First of all, this should be posted to spf-help, not spf-discuss.
Anyhow, the result should be fail I think. The a and mx don't match, and ptr
fails too:
[gmc(_at_)dave gmc]$ host -t txt mail.fdn.com
mail.fdn.com text "v=spf1 a mx ptr -all"
[gmc(_at_)dave gmc]$ host 216.199.46.17
17.46.199.216.in-addr.arpa domain name pointer nsmail.fdn.com.
[gmc(_at_)dave gmc]$ host nsmail.fdn.com
nsmail.fdn.com has address 216.199.46.17
But nsmail.fdn.com does not end in .mail.fdn.com (although one can
debate whether it should end in .mail.fdn.com or merely mail.fdn.com, I
could not find a definite answer to it in the draft, but I probably
overlooked something).
For more on the PTR mechanism, http://spf.pobox.com/mechanisms.html#ptr
and the spf draft published by the ietf..
To be honest, I don't understand the output of the tool at
spftools.infinitepenguins.net, it says fail on the one hand and pass on
the other. Seems to be broken , given the weird RFC2822 header: output.
Koen
On Mon, Oct 25, 2004 at 01:51:04PM -0400, Eric Stocker wrote:
I'm not sure if this is the designed behavior or not, I tried looking in the
mail archive's but could not find anything, but here is the issue:
I setup an spf record for mail.fdn.com to be "v=spf1 a mx ptr -all"
Using the SPF tester at http://spftools.infinitepenguins.net/ I set the SMTP
client IP address to be the IP address of our DNS caching server
(nsmail.fdn.com 216.199.46.17) According to the tester it matched the ptr
test, and I think it did because the caching server name has 'mail.fdn.com'.
The result
IP '216.199.46.17' HELO 'fdn' SENDER 'test(_at_)mail(_dot_)fdn(_dot_)com'
Testing record for mail.fdn.com (probably v=spf1 a mx ptr -all)
Calling: /usr/local/bin/spfqtool -i 216.199.46.17 -s
test(_at_)mail(_dot_)fdn(_dot_)com -h
fdn
Response:
spfqtool (reference implementation) says:
SPF short result: fail
SPF verbose result: policy result: (fail) from rule (-all)
RFC2822 header: Received-SPF: fail (fdn: domain of
test(_at_)mail(_dot_)fdn(_dot_)com
does not designate 216.199.46.17 as permitted sender) receiver=fdn;
client_ip=216.199.46.17; envelope-from=test(_at_)mail(_dot_)fdn(_dot_)com;
PHP spf1_parser says:
Received-SPF: pass (match ptr)
Does SPF perform a forward and reverse check or just a reverse check?
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/