-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get-SPFRecord fails on multiple line returned #21
Comments
Hi ChrisOD-AD, |
Sure, look at hcf.com.au
Chris
On 31 May 2022 05:55, T13nn3s ***@***.***> wrote:
Hi ChrisOD-AD,
Do you have a specific example so that I can validate the current behavior and the behavior after the change?
—
Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX46LUMW6GIR3HYKSY2LVMT6J7ANCNFSM5WXLD5KQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
|
Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups). Your suggested change doesn't seem to be the solution yet. I need to look into this further. |
Yes, HCF has a terrible SPF. Which TBF was why I remembered it. I'll email you later with some others that have valid sofa, but split reply.
Chris
On 31 May 2022 07:55, T13nn3s ***@***.***> wrote:
Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups).
Your suggested change doesn't seem to be the solution yet. I need to look into this further.
—
Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX43UYJHIYB2FOWCWSGDVMUMLHANCNFSM5WXLD5KQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
|
Here is some domains from our tenants that have long SPFs (i.e.: return an [array] in $SPF)
lifemark.ca
hcf.com.au
myhomecare.com.au
vivir.com.au
rsllifecare.org.au
From: T13nn3s ***@***.***>
Sent: Tuesday, 31 May 2022 7:56 am
To: T13nn3s/Invoke-SpfDkimDmarc ***@***.***>
Cc: Chris O'Donoghue ***@***.***>; Author ***@***.***>
Subject: Re: [T13nn3s/Invoke-SpfDkimDmarc] Get-SPFRecord fails on multiple line returned (Issue #21)
Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups).
Your suggested change doesn't seem to be the solution yet. I need to look into this further.
—
Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX43UYJHIYB2FOWCWSGDVMUMLHANCNFSM5WXLD5KQ>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
|
I have tried to solve this 'problem' in the script, but am so far unsuccessful in doing so. An SPF record may contain a maximum of 255 characters. Go over this limit, the SPF record is returned to the script as an array. Furthermore, an SPF record above 255 characters may not be validated correctly, which may result in an incorrect check and then the SPF record no longer functions properly. My advice is to split your SPF records into multiple TXT records and then create 1 SPF record into which you include the other records. So far, I can't get this fixed neatly in the script and I'll leave it as it is for now. |
Thanks for looking at it still think your module is the best out there.
Cheers
Chris
On 3 Nov 2022 07:54, T13nn3s ***@***.***> wrote:
@ChrisOD-AD<https://github.com/ChrisOD-AD>,
I have tried to solve this 'problem' in the script, but am so far unsuccessful in doing so.
An SPF record may contain a maximum of 255 characters. Go over this limit, the SPF record is returned to the script as an array. Furthermore, an SPF record above 255 characters may not be validated correctly, which may result in an incorrect check and then the SPF record no longer functions properly.
My advice is to split your SPF records into multiple TXT records and then create 1 SPF record into which you include the other records.
So far, I can't get this fixed neatly in the script and I'll leave it as it is for now.
—
Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX475JJ3JWDCRIF7C4XTWGK2HTANCNFSM5WXLD5KQ>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.
|
I have a minor change to Get-SPFRecord that fixes the behaviour if a zone has a LONG SPF record.
Changes:
The text was updated successfully, but these errors were encountered: