From nobody@FreeBSD.org  Wed Dec 19 14:11:56 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6909316A417
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Dec 2007 14:11:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E2BD13C4E7
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Dec 2007 14:11:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id lBJEBZYV040710
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Dec 2007 14:11:35 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id lBJEBZVD040708;
	Wed, 19 Dec 2007 14:11:35 GMT
	(envelope-from nobody)
Message-Id: <200712191411.lBJEBZVD040708@www.freebsd.org>
Date: Wed, 19 Dec 2007 14:11:35 GMT
From: dawnshade <h-k@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mail/libspf2 not correctly work with MX>5
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         118859
>Category:       ports
>Synopsis:       mail/libspf2 not correctly work with MX>5
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    mnag
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 19 14:20:01 UTC 2007
>Closed-Date:    Mon Feb 11 14:50:44 UTC 2008
>Last-Modified:  Mon Feb 11 15:00:06 UTC 2008
>Originator:     dawnshade
>Release:        6.2-RELEASE
>Organization:
-
>Environment:
FreeBSD mail.host.ru 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #0: Sun Apr  8 18:34:30 MSD 2007     root@mail.host.ru:/usr/src/sys/i386/compile/mail_kern_8  i386

>Description:
mail/libspf2 not correctly work with MX>5. for example for domain odnoklassniki.ru several consequence requests give different replies:

mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
fail
Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism
spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender
Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
fail
Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism
spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender
Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
fail
Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism
spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender
Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
fail
Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism
spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender
Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
fail
Please%see%http://spf.pobox.com/why.html?sender=bezotveta%40odnoklassniki.ru&ip=81.176.227.12&receiver=spfquery : Reason: mechanism
spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender
Received-SPF: fail (spfquery: domain of odnoklassniki.ru does not designate 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;
mail# spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
pass

spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender
Received-SPF: pass (spfquery: domain of odnoklassniki.ru designates 81.176.227.12 as permitted sender) client-ip=81.176.227.12; envelope-from=bezotveta@odnoklassniki.ru;


the problem in defaults .h files
SPF_DEFAULT_MAX_DNS_MX 5
SPF_MAX_DNS_MX 5
library parsing just first 5 MXes given in DNS reply.
>How-To-Repeat:
run several times
spfquery -ip 81.176.227.12 -sender bezotveta@odnoklassniki.ru
>Fix:
http://mta.org.ua/exim-4.67-conf/patches/libspf2-1.2.5-DoS_limits/patch-src::DoS_limits.patch

Credits to Victor Ustugov - <victor@corvax.kiev.ua> 

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->mnag 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Wed Dec 19 14:20:06 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118859 
State-Changed-From-To: open->feedback 
State-Changed-By: mnag 
State-Changed-When: Sun Feb 10 13:47:41 UTC 2008 
State-Changed-Why:  
There's a one problem in this patch. 

RFC 4408 that talk about SPF and in section 10.1 say that maximun DNS 
checks are 10 for each SPF check (A or MX or PTR). 

I can commit a change to 10 but in patch he's change do 20 and that's 
not respect RFC. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118859 
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Mon Feb 11 12:52:17 UTC 2008 
State-Changed-Why:  
From misfiled PR ports/120523: 

Date: Mon, 11 Feb 2008 10:08:58 +0300 
From: dawnshade <h-k@mail.ru> 

ok, than commit 10 checks. 
Thank you. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118859 
State-Changed-From-To: open->closed 
State-Changed-By: mnag 
State-Changed-When: Mon Feb 11 14:49:59 UTC 2008 
State-Changed-Why:  
Commited Thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118859 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/118859: commit references a PR
Date: Mon, 11 Feb 2008 14:49:30 +0000 (UTC)

 mnag        2008-02-11 14:49:20 UTC
 
   FreeBSD ports repository
 
   Modified files:
     mail/libspf2         Makefile 
   Added files:
     mail/libspf2/files   patch-RFC4408-DOS 
   Log:
   - Add patch to respect RFC 4408. Section 10.1 say that maximun DNS checks are 10 for every A, MX or PTR records.
   - Bump PORTREVISION
   
   PR:             118859
   Submitted by:   dawnshade <h-k___mail.ru> [partial]
   
   Revision  Changes    Path
   1.12      +1 -1      ports/mail/libspf2/Makefile
   1.1       +49 -0     ports/mail/libspf2/files/patch-RFC4408-DOS (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
