search

stevejenkins / postwhite

Script for generating a whitelist for Postfix's Postscreen based on large senders' SPF records
https://www.stevejenkins.com/blog/2015/11/postscreen-whitelisting-smtp-outbound-ip-addresses-large-webmail-providers/
MIT License
90 stars 26 forks source link

Impossible to clear list sparkpostmail #61

Open jmcclelland opened 4 months ago

jmcclelland commented 4 months ago

The sparkpostmail.com SPF record is:

"v=spf1 exists:%{i}._spf.sparkpostmail.com ~all"

Which makes it impossible to iterate over all the possible IP addresses it could use. I'm not sure if other major hosts use the "exists" prefix.

Is there any work around to this problem?

jmcclelland commented 4 months ago

See: https://support.sparkpost.com/docs/deliverability/spf-and-ip4-mechanisms

jmcclelland commented 4 months ago

Well they seem to have a massive ipv4 allocation - so I have just clear listed that entire block (via postfix directly, not postwhite) - so a work around for anyone else interested. Because of their use of "exists" in the SPF record I'm not sure it would be possible to manage their records with postwhite.

getgray commented 4 months ago

I've run into that macro as well a couple of times, not knowing what to do with or about it. How did you get to that IP you looked up with whois? I don't see it in the dig results for sparkpostmail.com.

I wonder how many domains I have in my custom list that include macros? I have about 60 custom hosts. I don't see an easy way to tell. This does seem like a problem. I'm running into more and more senders using pools of outbound servers so they don't retry from the same server, and in my config, don't get through. I might need to relax that postcreeen setting.

jmcclelland commented 4 months ago

I found the block by picking one IP that I saw in my logs and running whois against it. Whois reports the entire /20 block as belonging to SparkPost

AdamMutimer commented 4 months ago

scrape_sparkpost.sh.txt

This will find a make a list of IPs that are valid for their mailers

You can set the starting IP to 0.0.0.0 if you wish, it will try mta-<0-254>-<0-254>-<0-254>.sparkpostmail.com with dig to find an associated IP, if it has a valid response it will log it to: "sparkpost_static_hosts.txt"

note: the whole /20 is NOT used for mail servers :)

AdamMutimer commented 4 months ago

Rev2 code: start and stop IP, but honestly I would just do all 3 sets of octets in case they use other IP blocks not assigned to them but anyways scrape_sparkpost.sh.txt

Enjoy 👍

jmcclelland commented 1 month ago

Thanks for posting the scripts. FYI, sparkpost also seems to own: 156.70.46.0/23

jmcclelland commented 1 month ago

Well, just for completeness sake, they seem to have 18 networks assigned to them:

https://search.arin.net/rdap/?query=MS-820&searchFilter=entity