SES mail servers at the time of writing
*n*x:
# nslookup -type=TXT amazonses.com | grep "v=spf1"
amazonses.com text = "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"I
Windows
C:\>nslookup -type=TXT amazonses.com | find "v=spf1"
Non-authoritative answer:
"v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"
These addresses use a compact CIDR notation to denote ranges of networks containing ranges of network IPv4 addresses.
CIRD processing to sendmail access file
(this is linux sendmail only)
Converting the nslookup outout to a CIDR based sendmail /etc/mail/access excerpt goes via a pipe sequence of multiple sed
commands:
# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' | xargs -I {} sh -c "prips {} | sed 's/$/\tRELAY/g'"
199.255.192.0 RELAY
199.255.192.1 RELAY
...
76.223.190.254 RELAY
76.223.190.255 RELAY
What happens here is this:
- Filter out only
spf1
records using grep
.
- Remove the head (
.*v=spf1 ip4:
) and tail ( -all"
) of the output, see [WayBack] use of alternation “|” in sed’s regex – Super User.
- Replaces all
ip4:
with newlines (so the output get split over multiple lines), see [WayBack] linux – splitting single line into multiple line in numbering format using awk – Stack Overflow.
- Convert the CIDR notation to individual IP addresses (as sendmail cannot handle CIDR),
- This uses a combination of
xargs
with the sh
trick to split the CIDR list into separate arguments, and prips
(which prints the IP addresses for a CIDR); see:
- Alternatively, use
- Replaces all end-of-line anchor (
$
) with a tab followed by RELAY
, see
You can append the output of this command to /etc/mail/access
, then re-generate /etc/mail/access.db
and restart sendmail
; see for instance [WayBack] sendmail access.db by example | LinuxWebLog.com.
Without the xargs
, the output would look like this:
# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g'
199.255.192.0/22
199.127.232.0/22
54.240.0.0/18
69.169.224.0/20
76.223.180.0/23
76.223.188.0/24
76.223.189.0/24
76.223.190.0/24
Via
–jeroen
Like this:
Like Loading...