https://bugs.exim.org/show_bug.cgi?id=2238
Bug ID: 2238
Summary: Internal SPF check making too much lookups?
Product: Exim
Version: 4.90
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Experimental
Assignee: nigel@???
Reporter: torsten@???
CC: exim-dev@???
$ spfquery --ip 2a04:cb41:a516:2::1 --id noreply@???
permerror
team.mobile.de: Maximum void DNS look-ups limit (2) exceeded
Received-SPF: permerror (team.mobile.de: Maximum void DNS look-ups limit (2)
exceeded) receiver=
www.tributh.net; identity=mailfrom;
envelope-from="noreply@???"; client-ip="2a04:cb41:a516:2::1"
https://tools.ietf.org/html/rfc7208#page-17
4.6.4. DNS Lookup Limits
... implementations MUST limit the total number of those terms to 10
In this case an spfquery gives a different result than the internal
SPF(experimental) check.
4 against pass
>From the spfquery manual:
Result | Exit code
-----------+-----------
pass | 0
fail | 1
softfail | 2
neutral | 3
permerror | 4
temperror | 5
none | 6
2018-02-09 07:59:15 1ek2eR-0006pZ-LS NOTICE-SPF: 4:pass , team.mobile.de ,
team.mobile.de ,
2018-02-09 07:59:15 1ek2eR-0006pZ-LS DMARC results: spf_domain=team.mobile.de
dmarc_domain=mobile.de spf_align=yes dkim_align=yes enforcement='Accept'
2018-02-09 07:59:17 1ek2eR-0006pZ-LS H=mailout47-1.mobile.de
[2a04:cb41:a516:2::1]:44132 I=[2a00:dca0:100:5:dead:face:beef:babe]:25
X=TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no F=<noreply@???>
...(obfuscated)
Config sample to reproduce:
warn condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --id
\"$sender_address\"}{yes}{yes}}
set acl_m_spfquery = $runrc
warn !authenticated = *
spf = pass:fail:softfail:none:neutral:permerror:temperror
logwrite = NOTICE-SPF: $acl_m_spfquery:$spf_result ,
$sender_address_domain , ${domain:$return_path} , $acl_m_spf_record
warn dmarc_status = *
!authenticated = *
--
You are receiving this mail because:
You are on the CC list for the bug.
