[exim-dev] [Bug 2238] New: Internal SPF check making too muc…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2238] Internal SPF check making too much lookups?, [exim-dev] [Bug 2238] Internal SPF check making too much lookups?
Subject: [exim-dev] [Bug 2238] New: Internal SPF check making too much lookups?
https://bugs.exim.org/show_bug.cgi?id=2238

            Bug ID: 2238
           Summary: Internal SPF check making too much lookups?
           Product: Exim
           Version: 4.90
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Experimental
          Assignee: nigel@???
          Reporter: torsten@???
                CC: exim-dev@???


$ spfquery --ip 2a04:cb41:a516:2::1 --id noreply@???
permerror
team.mobile.de: Maximum void DNS look-ups limit (2) exceeded
Received-SPF: permerror (team.mobile.de: Maximum void DNS look-ups limit (2)
exceeded) receiver=www.tributh.net; identity=mailfrom;
envelope-from="noreply@???"; client-ip="2a04:cb41:a516:2::1"

https://tools.ietf.org/html/rfc7208#page-17
4.6.4. DNS Lookup Limits
... implementations MUST limit the total number of those terms to 10

In this case an spfquery gives a different result than the internal
SPF(experimental) check.
4 against pass

>From the spfquery manual:

   Result    | Exit code
  -----------+-----------
   pass      |     0
   fail      |     1
   softfail  |     2
   neutral   |     3
   permerror |     4
   temperror |     5
   none      |     6



2018-02-09 07:59:15 1ek2eR-0006pZ-LS NOTICE-SPF: 4:pass , team.mobile.de ,
team.mobile.de ,
2018-02-09 07:59:15 1ek2eR-0006pZ-LS DMARC results: spf_domain=team.mobile.de
dmarc_domain=mobile.de spf_align=yes dkim_align=yes enforcement='Accept'
2018-02-09 07:59:17 1ek2eR-0006pZ-LS H=mailout47-1.mobile.de
[2a04:cb41:a516:2::1]:44132 I=[2a00:dca0:100:5:dead:face:beef:babe]:25
X=TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no F=<noreply@???>
...(obfuscated)

Config sample to reproduce:
   warn condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --id
\"$sender_address\"}{yes}{yes}}
        set acl_m_spfquery = $runrc
   warn !authenticated = *
        spf = pass:fail:softfail:none:neutral:permerror:temperror
        logwrite = NOTICE-SPF: $acl_m_spfquery:$spf_result ,
$sender_address_domain , ${domain:$return_path} , $acl_m_spf_record


   warn dmarc_status = *
        !authenticated = *


--
You are receiving this mail because:
You are on the CC list for the bug.