Open bAndie91 opened 4 years ago
This is what I see:
>spfquery -ip 66.220.12.154 -sender verp-xxxxx@discoursemail.com
pass
spfquery: domain of discoursemail.com designates 66.220.12.154 as permitted sender
Received-SPF: pass (spfquery: domain of discoursemail.com designates 66.220.12.154 as permitted sender) client-ip=66.220.12.154; envelope-from=verp-xxxxx@discoursemail.com;
yes it works now for this particular domain because they fixed their spf record.
note the 2602:fd3f:00
part without ip6:
prefix: this is the buggy part which makes the evaluation fail.
hi, I get this output when validating a mail_from address on a domain which has an invalid spf record. it returns undocumented
0
code, however it should return7
-permanent error
. ordinary output lines: result code is(invalid)
, empty line for explanation, empty line for Received-SPF header.spf record:
"v=spf1 " "ip4:184.104.202.128/27 ip4:184.104.202.96/27 ip4:216.218.159.0/27 ip4:216.218.240.64/26 ip4:64.71.168.192/26 ip4:65.19.128.64/26 ip4:66.220.12.128/27 ip4:72.52.80.0/26 ip4:64.62.250.96/27 " "ip6:2001:470:1:235::/64 ip6:2001:470:1:258::/64 ip6:2001:470:1:3a8::/64 ip6:2001:470:1:59e::/64 ip6:2001:470:1:669::/64 ip6:2001:470:1:791::/64 ip6:2001:470:1:9a5::/64 ip6:2001:470:1:9f1::/64 2602:fd3f:0000:ff06::/64 include:mailgun.org " "mx ptr ~all"
results:
spfquery -ip 66.220.12.154 -sender verp-xxxxx@discoursemail.com
I looked into, but could not find an easy way to fix it, since error is detected in
SPF_record_compile()
, then the whole record parsing is given up, returning early to the callerSPF_request_query_mailfrom()
. so no chance to ignore buggy parts of the record and process anyway. I suggest to have an-ignore-invalid
option to ignore unknown words. in my and most cases, it would not hurt because there is either a pass rule or~all
/-all
takes effect.