Re: [9front] nupas spf checker: outdated ip bans

[Julius Schmidt <aiju@phicode.de>]

on second thought, the whole cidrokay() check should go away, i.e. i 
propose we replace cidrokay() with "return 1;"

from what i can tell it does the following

- disallow any email from the ranges

0.0.0.0/8 1.0.0.0/8 2.0.0.0/8 5.0.0.0/8
10.0.0.0/8 127.0.0.0/8 255.0.0.0/8 192.168.0.0/16 169.254.0.0/16 
172.16.0.0/20 224.0.0.0/24 
fc00::/7

[1 2 and 5 are no longer reserved and should definitely be removed from 
the list. arguments can also be made that link-local addresses shouldn't 
be banned either, leaving just 0.0.0.0/8]

- disallow any ip range specified as "a.b.c.d/x" (or ipv6 equivalent) 
where x is less than 14 or more than 128
- the length check is bypassed for e-mail from 17.0.0.0/8 (apple) [god 
knows why]

this is all massively pointless because modern-day spammers are savvy 
enough to send e-mail that passes spf verification.
the only remaining point of spf is to protect against e-mails with a 
forged sender, which only makes sense if the sender is smart enough to put 
in a spf record that makes sense.
so if the admin wants to put in that e-mail is allowed from 0.0.0.0/0, 
fucking let him.

aiju


On Sat, 11 Feb 2017, Julius Schmidt wrote:

> nupas spf checker has a ban on certain ip ranges that seem out of date.
> in particular 5.0.0.0/8 is incorrectly banned, presumably others are invalid, 
> too.
>