spf-discuss
[Top] [All Lists]

Re: mail administrator certification example

2004-07-30 11:36:06
I am not sure what particular RFC defines the ip4 CIDR notation but I have
been assured by CommunigatePro developers that it does exist in the early
RFCs.

It is stated that the correct format for any cidr notation is
xxx.yyy.zzz.kkk/mm where xxx.yyy.zzz.kkk starts on the appropiate boundry
for /mm. Although a masking on a non boundry ip address may give the correct
results one should do it.

That is the rough quote I received from cisco and a stalker engineer

It is also what I have been taught. I also know that if you enter it into a
router as I did with an config import to a cisco border router it can play
havoc with routing tables and bgp. Our providers shut down our ds-3 as they
were causing routing problems throughout their system. That was the last
time I imported a router config file that was manually edited. Typo killed
us and play havoc with Level three.

----- Original Message ----- 
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, July 30, 2004 2:20 PM
Subject: Re: [spf-discuss] mail administrator certification example


[Private reply.  I'm replying off-list because I don't think anyone else
on-list is really interested in my thoughts here.]


I am curious about what "standard" you are referring to.  Is there a
published RFC for CIDR notation that says unmasked bits may be cleared?

I think what many others have pointed out is accurate and relevant here:
SPF is not a routing protocol anyway, so the only "standard" here is the
SPF draft.  The SPF draft defines what ip4: and ip6: mean, and the
masking mechanism SPF chooses to use is similar to the one used in a/24
and mx/24.

Thanks
gregc


On Fri, 2004-07-30 at 11:14, John Keown wrote:
I am not saying I do not know how to handle it. I am just saying that
when a
proposed solution breaks with the rules and interpretation of existing
standards it brings into question the validity of the rfc.

I will give one example just given to me on another list where spf will
not
even slow spam on zombies.

Spammer solution is simple. Take several lists of the zombie ip
addresses
and create a simple program that makes tight spf records by updating the
dns
just before sending the spam. Then our receiving server will test the
spf of
adgafdgh.com and get valid and tight spf records for that domain because
the
zombies are listed as valid sending ip. Thus spam get through and spf is
useless. All spf will do is increase the spammer's programming and load
on
our server. Spam from zombies will continue to come through. They will
just
be listed on some spf records.

They will just no longer spoof return addresses.


----- Original Message ----- 
From: "Mark" <admin(_at_)asarian-host(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, July 30, 2004 1:23 PM
Subject: Re: [spf-discuss] mail administrator certification example


Paul Howarth wrote:

John Keown wrote:

I did not make the rule for the notation. That are part of the
binary number system. The total space is the 32 bit octal address
space. Therefore there are certain mathematical restrictions
imposed
by both the binary and octal notation. The /xx defines that as some
power of 2 a /24 is 2 to 8 power. or 256. a / 25 is 2 the 7 and
etc.

No, the /xx means use the leftmost xx bits (only). That's why it's
called the "prefix length". People may choose to implement it using
multiplication and/or division operators but there's no need at all
to do so.

Implementing this using real multiplication and/or division
instructions
would be a rather odd way to go about things. If you have a number in
a
register, say, AX, you could divide by 4, using SHR AX,2; or multiply
by
8,
using SHL AX,3 (and so forth). You could even emulate a /24 netmask,
using
SHR AX,8 + SHL AX,8 for a combo (which would still be better than
using
real
division, as it clears out the lower 8 bits). Still, nothing beats a
simple
AND, of course.

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com