mail/libspf2 not correctly work with MX>5. for example for domain odnoklassniki.ru several consequence requests give different replies: mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru fail Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru fail Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru fail Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru fail Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru fail Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru pass spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru; the problem in defaults .h files SPF_DEFAULT_MAX_DNS_MX 5 SPF_MAX_DNS_MX 5 library parsing just first 5 MXes given in DNS reply. Fix: http://mta.org.ua/exim-4.67-conf/patches/libspf2-1.2.5-DoS_limits/patch-src::DoS_limits.patch Credits to Victor Ustugov - <victor@corvax.kiev.ua> How-To-Repeat: run several times spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
Responsible Changed From-To: freebsd-ports-bugs->mnag Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->feedback There's a one problem in this patch. RFC 4408 that talk about SPF and in section 10.1 say that maximun DNS checks are 10 for each SPF check (A or MX or PTR). I can commit a change to 10 but in patch he's change do 20 and that's not respect RFC.
State Changed From-To: feedback->open From misfiled PR ports/120523: Date: Mon, 11 Feb 2008 10:08:58 +0300
mnag 2008-02-11 14:49:20 UTC FreeBSD ports repository Modified files: mail/libspf2 Makefile Added files: mail/libspf2/files patch-RFC4408-DOS Log: - Add patch to respect RFC 4408. Section 10.1 say that maximun DNS checks are 10 for every A, MX or PTR records. - Bump PORTREVISION PR: 118859 Submitted by: dawnshade <h-k___mail.ru> [partial] Revision Changes Path 1.12 +1 -1 ports/mail/libspf2/Makefile 1.1 +49 -0 ports/mail/libspf2/files/patch-RFC4408-DOS (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Commited Thanks.