hdatma
commented
2 years ago This is what I see:
>spfquery -ip 66.220.12.154 -sender verp-xxxxx@discoursemail.com
pass
spfquery: domain of discoursemail.com designates 66.220.12.154 as permitted sender
Received-SPF: pass (spfquery: domain of discoursemail.com designates 66.220.12.154 as permitted sender) client-ip=66.220.12.154; envelope-from=verp-xxxxx@discoursemail.com;
bAndie91
hi, I get this output when validating a mail_from address on a domain which has an invalid spf record. it returns undocumented
0code, however it should return7-permanent error. ordinary output lines: result code is(invalid), empty line for explanation, empty line for Received-SPF header.spf record:
"v=spf1 " "ip4:184.104.202.128/27 ip4:184.104.202.96/27 ip4:216.218.159.0/27 ip4:216.218.240.64/26 ip4:64.71.168.192/26 ip4:65.19.128.64/26 ip4:66.220.12.128/27 ip4:72.52.80.0/26 ip4:64.62.250.96/27 " "ip6:2001:470:1:235::/64 ip6:2001:470:1:258::/64 ip6:2001:470:1:3a8::/64 ip6:2001:470:1:59e::/64 ip6:2001:470:1:669::/64 ip6:2001:470:1:791::/64 ip6:2001:470:1:9a5::/64 ip6:2001:470:1:9f1::/64 2602:fd3f:0000:ff06::/64 include:mailgun.org " "mx ptr ~all"results:
spfquery -ip 66.220.12.154 -sender verp-xxxxx@discoursemail.comI looked into, but could not find an easy way to fix it, since error is detected in
SPF_record_compile(), then the whole record parsing is given up, returning early to the callerSPF_request_query_mailfrom(). so no chance to ignore buggy parts of the record and process anyway. I suggest to have an-ignore-invalidoption to ignore unknown words. in my and most cases, it would not hurt because there is either a pass rule or~all/-alltakes effect.