You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Norman Maurer (JIRA)" <se...@james.apache.org> on 2006/10/10 15:09:20 UTC
[jira] Created: (JSPF-37) Add new SPFRetriever extension which
support to check if SPF and TXT record are equals
Add new SPFRetriever extension which support to check if SPF and TXT record are equals
--------------------------------------------------------------------------------------
Key: JSPF-37
URL: http://issues.apache.org/jira/browse/JSPF-37
Project: jSPF
Issue Type: New Feature
Reporter: Norman Maurer
Assigned To: Norman Maurer
Priority: Minor
Fix For: 0.9b4
We should add a SPFRetriever subclass to check if TXT and SPF record is the same if a domain publish both.
>From RFC:
An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at least one type. If a domain has records of both types, they MUST have identical content. For example, instead of publishing just one record as in Section 3.1 (Publishing) above, it is better to publish:
>From IRC:
[13:43] <norman> what we should return if a domain publish an SPF and one TXT record which are not equal ? PERMERROR ?
[13:56] <grumpy> hi
[13:57] <norman> hi
[13:57] <grumpy> Uh, RFC4408 says you can use either one, your choice
[13:57] <norman> nope..
[13:57] <norman> it says if both are published the MUST be equals
[13:57] <grumpy> there used to be a rule that says you had to return permerror, but we realized that DNS syncronization errors can make that impossible to enforce
[13:58] <grumpy> yes, the publisher is supposed to make them equal
[13:58] <grumpy> the receiver, on the other hand, can freely choose either one
[13:58] <norman> so what todo to be RFC conform ? So the RFC is worng ?
[13:59] <grumpy> the publisher is violating the RFC, but the receiver can not enforce that MUST
[13:59] <norman> so i don't need to check both ?
[13:59] <grumpy> the receiver can choose one or the other or neither
[13:59] <grumpy> no
[14:00] <grumpy> the problem is that you can't ensure that the DNS records for type99/SPF and TXT will always be in sync
[14:00] <grumpy> one might be cached longer than the other
[14:00] <grumpy> because one might have been fetched without the other being fetched, or whatever
[14:00] <norman> right-.. so the work can be dropped Shit had should ask before i start to refactor
[14:01] <grumpy> did you actually find a case where someone published an SPF/type99 record?
[14:01] <norman> nope... but we develope jspf and want to be fully RFC compliant before do a 1.0 release.. so i thought we need it
[14:02] <grumpy> you don't need to check type99/SPF records if you don't want to
[14:02] <grumpy> for right now, it is almost certainly a waste of time
[14:02] <grumpy> that may change in the future
[14:02] <norman> maybe we make configurable
[14:02] <norman> now i know why you guys have no tests for that in the testsuite
[14:03] <grumpy> there are some cases, microsoft environments in particular, where it is impossible to check for type99/SPF records, so, yeah, it should be configurable
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Resolved: (JSPF-37) Add new SPFRetriever extension which
support to check if SPF and TXT record are equals
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JSPF-37?page=all ]
Norman Maurer resolved JSPF-37.
-------------------------------
Resolution: Fixed
> Add new SPFRetriever extension which support to check if SPF and TXT record are equals
> --------------------------------------------------------------------------------------
>
> Key: JSPF-37
> URL: http://issues.apache.org/jira/browse/JSPF-37
> Project: jSPF
> Issue Type: New Feature
> Reporter: Norman Maurer
> Assigned To: Norman Maurer
> Priority: Minor
> Fix For: 0.9b4
>
>
> We should add a SPFRetriever subclass to check if TXT and SPF record is the same if a domain publish both.
> From RFC:
> An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at least one type. If a domain has records of both types, they MUST have identical content. For example, instead of publishing just one record as in Section 3.1 (Publishing) above, it is better to publish:
> From IRC:
> [13:43] <norman> what we should return if a domain publish an SPF and one TXT record which are not equal ? PERMERROR ?
> [13:56] <grumpy> hi
> [13:57] <norman> hi
> [13:57] <grumpy> Uh, RFC4408 says you can use either one, your choice
> [13:57] <norman> nope..
> [13:57] <norman> it says if both are published the MUST be equals
> [13:57] <grumpy> there used to be a rule that says you had to return permerror, but we realized that DNS syncronization errors can make that impossible to enforce
> [13:58] <grumpy> yes, the publisher is supposed to make them equal
> [13:58] <grumpy> the receiver, on the other hand, can freely choose either one
> [13:58] <norman> so what todo to be RFC conform ? So the RFC is worng ?
> [13:59] <grumpy> the publisher is violating the RFC, but the receiver can not enforce that MUST
> [13:59] <norman> so i don't need to check both ?
> [13:59] <grumpy> the receiver can choose one or the other or neither
> [13:59] <grumpy> no
> [14:00] <grumpy> the problem is that you can't ensure that the DNS records for type99/SPF and TXT will always be in sync
> [14:00] <grumpy> one might be cached longer than the other
> [14:00] <grumpy> because one might have been fetched without the other being fetched, or whatever
> [14:00] <norman> right-.. so the work can be dropped Shit had should ask before i start to refactor
> [14:01] <grumpy> did you actually find a case where someone published an SPF/type99 record?
> [14:01] <norman> nope... but we develope jspf and want to be fully RFC compliant before do a 1.0 release.. so i thought we need it
> [14:02] <grumpy> you don't need to check type99/SPF records if you don't want to
> [14:02] <grumpy> for right now, it is almost certainly a waste of time
> [14:02] <grumpy> that may change in the future
> [14:02] <norman> maybe we make configurable
> [14:02] <norman> now i know why you guys have no tests for that in the testsuite
> [14:03] <grumpy> there are some cases, microsoft environments in particular, where it is impossible to check for type99/SPF records, so, yeah, it should be configurable
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org