SPF check for our simple SMTP receiver

 Why?

> bored.


The issue:

> Alice connects to my server because she wants to send an email to bob@myserver.com  
> She sets the FROM header to alice@gmail.com  
> Says it's from Gmail  
> I have no way to know if it actually came from Gmail  
> Need a way to verify it
 

SPF: 

> I ask Gmail for a list of IP addresses they send email from  
> To get that info, I need to query the TXT record for the gmail.com domain  
> I find "v=spf1 redirect=_spf.google.com"  
> Another TXT record query for _spf.google.com  
> I find "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"  
> Here we go again  
> Query all three netblocks  
> Finally get:  
> "v=spf1 ip4:35.190.247.0/25 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"  
> Once I get the IP ranges, I can finally compare the sender’s IP  

> this is how the SPF works  
> now i used pydig to recursively gather the ip ranges  
> compared it with the client ip  
> implemented spf validation  
> find it here  
> https://github.com/naveen17797/simple-smtp-receiver/releases/tag/implement-spf  

> No more forged emails

> Bye


 

Share:

0 comments:

Post a Comment