On Mon, 2020-09-14 at 08:12 +0100, Stuart Henderson wrote:
> On 2020/09/13 22:48, Giovanni Bechis wrote:
> > "smtpctl spf walk" doesn't work as it should because it breaks when it finds
> > macros as defined in RFC 7208.
> >
> > $ echo ryanair.com | smtpctl spf walk
> > gives no output while dig reply is:
> > $ dig txt ryanair.com | grep spf
> > ryanair.com. 17 IN TXT "v=spf1
> > include:ryanair.com._nspf.vali.email
> > include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"
>
> "spf walk" should return a warning or an error in these cases.
Was already working on that. How about the diff below?
$ echo ryanair.com | ./smtpctl/obj/smtpctl spf walk
smtpctl: lookup_record: %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email contains
macros and can't be resolved
>
> > Is it worth mentioning in smtpctl in CAVEATS section or somewhere else ?
>
> Maybe in caveats, but if it's there it should be referenced in the
> description of "spf walk" too, to make it easier to find.
>
> Text something like this?
>
> "SPF records may contain macros which cannot be included in a static list
> and must be resolved dynamically at connection time.
> spf walk cannot provide full results in these cases."
Text reads fine to me. Added to diff below.
While here I also changed the # to $ so not to give people the
impression it should be run as root.
OK?
martijn@
Index: spfwalk.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/spfwalk.c,v
retrieving revision 1.17
diff -u -p -r1.17 spfwalk.c
--- spfwalk.c 15 Mar 2020 16:34:57 -0000 1.17
+++ spfwalk.c 14 Sep 2020 07:31:03 -0000
@@ -118,6 +118,11 @@ lookup_record(int type, const char *reco
struct asr_query *as;
struct target *ntgt;
+ if (strchr(record, '%') != NULL) {
+ warnx("%s: %s contains macros and can't be resolved", __func__,
+ record);
+ return;
+ }
as = res_query_async(record, C_IN, type, NULL);
if (as == NULL)
err(1, "res_query_async");
Index: smtpctl.8
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpctl.8,v
retrieving revision 1.64
diff -u -p -r1.64 smtpctl.8
--- smtpctl.8 18 Sep 2018 06:21:45 -0000 1.64
+++ smtpctl.8 14 Sep 2020 07:31:03 -0000
@@ -247,8 +247,12 @@ Shows if MTA, MDA and SMTP systems are c
Recursively look up SPF records for the domains read from stdin.
For example:
.Bd -literal -offset indent
-# smtpctl spf walk < domains.txt
+$ smtpctl spf walk < domains.txt
.Ed
+.Pp
+SPF records may contain macros which cannot be included in a static list and
+must be resolved dynamically at connection time.
+spf walk cannot provide full results in these cases.
.It Cm trace Ar subsystem
Enables real-time tracing of
.Ar subsystem .
