IETF Logo Mail Archive

Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interoperability issues

Marc Blanchet <marc.blanchet@viagenie.ca> Sun, 06 February 2022 18:35 UTC

Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29FEF3A0BB0 for <behave@ietfa.amsl.com>; Sun, 6 Feb 2022 10:35:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=viagenie-ca.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32Kr7GcWfSlm for <behave@ietfa.amsl.com>; Sun, 6 Feb 2022 10:35:44 -0800 (PST)
Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C95183A0BAA for <behave@ietf.org>; Sun, 6 Feb 2022 10:35:43 -0800 (PST)
Received: by mail-qv1-xf2f.google.com with SMTP id k4so9819471qvt.6 for <behave@ietf.org>; Sun, 06 Feb 2022 10:35:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viagenie-ca.20210112.gappssmtp.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wXZAyy7gacbcp0VXG+xiZkRmp+rnc78vHrh7AI/Jwus=; b=d6XlVM6nz2soqKM3sjmSr/MuUuPuEwONJYB10SV0NB73k0njShU0C2ENBpCazypwgK c4ULjwyxXu3mfHxJrL2rgHohQSpfvFmXuSk/wsDR3lt1hv3YDZb1eO8ZdexiUhshV+fa HNfdLFnOrIL1IZPQeulORL4b+jkSa/N2DQDO9Uj7X2sdXOKnRSuIVcaCebz5catchPz5 Ck3fcCmj0TK1N8pepRncJ7ZJmFLsHfK1Z0NTIdMUFWJ2HIpJc7r0vxjocF1i7BAliMiH 0cOujxZRPD1i7fenUc76Fd70OQYFo5DufLaJW4fSe/pldJtYWwoWLSZJEnPsE9njoIkP Z/8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wXZAyy7gacbcp0VXG+xiZkRmp+rnc78vHrh7AI/Jwus=; b=shZ0a9EYv4mx4acV41JxtQsVRfKUbOBkwiazp9nS94Tzez2YoS4GnrRtzZaOuBE9oc +Pcqrhyv5wQc7YUpb4xEqK2DleIu6jgU4Vkir/srMpjx1nxADVPvKL/tlWfnLRCCLjCo b/X+9kaZVQYL8jDqIqhOop5NfxNQ0b0LJRr2w9DMEluDy6IXbKrHV8h9EN+gyU/VYYUe FPWqRoHqkQ1nRH7fRY8y1d79JJEtTH/HxRWqF4Vez0Y4yMKqDVsDv7Dt3boZaaNVRhRl AufSHuMjUwGz7kqMSjPSZwio+GExWm0Q2+dkekzLH1/Wgn0cWL0cLoravQJCMTpDBPsu /VdQ==
X-Gm-Message-State: AOAM530hH0/AGudfJQtvv5Ii7jcXWiRML113BmKdaVvMcdSaqrfPAagQ Jf4Zz5qsw9kHt+Uws2Xv4YpCGg==
X-Google-Smtp-Source: ABdhPJx6UT2Ymew3Jkn0GyH6gD/PbfX+y4Kz+c/Wx6/SogzCGfA0zXhMFjycXUgDzxfmGebhl+1vgg==
X-Received: by 2002:a05:6214:2a85:: with SMTP id jr5mr7979988qvb.3.1644172541683; Sun, 06 Feb 2022 10:35:41 -0800 (PST)
Received: from smtpclient.apple (modemcable161.124-162-184.mc.videotron.ca. [184.162.124.161]) by smtp.gmail.com with ESMTPSA id 66sm4333101qte.42.2022.02.06.10.35.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Feb 2022 10:35:41 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
From: Marc Blanchet <marc.blanchet@viagenie.ca>
In-Reply-To: <45e423cc-4095-cca2-bf8c-aa15e977b19c@posteo.de>
Date: Sun, 06 Feb 2022 13:35:40 -0500
Cc: behave@ietf.org, spfbis@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DF73F58F-D33E-495A-B18C-58BC994ADE8B@viagenie.ca>
References: <45e423cc-4095-cca2-bf8c-aa15e977b19c@posteo.de>
To: Klaus Frank <klaus.frank@posteo.de>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/behave/boAVbjTE5yh_m2H0OUERvag65QU>
Subject: Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interoperability issues
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Feb 2022 18:35:49 -0000

> Le 6 févr. 2022 à 13:09, Klaus Frank <klaus.frank@posteo.de> a écrit :
> 
> Hi,
> 
> we had some issues with SPF and a mail server that was behind NAT64+DNS64. I at first thought that it was just a misconfiguration. But after the DNS64 server seamed to work as intended I went to the implementation and the RFC. Thereby while reading RFC6147 I stumbled across section 5.3.3 which says "All other RRs MUST be returned unchanged." which is the cause of my issues. This section is basically ignoring SPF records (RFC7208 section 5.6) and also preventing DNS64 implementations from addressing this limitation.
> 
> Would it be possible to create an extension to RFC6147 that mandates SPF record rewrites as well? Otherwise Mail servers behind NAT64+DNS64 in IPv6 only environments won't be able to work as expected.
> 
> Like:
> If the DNS64 server receives a SPF-record (within either the TXT-RR or the SPF-RR [RFC4408]) containing the "ip4" mechanism it MUST rewrites the ipv4 address according to the same rules as A-records are and synthesizes a new SPF record within the response that contains additional "ip6" entries. The original "ip4" should not be removed from the response.

I agree there is a problem. However, I can think of “interesting” problems to solve, like: what if the ip4 contains a prefix, like 192.168.1.0/25. How would you translate this into IPv6 prefix by the DNS-64?

Marc.

> 
> Sincerely,
> Klaus Frank
> 
> _______________________________________________
> spfbis mailing list
> spfbis@ietf.org
> https://www.ietf.org/mailman/listinfo/spfbis

v2.23.0 | Report a Bug | By Email