no-domain vs. no record, and fallback

[sp...@caseyconnor.org]

Hello - is there a more appropriate place to ask usage question relating 
to jSPF?

First question: when running an SPF check with jSPF using the DefaultSPF 
checker method checkSPF(ip, address, helo) and receiving an SPFResult 
object, it doesn't look like there is a way to distinguish between a 
"NONE" result because the domain doesn't exist, and "NONE" because the 
domain has no SPF/TXT record. I'm sure that's correct/good for SPF 
checking in general, but any chance of that feature being added some 
day? I tried to figure out how to subclass SPF.java to do it, but gave 
up eventually... maybe there is a way to just subclass and expose a 
little more data? Any tips are welcome.

Second question, which I asked before (sorry to repeat myself):

--------------------------

I was trying to understand how to enable the falling back to parent 
domains when SPF-NONE is returned for a third-or-higher-level domain. Am 
i correct that something like:

my_defaultSPF.getFallbackPolicy();

...is enough to "activate" fallback? (it seems to initialize the 
otherwise null-by-default fallback policy object, which i see no other 
obvious way to initialize through an API).

-----------------------------

Thanks for your time!
-c


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

Re: no-domain vs. no record, and fallback

[Stefano Bagnara <ap...@bago.org>]

2010/3/15  <sp...@caseyconnor.org>:
> First question: when running an SPF check with jSPF using the DefaultSPF
> checker method checkSPF(ip, address, helo) and receiving an SPFResult
> object, it doesn't look like there is a way to distinguish between a "NONE"
> result because the domain doesn't exist, and "NONE" because the domain has
> no SPF/TXT record. I'm sure that's correct/good for SPF checking in general,
> but any chance of that feature being added some day? I tried to figure out
> how to subclass SPF.java to do it, but gave up eventually... maybe there is
> a way to just subclass and expose a little more data? Any tips are welcome.

As the SPF spec does not require different behaviour for the 2 cases
we didn't bothered to differentiate them.
Architecturally speaking that information is only available in the
DNSService service (for which we have 3 implementations) and the
service interface does not expose this difference.

>From a fast review of the code it won't be easy to alter it to return that info.
You better run your lookup to check if the domain exists or not if you
really need that info.

Otherwise you could alter the contract for DNSService to return null
on missing domain and empty list on missing records, but then you will
also have to alter all of the callers to support this and find a way
to differentiate the result (hard).

Another option is to write your own DNSService implementation: see
LoggingDNSService for an example. Writing your own implementation will
also let you lookup the parent domain when the main domain doesn't
exists (I discourage you from doing this, but if you know your way I
won't stop you....)

Stefano

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org