[milters] Archive

Lists Index Date Thread Search

Article: 763
From: Anthony Howe
Date: 2005-12-13 08:08:26 -0500
Subject: Re: milter-spiff

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Derek J. Balling wrote:
> On Dec 12, 2005, at 10:05 AM, sladewig wrote:
>> Just started using milter-spiff and encountered this:
>>
>> Dec 12 08:49:26 mta milter-spiff[15156]: [ID 505443 mail.info] 02239
>> jBCEnOp0012594: reply 550 5.7.1 sender  
>> <tamika_wilkerson@gbophb.org> via
>> 198.151.235.191 SPF result Fail;
>>
>> The txt record returned for this zone gives:
>>
>> "v=spf1 ip4:198.151.235.0/22 ip4:68.75.243.0/24
>> include:i1._spf.novacon.net -all"
>>
>> This address is within their published records. Looks like it is not
>> correctly parsing the /22 ?
> 
> I can't speak for Anthony, but it *may* be that the CIDR code in  
> milter-spiff is confused by their bass-ackwards CIDR declaration.
> 
> ObDisclaimer: Yes. 198.151.235.0/22 is perfectly valid.
> 
> NORMALLY, you declare networks in CIDR notation using the first IP  
> address of the range. If that were the case, it would be declared as  
> 198.151.232.0/22.
> 
> Again, their declaration is perfectly valid, just as I could  
> legitimately describe RFC1918 space as "10.123.45.67/8" and it would  
> still be a perfectly "accurate" representation of the entire network.  
> It's just brain-dead. :-P

Ugh. And its a bug in the spf.c code. The mask is applied ONLY to the IP 
addrss being tested and not the network address specified. Easy enough 
to fix, but damn annoying. I should have a libsnert update shortly.

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus

Sendmail Anti-Spam Solutions           http://www.snertsoft.com/
                                             We Serve Your Server

Lists Index Date Thread Search