search

Mika56 / PHP-SPF-Check

Simple library to check an IP address against a domain's SPF record
MIT License
44 stars 25 forks source link

Uncaught exception #5

Closed Pascal76 closed 8 years ago

Pascal76 commented 8 years ago

Hi

did I do something wrong ?

var_dump($checker->isIPAllowed('217.109.56.203', 'news2.cdiscount.com'));

[23-Aug-2016 00:00:29 Europe/Paris] PHP Fatal error: Uncaught exception 'Mika56\SPFCheck\Exception\DNSLookupException' in /apache_sites/jbm/spf/vendor/mika56/spfcheck/src/DNSRecordGetter.php:45 Stack trace:

0 /apache_sites/jbm/spf/vendor/mika56/spfcheck/src/SPFCheck.php(143): Mika56\SPFCheck\DNSRecordGetter->resolveA('news2.cdiscount...')

1 /apache_sites/jbm/spf/vendor/mika56/spfcheck/src/SPFCheck.php(85): Mika56\SPFCheck\SPFCheck->ipMatchesPart('217.109.56.203', 'a', 'news2.cdiscount...')

2 /apache_sites/jbm/spf/vendor/mika56/spfcheck/src/SPFCheck.php(61): Mika56\SPFCheck\SPFCheck->doCheck('217.109.56.203', 'news2.cdiscount...')

3 /apache_sites/jbm/spf/test.php(9): Mika56\SPFCheck\SPFCheck->isIPAllowed('217.109.56.203', 'news2.cdiscount...')

4 {main}

thrown in /apache_sites/jbm/spf/vendor/mika56/spfcheck/src/DNSRecordGetter.php on line 45

Mika56 commented 8 years ago

Hi,

I can't test your lookup right now, but can you tell me what this outputs on your env?

<?php
var_dump(dns_get_record('news2.cdiscount.com', DNS_A | DNS_AAAA));
var_dump(dns_get_record('google.fr', DNS_A | DNS_AAAA));

From what I see, it would seem that you have a resolution problem on your web server

Pascal76 commented 8 years ago

<?php

require 'vendor/autoload.php';

use Mika56\SPFCheck\SPFCheck; use Mika56\SPFCheck\DNSRecordGetter;

$checker = new SPFCheck(new DNSRecordGetter());

var_dump(dns_get_record('news2.cdiscount.com', DNS_A | DNS_AAAA)); var_dump(dns_get_record('google.fr', DNS_A | DNS_AAAA));

?>

php test3.php array(0) { } array(2) { [0]=> array(5) { ["host"]=> string(9) "google.fr" ["class"]=> string(2) "IN" ["ttl"]=> int(290) ["type"]=> string(1) "A" ["ip"]=> string(14) "172.217.18.227" } [1]=> array(5) { ["host"]=> string(9) "google.fr" ["class"]=> string(2) "IN" ["ttl"]=> int(291) ["type"]=> string(4) "AAAA" ["ipv6"]=> string(24) "2a00:1450:4007:80c::2003" } }

Pascal76 commented 8 years ago

I think news2.cdiscount.com don't have A record even thougth declared on spf TXT record and that your app crashes when there is no A (or others ?) record as its expects to

Mika56 commented 8 years ago

Okay, I know what's wrong. The domain news2.cdiscount.com has no associated A record. The SPF record of news2.cdiscount.com is v=spf1 a mx ip4:83.206.208.128/25 ip4:81.252.92.0/23 ip4:86.64.210.0/23 ip4:195.62.74.0/23 ip4:213.56.211.64/26 ip4:81.252.251.70/32 ip4:157.55.234.253 ip4:217.109.56.0/24 ip4:62.122.9.0/24 include:spf.protection.outlook.com ~all. First mechanism is a, which means the script has to check IP against A records (which there are none).

I think this shouldn't be a problem, it should just not match (at least that mechanism). I'll try to find what the correct behaviour should be. I hope to push a fix tomorrow.

Pascal76 commented 8 years ago

thank you :)

Pascal76 commented 8 years ago

by the way if I do multiple $result = $checker->isIPAllowed($row['ip'], $row['return_path_domain']); for the same returnpath domain, it is slow. Do you resolve every time without cache ? (my dns cache seems to no be used too...)

Mika56 commented 8 years ago

This should be fixed in master right now. I've opened #8 for the cache issue