andris9
commented
2 years ago Thanks, there seemed to be a bug in IPv6 CIDR range validation. This is now fixed in the latest version of mailauth:
$ mailauth spf -v -f ceo@gmail.com -i "2607:f8b0:4864:20::b2b" -e "mail-yb1-xb2b.google.com" -m "mta.mydomain.com"
Checking SPF for ceo@gmail.com
Maximum DNS lookups: 50
--------
DNS query for TXT gmail.com: [["v=spf1 redirect=_spf.google.com"],["globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="]]
DNS query for TXT _spf.google.com: [["v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"]]
DNS query for TXT _netblocks.google.com: [["v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"]]
DNS query for TXT _netblocks2.google.com: [["v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"]]
{
"domain": "gmail.com",
"client-ip": "2607:f8b0:4864:20::b2b",
"helo": "mail-yb1-xb2b.google.com",
"envelope-from": "ceo@gmail.com",
"rr": "v=spf1 redirect=_spf.google.com",
"status": {
"result": "pass",
"comment": "mta.mydomain.com: domain of ceo@gmail.com designates 2607:f8b0:4864:20::b2b as permitted sender",
"smtp": {
"mailfrom": "ceo@gmail.com",
"helo": "mail-yb1-xb2b.google.com"
}
},
"header": "Received-SPF: pass (mta.mydomain.com: domain of ceo@gmail.com designates 2607:f8b0:4864:20::b2b as permitted sender) client-ip=2607:f8b0:4864:20::b2b;",
"info": "spf=pass (mta.mydomain.com: domain of ceo@gmail.com designates 2607:f8b0:4864:20::b2b as permitted sender) smtp.mailfrom=ceo@gmail.com smtp.helo=mail-yb1-xb2b.google.com",
"lookups": {
"limit": 50,
"count": 4
}
}
iamDonkey
this giving result as
softfail? i think it should bepassi also tried wrapping ip inside [ ] it givesneutral