Re: spamd and outlook.com

[Reyk Floeter]

On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:
> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <r...@openbsd.org>:
> > On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
> > > On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
> > > >
> > 
> > I use the attached script to fetch the SPF entries recursively, in a
> > plain text format that can be fed into pfctl.
> 
> Have you tried mx3a.certifiedfactory.info ?  ;)
> 

great

I think you got something wrong:

I don't use this simple script automatically or for "untrusted
domains", I just use it _manually_ and for _well-known_ offenders like
outlook.com that break greylisting.  SPF is not a security solution,
but it is a band-aid that helps to handle these stupid cloud-based MTAs.

The script below fixes it - or akpoff's slightly more complicated (and
probably more correct) version.

Reyk

---snip---
#!/usr/bin/perl

# Copyright (c) 2016, 2017 Reyk Floeter <r...@openbsd.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

$domain = shift @ARGV or die "usage: $0 domain";
%seen = {};

sub parsespf
{
        my $domain = shift;
        my @foo = `nslookup -q=TXT $domain`;
        my @results = ();

        foreach (@foo) {
                next if not /$domain\ttext/;
                next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;

                @results = split /\s+/;
                foreach (@results) {
                        next if /.all/;
                        if (s/^ip[46]://) {
                                print "$_\n";
                        } elsif (s/^(redirect|include)[:=]//) {
                                print "\n#$_\n";
                                if (!$seen{$_}) {
                                        $seen{$_} = true;
                                        parsespf($_);
                                }
                        }
                } 
        } 
}

parsespf($domain);

0;