[Pymilter] Issue with spfmilter?
Harald Hannelius
harald at iki.fi
Fri Mar 9 08:35:23 EST 2018
On Fri, 9 Mar 2018, Stuart D. Gathman wrote:
> On Fri, 9 Mar 2018, Harald Hannelius wrote:
>
>> Sorry, the domain is mdh.se and they have an SPF-record. It validates OK on
>> both mxtoolbox and kitterman.com tests.
>
> You apparently only tested with IP4.
Well yes, I was unable to enter an IPv6-address in the mxtoolbox.com test.
>
>> I then noted that if I telnet the IPv6-address of my SMTP-gateway, and
>> pretend to send from mdh.se I get the "Void lookup" error every time. If I
>> telnet the IPv4-address, the test succeeds.
>
> That's because their record has way more than 2 void lookups for IPv6.
Oh, I have missed that. Sorry. I have to look closer on their record.
This succeeds;
$ spfquery --sender=some.user at mdh.se --ip=2a01:0111:f400:fe1e::0712
pass
spfquery: domain of mdh.se designates 2a01:111:f400:fe1e::712 as permitted
sender
Received-SPF: pass (spfquery: domain of mdh.se designates
2a01:111:f400:fe1e::712 as permitted sender)
client-ip=2a01:111:f400:fe1e::712; envelope-from=some.user at mdh.se;
I can't figure out why there are more than 2 void lookups in their record.
Maybe I just don't get it :)
$ host -t txt mdh.se
mdh.se descriptive text "v=spf1 a:f-medby.ita.mdh.se a:www.netigate.se
a:smtp.quicknet.se ip4:130.238.186.19 ip4:130.238.7.172 ip4:130.238.7.173
ip4:130.238.7.174 ip4:130.238.7.175 ip4:130.238.7.176 ip4:130.238.7.177 "
"include:spf.protection.outlook.com include:spf-eu.exlibrisgroup.com ~all"
mdh.se descriptive text
"JaV+SpuwwSQ7VgkHegHs4triOGA+YaEYbk5Ta20BNd9q8BlQdeyFEqZrmR7bTHJbRF6Vi1bbw+KcRJ1iHRBE0A=="
mdh.se descriptive text "MS=ms19563410"
$ host f-medby.ita.mdh.se
f-medby.ita.mdh.se has address 130.243.84.223
$ host www.netigate.se
www.netigate.se has address 89.46.81.172
$ host smtp.quicknet.se
smtp.quicknet.se has address 193.41.214.32
$ host -t txt spf.protection.outlook.com
spf.protection.outlook.com descriptive text "v=spf1 ip4:207.46.100.0/24
ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.56.110.0/23
ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.128/26
include:spfa.protection.outlook.com -all"
$ host -t txt spfa.protection.outlook.com
spfa.protection.outlook.com descriptive text "v=spf1 ip4:157.56.112.0/24
ip4:207.46.51.64/26 ip4:64.4.22.64/26 ip4:40.92.0.0/14 ip4:40.107.0.0/17
ip4:40.107.128.0/17 ip4:134.170.140.0/24
include:spfb.protection.outlook.com ip6:2001:489a:2202::/48 -all"
$ host -t txt spfb.protection.outlook.com
spfb.protection.outlook.com descriptive text "v=spf1
ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23
ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21
ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.180.0/23
ip4:94.245.120.64/26 -all"
$ host -t txt spf-eu.exlibrisgroup.com
spf-eu.exlibrisgroup.com descriptive text "v=spf1 ip4:95.172.90.143
ip4:95.172.90.156 -all"
$
> Yes, they shouldn't be trying to connect via IPv6 when their sender
> policy is full of void lookups for IPv6.
I agree! I just don't get it then.
> If you want to be lenient on void lookups only for IPv6, that should
> be simple to add via code. When I get around to adding a config for
> void lookups, I should probably have separate configs for IP4 and IPv6.
No need to be lenient. People should fix their
--
Harald Hannelius | harald at iki.fi | +358505941020
More information about the Pymilter
mailing list