From: Julius Schmidt <aiju@phicode.de>
To: 9front@9front.org
Subject: Re: [9front] nupas spf checker: outdated ip bans
Date: Sat, 11 Feb 2017 20:42:34 +0100 (CET) [thread overview]
Message-ID: <alpine.LNX.2.00.1702112034500.4258@phi> (raw)
In-Reply-To: <alpine.LNX.2.00.1702112021000.4258@phi>
on second thought, the whole cidrokay() check should go away, i.e. i
propose we replace cidrokay() with "return 1;"
from what i can tell it does the following
- disallow any email from the ranges
0.0.0.0/8 1.0.0.0/8 2.0.0.0/8 5.0.0.0/8
10.0.0.0/8 127.0.0.0/8 255.0.0.0/8 192.168.0.0/16 169.254.0.0/16
172.16.0.0/20 224.0.0.0/24
fc00::/7
[1 2 and 5 are no longer reserved and should definitely be removed from
the list. arguments can also be made that link-local addresses shouldn't
be banned either, leaving just 0.0.0.0/8]
- disallow any ip range specified as "a.b.c.d/x" (or ipv6 equivalent)
where x is less than 14 or more than 128
- the length check is bypassed for e-mail from 17.0.0.0/8 (apple) [god
knows why]
this is all massively pointless because modern-day spammers are savvy
enough to send e-mail that passes spf verification.
the only remaining point of spf is to protect against e-mails with a
forged sender, which only makes sense if the sender is smart enough to put
in a spf record that makes sense.
so if the admin wants to put in that e-mail is allowed from 0.0.0.0/0,
fucking let him.
aiju
On Sat, 11 Feb 2017, Julius Schmidt wrote:
> nupas spf checker has a ban on certain ip ranges that seem out of date.
> in particular 5.0.0.0/8 is incorrectly banned, presumably others are invalid,
> too.
>
next prev parent reply other threads:[~2017-02-11 19:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-11 19:21 Julius Schmidt
2017-02-11 19:42 ` Julius Schmidt [this message]
2017-02-11 21:23 ` [9front] " Kurt H Maier
2017-02-11 22:34 ` Steve Simon
2017-02-12 19:44 ` sl
2017-02-12 20:27 ` Kurt H Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.00.1702112034500.4258@phi \
--to=aiju@phicode.de \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).