Like I said I had one case where I had the same message send from 20 different
outlook.com servers that's just stupid
Regards
Markus
-------- Ursprüngliche Nachricht --------
Von: Edgar Pettijohn <ed...@pettijohn-web.com>
Datum: 21.04.17 15:20 (GMT+01:00)
An: misc@openbsd.org
Betreff: Re: spamd and outlook.com
On 04/21/17 07:12, Reyk Floeter wrote:
> On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:
>> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <r...@openbsd.org>:
>>> On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
>>>> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>>> I use the attached script to fetch the SPF entries recursively, in a
>>> plain text format that can be fed into pfctl.
>> Have you tried mx3a.certifiedfactory.info ? ;)
>>
> great
>
> I think you got something wrong:
>
> I don't use this simple script automatically or for "untrusted
> domains", I just use it _manually_ and for _well-known_ offenders like
> outlook.com that break greylisting. SPF is not a security solution,
> but it is a band-aid that helps to handle these stupid cloud-based MTAs.
>
> The script below fixes it - or akpoff's slightly more complicated (and
> probably more correct) version.
>
> Reyk
>
> ---snip---
> #!/usr/bin/perl
>
> # Copyright (c) 2016, 2017 Reyk Floeter <r...@openbsd.org>
> #
> # Permission to use, copy, modify, and distribute this software for any
> # purpose with or without fee is hereby granted, provided that the above
> # copyright notice and this permission notice appear in all copies.
> #
> # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>
> $domain = shift @ARGV or die "usage: $0 domain";
> %seen = {};
>
> sub parsespf
> {
> my $domain = shift;
> my @foo = `nslookup -q=TXT $domain`;
> my @results = ();
>
> foreach (@foo) {
> next if not /$domain\ttext/;
> next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;
>
> @results = split /\s+/;
> foreach (@results) {
> next if /.all/;
> if (s/^ip[46]://) {
> print "$_\n";
> } elsif (s/^(redirect|include)[:=]//) {
> print "\n#$_\n";
> if (!$seen{$_}) {
> $seen{$_} = true;
> parsespf($_);
> }
> }
> }
> }
> }
>
> parsespf($domain);
>
> 0;
I'm glad I'm not the only one with this problem. I started off just
adding individual ip's to my nospamd as needed, but they deliver mail so
stupidly. One message may get sent from in my experience 4 different
ip's so they get trapped each time and I'm guessing they eventually give
up. Luckily https://home.nuug.no/~peter/nospamd came across my screen
one day. It seems to have cured my problem. Thanks Peter!
