On Thu, Nov 26, 2015 at 3:41 AM, Robert Chalmers <rob...@chalmers.com.au> wrote:
> Hi Steve, > I’m seeing this in the mail.log > > warning: cidr map /usr/local/etc/postfix/msft_whitelist.cidr, line 36: > non-null host address bits in "207.68.169.173/30", perhaps you should use > "207.68.169.172/30" instead: skipping this rule > Nov 26 11:39:25 zeus postfix/postscreen[29402]: warning: cidr map > /usr/local/etc/postfix/msft_whitelist.cidr, line 40: non-null host address > bits in "65.55.238.129/26", perhaps you should use "65.55.238.128/26" > instead: skipping this rule > Nov 26 11:39:25 zeus postfix/postscreen[29402]: warning: cidr map > /usr/local/etc/postfix/msft_whitelist.cidr, line 41: non-null host address > bits in "65.55.238.129/26", perhaps you should use "65.55.238.128/26" > instead: skipping this rule > > > What do you think? > G'day, Robert. I think you probably didn't read the entire blog post, particularly the section titled "Microsoft Is Publishing Invalid IP Ranges in their SPF Record" where I show those exact same warnings in my own maillog. :) Both offending IPs (which are indeed invalid) appear when you do a dig txt of _spf-ssg-b.microsoft.com. It makes me want to cry a little. I keep going back and forth regarding whether to strip the offending ranges from the script, though the script technically is functioning properly -- it's taking the IPs reported by a mailer and including them in the whitelist. But that would be better is some way to automate verifying they're valid, rather than start coding in special cases. I'll look into that today. SJ
