss
[Top] [All Lists]

Re: new draft RFC under construction

2003-10-10 14:36:29
On Fri, Oct 10, 2003 at 08:51:34PM +0200, Loic Prylli wrote:
| Meng Weng Wong wrote:
| 
| >3) Each configuration directive represents a different approach to
| >   answering the "is this client for real" question.
| >
| >     "permit:mx; permit:a=designated-mailers.DOMAIN; permit:spf; 
| >include:OTHERDOMAIN; deny:default"
| >
| 
| Would it be feasible to also include a way to reference authorized 
| mailers by a name pattern:
| like:  *.mx.lao.com (either through something like 
| "permit:pat=*.mx.lao.com" in the spf config._smtp_client.... record, or 
| something lie
| "permit:ptr=some.domain", and the list of patterns would in PTR record 
| at some.domain).
| 

Well, that was a productive flight.  I have added a PTR mechanism:

2.4.3 PTR

   First, perform a PTR lookup on the connecting client IP; then
   perform an A lookup back to an IP address.  If one of the PTR names
   resolves back to the original IP address, the PTR response is
   considered valid.  Then, if that resolving PTR entry ends in the
   specified domain-name, this mechanism returns "allow".

2.4.3.1 Example

     spf-1._smtp_policy.example.com IN TXT
        "ptr default=deny exp=This is a test of SPF"

   SMTP client comes from the IP address 1.2.3.4.

   PTR(1.2.3.4) returns two results: "foo.example.net" and "bar.example.com"

   A(foo.example.net) returns two results: 2.3.4.5 and 3.4.5.6.

   This is an invalid result because the A record does not point back
   to the original IP.
   
   A(bar.example.com) returns two results: 1.2.3.4 and 2.3.4.5.
   
   This is a valid result because the A record does point back to the
   original IP.
   
   bar.example.com does end in example.com; therefore this mechanism
   returns "allow".

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡