Shitty script to generate a whitelist.txt for spamd/pf based on spf1 dns records.

spf.sh

#!/bin/sh

usage() {
    cat <<EOF
Usage: `basename $0` outfile example.com ...
EOF
    exit 1
}

mechanism_pass() {
    qualifier=`echo $1 | sed -e 's/^\(.\{1\}\).*/\1/'`

    if [ ${qualifier} = "-" ]; then
  return 0
    fi

    return 1
}

remove_qualifier() {
    qualifier=`echo $1 | sed -e 's/^\(.\{1\}\).*/\1/'`

    case ${qualifier} in
	"~")
	    result=`echo $1 | sed -e 's/^.\(.*\)$/\1/'`
	    ;;
	"+")
	    result=`echo $1 | sed -e 's/^.\(.*\)$/\1/'`
	    ;;
	"?")
	    result=`echo $1 | sed -e 's/^.\(.*\)$/\1/'`
	    ;;
	*)
	    result=$1
    esac

    echo ${result}
}

spf() {
    echo "# $1" >> ${OUTFILE}
    echo "Doing $1"
    dns_txt=`dig +noall +answer +nocomments $1 SPF | grep "v=spf1" | cut -d '"' -f 2`

    if [ -z "${dns_txt}" ]; then
	echo "empty SPF record, trying TXT"
	dns_txt=`dig +noall +answer +nocomments $1 TXT | grep "v=spf1" | cut -d '"' -f 2`
    fi

    for keyword in ${dns_txt}; do
	mechanism_pass ${keyword}

	if [ $? -eq 0 ]; then
	    continue
	fi

	keyword=`remove_qualifier ${keyword}`
	mechanism=`echo ${keyword} | cut -d : -f 1`
	attr=`echo ${keyword} | cut -d : -f 2`
	case ${mechanism} in
	    "ip4")
		echo ${attr} >> ${OUTFILE}
		;;
	    "include")
		spf ${attr}
		;;
	    "redirect")
		spf ${attr}
		;;
	esac
    done
}

if [ $# -lt 2 ]; then
    usage
fi

OUTFILE=$1
shift

echo -n > ${OUTFILE}

while [ $# -gt 0 ]; do
    spf $1
    shift
done