Changelog View Source
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.10.0] - 2022-03-27
changed
- duration of an SPF policy evaluation is now in milliseconds, rather than seconds
- duration is now also logged at info level for each SPF record evaluated
- each SPF txt record's length is logged at the info level & included in spf report section
fixed
-r d
report now outputs valid entries first (not all), followed by problematic dns entries- so no more double entries in the reporting output
[0.9.2] - 2022-01-08
fixed
- csv output now escapes quotes in a string value
changed
- switched to testsuite rfc7208-tests.yml which appears to be newer and has more tests.
- in case of a syntax error, also log the verdict on stderr
[0.9.1] - 2022-01-07
fixed
- digraph, links from include/redirect's with macros now link to the expanded name
- digraph, macro expansion of nested records should use the original ip and sender parts
changed
- digraph, include local part of sender in evaluation result on top of the graph
- digraph, use the DNS cache when generating a digraph for an SPF policy
- digraph, include/redirect to a non-SPF record should say so (not just be empty)
[0.9.0] - 2022-01-03
added
-b
,--batch N
flag to run Nx SPF evaluations concurrently when in batch mode-T
,--timeout N
flag to set the timeout for DNS queries
changed
- also log the final verdict, not just the intermediate verdicts
[0.8.1] - 2021-12-26
fixed
- cacheing a DNS response of :servfail, should not include the entire dns_msg as well
- darn! should've checked this when refactoring the Spf.DNS module
[0.8.0] - 2021-12-26
added
- info message when an SPF record is tracking sender IP, EHLO and/or sender IP validated name.
changed
- dot representation of an SPF record only shows the AST created
- "v=spf1" was added automatically since it is not part of the AST
- but this was confusing in cases where no SPF record was found
- when generating zonedata for rfc7208's testsuite omit CNAME and SOA records
- they're not used in the testsuite anyway
- specifying zonedata to pre-load, dropped the
domain error
format- records are no longer autogenerated
- this was actually logic from rfc7208's testsuite
- not needed by
Spfcheck
itself
fixed
- when updating the DNS cache with an error, it now replaces any existing rrdata
- queries for cached domain names with circular CNAME references, now yield :servfail
- dot file generation does not choke when no SPF records were found
- reporting on DNS data gathered now outputs any soa records properly
- authority search ignores CNAME results to find real SOA for given domain
- the real SOA being the zone that contains the record for original search name
[v0.7.1] - 2021-12-21
fixed
- loop detection (had some false positives)
[v0.7.0] - 2021-12-18
added
- syntax error messages now also list reasons for the errors
- warning if ip4/ip6 mechanism actually mask host bits (i.e. address != this-network)
- warning if exists' domain is same as current SPF domain (which is unusual)
- warning if an unknown modifier has a mechanism name (an easy mistake)
fixed
- leading zero's in ip4/6 prefix lengths is actually a syntax error
- empty macro-string in an unknown modifier is actually legal
- %{t} now expands to timestamp (UNIX epoch time)
- unknown modifiers cannot use c,r,t-macros, they're only valid in an explain-string
changed
- removed dependency on nimble_parsec
- DNS MECH counter shown at info level (was debug level)
- logs use uniform format: "term - message" format as much as possible
- redundant entry message now lists only the uniquely overlapping terms
[v0.6.0] - 2021-12-01
added
- report option "g" to include a graphviz di-graph of the SPF policy
- warning when default '+'-qualifier is used in mechanisms
changed
- a less confusing redundant-warning replaces the multiple-entries warning
- inconsistent warnings now report only the terms inconsistent with current term
- more consistent formatting of logging and verdict's reason
[v0.5.0] - 2021-11-28
added
--nameserver
flag to customize which nameservers to use via IPv4 and/or IPv6 addresses--author
flag to set author information in markdown metadata--title
flag to set title information in markdown metadata
[v0.4.0] - 2021-11-27
changed
- prefixes are stored on exact match, not longest prefix match
- multiple entries warning now means the exact same prefix was seen multiple times
added
- unreachable-warning when new prefix is subnet of an existing supernet
- overlapping-warning when new prefix is supernet of an existing subnet
- inconsistent-warning for overlapping prefixes having different qualifiers
- notifications during context creation
[v0.3.0] - 2021-11-26
changed
- warning when exceeding 512 chars now shows offending SPF domain name
- "seen before"-warning changed into "multiple entries"-warning (less confusing)
- parser errors now correctly logged as :parse-errors instead of :eval-errors
added
- warning about inconsistent qualifiers in case of multiple entries
- warning about mx used while domain has null MX record
- warning for superfluous prefix lengths (/32 resp. /128)
- warning for zero prefix lengths (/0)
[v0.2.0] - 2021-11-21
Changed
- verdict output includes owner domain and contact (also in csv-output)
- ipt logs show spf terms rather than their raw token
- logging to stderr now shows the domain in front, so redirecting stderr to a log file means the messages can be related to the domain being checked at that time.
- added warning when ?all or +all is used
Fixed
- url for rfc7208 test suite
- use :dns (not :ipt) when logging dns additions to the cache
[v0.1.1] - 2021-11-20
- Fix url for License badge
[v0.1.0] - 2021-11-20
- Initial public version