spf walk: lookup aaaa records with "a" mechanism

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

spf walk: lookup aaaa records with "a" mechanism

Tim Kuijsten-3
Hi,

When the "a" designated sender mechanism is used in an spf txt record,
both v4 and v6 addresses are matched according to [1], so let `smtpctl
spf walk` resolve both A and AAAA records.

Current output:
$ echo netsend.nl | smtpctl spf walk
80.127.135.115
80.127.98.234

Expected output:
$ echo netsend.nl | ./smtpctl spf walk
80.127.135.115
80.127.98.234
2001:981:8a34:1:80:127:135:115
2001:984:6a6f:1:468a:5bff:fed9:87

-Tim

[1] https://tools.ietf.org/html/rfc7208#section-5.3

spfwalka6.c (440 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spf walk: lookup aaaa records with "a" mechanism

Todd T. Fries-2
In principal I like this.

In practice, I note something is missing.  I get a different output:

$ echo netsend.nl | smtpctl spf walk
32.1.9.129
32.1.9.132
80.127.98.234
80.127.135.115

I also note the dns is being requested, as per below, just not printed for some reason.

09:42:12.175535 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 70: 192.168.1.85.11695 > 8.8.8.8.53: [udp sum ok] 49902+ TXT? netsend.nl.(28) (ttl 64, id 37703, len 56)
09:42:12.504853 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 112: 8.8.8.8.53 > 192.168.1.85.11695: [udp sum ok] 49902 1/0/0 netsend.nl. TXT "v=spf1 a:smtp.netsend.nl -all[|domain] (ttl 119, id 12691, len 98)
09:42:12.505483 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.45977 > 8.8.8.8.53: [udp sum ok] 37034+ A? smtp.netsend.nl.(33) (ttl 64, id 19808, len 61)
09:42:12.505526 d0:7e:35:12:9a:03 f8:18:97:94:b1:cd 0800 75: 192.168.1.85.31571 > 8.8.8.8.53: [udp sum ok] 58052+ AAAA? smtp.netsend.nl.(33) (ttl 64, id 22845, len 61)
09:42:12.668825 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 131: 8.8.8.8.53 > 192.168.1.85.31571: [udp sum ok] 58052 2/0/0 smtp.netsend.nl. AAAA 2001:981:8a34:1:80:127:135:115, smtp.netsend.nl. AAAA 2001:984:6a6f:1:468a:5bff:fed9:87(89) (ttl 119, id 58881, len 117)
09:42:12.748121 f8:18:97:94:b1:cd d0:7e:35:12:9a:03 0800 107: 8.8.8.8.53 > 192.168.1.85.45977: [udp sum ok] 37034 2/0/0 smtp.netsend.nl. A 80.127.98.234, smtp.netsend.nl. A 80.127.135.115(65) (ttl 56, id 60155, len 93)

Thanks,

Penned by Tim Kuijsten on 20181014 18:08.06, we have:
| Hi,
|
| When the "a" designated sender mechanism is used in an spf txt record, both
| v4 and v6 addresses are matched according to [1], so let `smtpctl spf walk`
| resolve both A and AAAA records.
|
| Current output:
| $ echo netsend.nl | smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
|
| Expected output:
| $ echo netsend.nl | ./smtpctl spf walk
| 80.127.135.115
| 80.127.98.234
| 2001:981:8a34:1:80:127:135:115
| 2001:984:6a6f:1:468a:5bff:fed9:87
|
| -Tim
|
| [1] https://tools.ietf.org/html/rfc7208#section-5.3

| diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
| index c4ce2e3d891..22b057963f9 100644
| --- a/usr.sbin/smtpd/spfwalk.c
| +++ b/usr.sbin/smtpd/spfwalk.c
| @@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
|   }
|   if (strncasecmp("a:", *ap, 2) == 0) {
|   lookup_record(T_A, *(ap) + 2, dispatch_a);
| + lookup_record(T_AAAA, *(ap) + 2, dispatch_aaaa);
|   continue;
|   }
|   if (strncasecmp("exists:", *ap, 7) == 0) {


--
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries

Reply | Threaded
Open this post in threaded view
|

Re: spf walk: lookup aaaa records with "a" mechanism

Gilles Chehade-7
In reply to this post by Tim Kuijsten-3
On Mon, Oct 15, 2018 at 01:08:06AM +0200, Tim Kuijsten wrote:
> Hi,
>

Hi,


> When the "a" designated sender mechanism is used in an spf txt record, both
> v4 and v6 addresses are matched according to [1], so let `smtpctl spf walk`
> resolve both A and AAAA records.
>
> [...]
>
> -Tim
>
> [1] https://tools.ietf.org/html/rfc7208#section-5.3

Correct, unfortunately this comes slightly too late for 6.4

Thanks for your diff


> diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
> index c4ce2e3d891..22b057963f9 100644
> --- a/usr.sbin/smtpd/spfwalk.c
> +++ b/usr.sbin/smtpd/spfwalk.c
> @@ -192,6 +192,7 @@ dispatch_txt(struct dns_rr *rr)
>   }
>   if (strncasecmp("a:", *ap, 2) == 0) {
>   lookup_record(T_A, *(ap) + 2, dispatch_a);
> + lookup_record(T_AAAA, *(ap) + 2, dispatch_aaaa);
>   continue;
>   }
>   if (strncasecmp("exists:", *ap, 7) == 0) {


--
Gilles Chehade

https://www.poolp.org                                          @poolpOrg