On Fri, 2004-12-31 at 02:47, Greg Connor wrote:
--Øyvind Henriksen <oyvind(_at_)increo(_dot_)no> wrote:
[Regarding adding a couple large ISPs to the default SPF record for hosted
domains]
I think this will benefit our users and simplify things a lot when
rolling out SPF, but I am concerned that it will result in a flawed
deployment, and maybe it will come back and haunt me in the future? :-)
This is the text i want to add, in addition to the rest of my SPF setup:
"include:online.no include:broadpark.no include:c2i.net
include:frisurf.no"
Which reminds me I scripted up another approach in perl.
It uses a file that you can download from
http://ip-to-country.webhosting.info/ .
Then it's zcat ip-to-country.csv.zip | grep NORWAY | subnet.pl >
dns_output .
It's not finished yet, but here is an attachment of what I have so far.
I need to add the stuff for when you need to split a lookup even further
so that you can have you TXT records stay slimmer than 512 bytes.
--
http://dmoz.org/profiles/pollei.html
http://sourceforge.net/users/stephen_pollei/
http://www.orkut.com/Profile.aspx?uid=2455954990164098214
http://stephen_pollei.home.comcast.net/
GPG Key fingerprint = EF6F 1486 EC27 B5E7 E6E1 3C01 910F 6BB5 4A7D 9677
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
#! /usr/bin/perl -w
use strict;
# http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-00.html
# http://ip-to-country.webhosting.info/
# 452602 bytes big
our $dname="spf-no.example.com.";
sub num2ip {
my $num = $_[0];
my $a = (0xff000000 & $num) >> 24;
my $b = (0xff0000 & $num) >> 16;
my $c = (0xff00 & $num) >> 8;
my $d = (0xff & $num) ;
return $a . "." . $b . "." . $c . "." . $d ; }
sub get_subnet {
my $a; my $b;
($a, $b)= @_ ;
my $low = $a & $b;
my $high = $a | $b;
$low = $high - ($low ^ $high);
my $span= $high - $low;
my $snet=24;
if ($span > 256) {$snet= 31-(int log($span)/log(2));}
$low = $low & (0xffffffff << (32-$snet));
return ($low, $snet); }
sub print_2nd_level {
my $net= $_[0];
my $addresses = $_[1];
print $net,'.ipv4.',$dname,
' IN TXT "v=spf1 include %{i2r}.%{v}.',$dname,"\"\n";
print "*.",$net,'.ipv4.',$dname,
' IN TXT "v=spf1 ~all', "\"\n";
}
my @nets;
my $loop_var;
for ($loop_var=0;$loop_var<256;$loop_var++) {
$nets[$loop_var]= { }; }
for (<>) {
my $a; my $b;
my $low; my $snet;
my $low2; my $snet2;
$_ =~ /\"(\d+)\",\"(\d+)\"/;
($a, $b) = (int $1,int $2);
($low,$snet)= get_subnet($a,$b);
$nets[(0xff000000 & $low) >> 24]{$low}=$snet;
}
print $dname,' IN TXT "v=spf1 include %{i1r}.%{v}.',$dname,"\"\n";
print '*.ipv4.', $dname,' IN TXT "v=spf1 ~all"',"\n";
my $net;
foreach $net (0 .. $#nets) {
my $ad_sz=keys(%{$nets[$net]} );
#print $ad_sz,"\n";
if ($ad_sz >20 ) {
print_2nd_level($net, \%{$nets[$net]} );
} elsif ($ad_sz) {
my $glist="";
my $address;
foreach $address (keys %{$nets[$net]} ) {
$glist .= ("ipv4:" . num2ip($address) .
"/" . $nets[$net]{$address} . " ");
#print $net, " ", $address, " ", $nets[$net]{$address},"\n";
}
print $net,'.ipv4.',$dname,' IN TXT "v=spf1 ', $glist, "\"\n";
}
}
signature.asc
Description: This is a digitally signed message part