Serious spf bug (was: Re: [exim] PIPELINING in exim 4.43)

Góra strony
Delete this message
Reply to this message
Autor: Michael Haardt
Data:  
Dla: exim-users
Temat: Serious spf bug (was: Re: [exim] PIPELINING in exim 4.43)
> I could now transmit the message to you and it could be, that the
> problem is the long TXT record for _spf.eniac.de. I could just split
> this record to several records, but I don't want to do this until it is
> completely clear why exim fails to accept the mail in your case, I
> expect there is a bug somewhere, that should be fixed.


You are currently restricting your connectivity, though. If I were
you, I would remove the SPF record until this problem is solved.

I use libspf2 1.0.4, in case that makes a difference. I just tried
version 1.2.5, but it looks like the API was changed and the change
is not yet in the API documentation, because SPF_create_config() does
not appear to exist any more. Further, not all required include
files are installed by default and you need to include the library
config.h file or set the required HAVE_* defines manually. That's
modern open source for you.

> I know that in some environments DNS queries on TCP do not work
> (are firewalled) ... but as you only do informative SPF queries it
> should not cause the message not being accepted and even not the
> receiving process on your server to crash.


I have no problem with the DNS query, but I suspect either libspf2 or
the Exim spf code has a serious bug. That doesn't explain why I don't
see a logged message that an Exim process died, though.

But wasn't SPF meant to restrict email usability in unpredictable ways?
The code just does its job. :-}

Michael