> On 30 Oct 2023, at 20:01, Michael W. Lucas via mailop <mailop@mailop.org> > wrote: > > Hi, > > Trying to not reinvent the wheel here. > > I want to create an allow list of the big providers that retry from > multiple IP addresses. (Spam from them won't be caught by > protocol-level checks like postscreen, it needs rspamd or somesuch). > > It seems that someone surely would have created a "grab the SPF > records and create a list" script, recursing the included > records. Search engines are not useful to find it, though. > > Any pointers?
I wrote a piece some years back about just that. Assuming you are running on OpenBSD or other system that has a recent-ish OpenSMTPD, you could use OpenSMTPD's "smtpctl spf walk", much like the script described in https://nxdomain.no/~peter/goodness_enumerated_by_robots.html (or if you tolerate big G's trackers in exchange for incrementally nicer formatting, https://bsdly.blogspot.com/2018/11/goodness-enumerated-by-robots-or.html). Anyway, that script and the data it generates when I run it at quasi-random intervals is what I use for the scenario you describe. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop