spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Which SPF implementation to choose?

2006-08-28 15:41:00
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote on spf-discuss:

I added this test:

tests:
  redirect-is-modifier:
    description: |-
      Invalid mechanism.  Redirect is a modifier.
    spec: 4.6.1/4
    helo: mail.example.com
    host: 1.2.3.4
    mailfrom: foo(_at_)t8(_dot_)example(_dot_)com
    result: permerror
zonedata:
  mail.example.com:
  - A: 1.2.3.4
  t8.example.com:
    - SPF: v=spf1 ip4:1.2.3.4 redirect:t2.example.com

It is not clear which spec paragraph is being tested.  Could also
be 6/2, or maybe the list of defined mechanisms.


I think the primary spec reference should be 6.1/2 (the grammar definition 
in 6.1), but I think 4.6.1/2 (not /4) could be listed as a secondary 
reference.

(And, again, watch the indentation of the DNS records below the domains!  
That of the "SPF" record is correct YAML, that of the "A" record isn't.  
See my posting on spf-devel.)


I think the spec should be able to list multiple paragraphs.  Julian -
what is the recommended YAML syntax?  Should it be an explicit YAML list?
Or just comma or space separate the string?


Yes, it's allowed to list multiple spec references.  Explicit list syntax 
is required, e.g.:

  spec: [6.1/2, 4.6.1/2]

Omitting the brackets would make it a single, unstructured string.


test5.spam.co.nz  it is an invalid netmask


The RFC defines the CIDR as:

  ip4-cidr-length  = "/" 1*DIGIT

which certainly includes /0.  It also includes /33, which will never
match - or perhaps matches randomly :-).  In any case, 0 is clearly
allowed, as in ip4:0.0.0.0/0 - which is a synonym for all.


No, "ip4:0.0.0.0/0" is NOT a synonym for "all".  It doesn't match IPv6 
addresses (other than IPv4-mapped ones, i.e. ::ffff:n.n.n.n, which are 
treated as IPv4 addresses, of course).


Pyspf currently insists that CIDR be /1 - /32, and gives permerror
for /0, /33, and /032.  Unless someone wants to argue that pyspf
behaviour is implied in the penumbras of the RFC (e.g. because
ip4-network is spelled out that way), I maintain that pyspf is wrong.


Agreed.  It may not be nice that leading zeroes are permitted, but they 
undeniably are.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE83CLwL7PKlBZWjsRAoU+AKD236TQ+BLm1UYfPX4bJ8QyYbF7VQCg3Ri+
agtwamY/wuvSBt4PjQyJ/jM=
=+CqZ
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fw: [spf-discuss] Re: Which SPF implementation to choose?, Stuart D. Gathman
Next by Date:  Re: [spf-discuss] Re: Which SPF implementation to choose?, Alex van den Bogaerdt
Previous by Thread:  Re: Fw: [spf-discuss] Re: Which SPF implementation to choose?, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] Re: Which SPF implementation to choose?, Alex van den Bogaerdt
Indexes:  [Date] [Thread] [Top] [All Lists]