On Wed, 2021-05-12 at 13:33 +0200, Harald Dunkel wrote: > On 5/12/21 8:56 AM, nathanael wrote: > > > > this is what i get on my machine: > > > > ~ echo spf.protection.outlook.com | smtpctl spf walk > > 40.92.0.0/15 > > 40.107.0.0/16 > > 52.100.0.0/14 > > 104.47.0.0/17 > > 2a01:111:f400::/48 > > 2a01:111:f403::/48 > > 51.4.72.0/24 > > 51.5.72.0/24 > > 51.5.80.0/27 > > 20.47.149.138/32 > > 51.4.80.0/27 > > 2a01:4180:4051:0800::/64 > > 2a01:4180:4050:0800::/64 > > 2a01:4180:4051:0400::/64 > > 2a01:4180:4050:0400::/64 > > > > no idea why you don't see the ipv6 addresses > > > > On OpenBSD 6.8 and 6.9 I get the expected result, too. The problem > shows up on Debian 10 and Unstable (opensmtpd 6.8.0p2). > > Using strace I verified that smtpctl and dig connect to the same DNS > server. Yet dig reports the IPv6 addresses, smtptl spf walk doesn't. > Its unlikely that the DNS server drops the IPv6 addresses from a TXT > record, anyway. > > Maybe its a problem of the BSD compatibility layer, included in > the portable version? > > > Regards > Harri > Apparently it's a problem in glibc's inet_net_pton. It does not support AF_INET6. to.c has the same problem and works around this problem by handcrafting broken_inet_net_pton_ipv6().
Someone from -portable should probably copy this function over to spfwalk.c. martijn@
