bugfix iplist validation

cmd/telebit/telebit.go

@@ -639,11 +639,23 @@ func tryToServeName(servername string, wconn *telebit.ConnWrap) bool {
 			return true
 		}
 
-		remoteAddr := addr.String()
+		// 192.168.1.100:2345
-		if "127.0.0.1" != remoteAddr &&
+		// [::fe12]:2345
-			"::1" != remoteAddr &&
+		remoteIP := addr.String()
-			"localhost" != remoteAddr {
+		index := strings.LastIndex(remoteIP, ":")
-			ipAddr := net.ParseIP(remoteAddr)
+		if index < 1 {
+			// TODO how to handle unexpected invalid address?
+			wconn.Close()
+			return true
+		}
+		remoteIP = remoteIP[:index]
+
+		fmt.Println("remote addr:", remoteIP)
+
+		if "127.0.0.1" != remoteIP &&
+			"::1" != remoteIP &&
+			"localhost" != remoteIP {
+			ipAddr := net.ParseIP(remoteIP)
 			if nil == ipAddr {
 				wconn.Close()
 				return true

examples/run-as-relay.sh

@@ -13,6 +13,9 @@ fi
 
 source .env
 
+SPF_HOSTNAME="${SPF_HOSTNAME:-""}"
+#SPF_HOSTNAME="_allowed.example.com"
+
 # For Tunnel Relay Server
 API_HOSTNAME=${API_HOSTNAME:-"devices.example.com"}
 LISTEN="${LISTEN:-":80 :443"}"
@@ -29,6 +32,7 @@ ACME_AGREE=${ACME_AGREE:-}
 ACME_EMAIL="${ACME_EMAIL:-}"
 
 ./telebit \
+    --spf-domain $SPF_HOSTNAME \
     --api-hostname $API_HOSTNAME \
     --auth-url $AUTH_URL \
     --acme-agree "$ACME_AGREE" \

iplist/iplist.go

@@ -73,9 +73,10 @@ func updateTxt(txtDomain string) error {
 		if nil != err {
 			continue
 		}
-		if len(fields) > 0 {
+		if len(newFields) > 0 {
 			break
 		}
+		return fmt.Errorf("no spf records found")
 	}
 
 	// TODO put a lock here?