spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fw: [spf-discuss] Re: Which SPF implementation to choose?

2006-08-28 10:22:04
from [Stuart D. Gathman] [Permanent Link] 
On Sun, 27 Aug 2006, Craig Whitmore wrote:


test3.spam.co.nz  you give recursive but redirect: is not a valid mechanisum 
so should permerror with this error


I added this test:

tests:
  redirect-is-modifier:
    description: |-
      Invalid mechanism.  Redirect is a modifier.
    spec: 4.6.1/4
    helo: mail.example.com
    host: 1.2.3.4
    mailfrom: foo(_at_)t8(_dot_)example(_dot_)com
    result: permerror
zonedata:
  mail.example.com:
  - A: 1.2.3.4
  t8.example.com:
    - SPF: v=spf1 ip4:1.2.3.4 redirect:t2.example.com

It is not clear which spec paragraph is being tested.  Could also
be 6/2, or maybe the list of defined mechanisms.  I think the spec should be
able to list multiple paragraphs.  Julian - what is the recommended YAML
syntax?  Should it be an explicit YAML list?  Or just comma or space separate
the string?


test4.spam.co.nz on kitterman's passes? is this correct?


The redirect is never processed, so the DOS limits are never hit.
I modified redirect-after-mechanisms in the test suite to check this 
subtle point.


test5.spam.co.nz  it is an invalid netmask


The RFC defines the CIDR as:

  ip4-cidr-length  = "/" 1*DIGIT

which certainly includes /0.  It also includes /33, which will never match -
or perhaps matches randomly :-).  In any case, 0 is clearly allowed, as
in ip4:0.0.0.0/0 - which is a synonym for all.  It also include /032,
which should be a synonym for /32.  

Pyspf currently insists that CIDR be /1 - /32, and gives permerror
for /0, /33, and /032.  Unless someone wants to argue that pyspf
behaviour is implied in the penumbras of the RFC (e.g. because
ip4-network is spelled out that way), I maintain that pyspf is wrong.

Since there is the all mechanism, you could argue that /0 (and /33) 
should raise AmbiguityWarning in pyspf.  In hindsight, the RFC should
have disallowed /0 (and /33 or more and even /032).

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: spam.co.nz (was: Which SPF implementation to choose?), Monte Hansen
Next by Date:  [spf-discuss] Re: Which SPF implementation to choose?, Julian Mehnle
Previous by Thread:  [spf-discuss] Re: spam.co.nz, Julian Mehnle
Next by Thread:  [spf-discuss] Re: Which SPF implementation to choose?, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]