On Sat, Sep 04, 2004 at 12:45:52PM +0000, Mark wrote:
Paul Howarth wrote:
Some of my outgoing mail is being rejected by the mail server at
shield.vancity.com:
Yeah, their implementation seems broken alright. :) Following the URL, the
SPF validator at spf.pobox.com says:
"shield.vancity.com saw a message coming from the IP address 212.56.100.58
which is goalkeeper.city-fan.org; the sender claimed to be
dist(_at_)mcivta(_dot_)city-fan(_dot_)org(_dot_)
goalkeeper.city-fan.org is approved for mcivta.city-fan.org, so that mail
should have been accepted."
In which case, libspf2 is broken in this respect too:
srs# ldd /usr/local/bin/spfquery
/usr/local/bin/spfquery:
libspf2.so.1 => /usr/local/lib/libspf2.so.1 (0x28069000)
libc.so.4 => /usr/lib/libc.so.4 (0x28080000)
srs# spfquery -ip=212.56.100.58
-sender=dist(_at_)mcivta(_dot_)city-fan(_dot_)org
fail
Please see
http://spf.pobox.com/why.html?sender=dist%40mcivta.city-fan.org&ip=212.56.100.58&receiver=spfquery
spfquery: domain of mcivta.city-fan.org does not designate 212.56.100.58
as permitted sender
Received-SPF: fail (spfquery: domain of mcivta.city-fan.org does not
designate 212.56.100.58 as permitted sender) client-ip=212.56.100.58;
envelope-from=dist(_at_)mcivta(_dot_)city-fan(_dot_)org;
srs#
Hmm, a quick browse through the original spf draft acknowledges this
hunch.
Probably should be an RT ticket at rt.antarres.org then..
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/