I *hope* this is the place to get an answer for this concern:
I have been using exim with the exiscan patch including the spf2 patch, and
thought that every thing was going fine. I had a user at one location
looking for mail coming from a person at wrtv.com (a subsidiary of
McGraw-Hill) and I had noted some spf fails on that address. I check the
logs and sure enough I was getting a hard fail. SO I ran spfquery from the
command line with the same information and it gave a hard fail. I then
actually went to the spf.pobox.com/why.html link in the output message and
low and behold it showed pass and said I should try later. Well this had
been going on for about 24 hrs already so I knew there was something else. I
noted that pobox.com used libspf (from the spfqtool line on the page), so I
downloaded and built libspf and ran the exact same query with spfqtool and
it came back pass... which is correct.
My question: is this a known problem with libspf2, is there a fix/patch/etc?
I tried compiling exim against the libspf (desperate) and that, of course
failed. So I am stuck with libspf2 for internal support. I did write some
perl code to integrate spfqtool into my acls but frankly I would rather have
the reduced overhead of the internal support. I did some debugging with
spfquery and it is following (or appears to be) the include: directive, but
it is failing on the ptr check. It says the check returns an invalid domain
for that address, but there is no domain shown in the debug output.
I am listing the relevant data below, I changed the user name to xxx (for
obvious reasons) but everything else is as was returned:
First check the spf record for wrtv.com
host -t TXT wrtv.com
wrtv.com text "v=spf1 a:qbert.ibsys.com a:anubis.ibsys.com
a:treets100.ibsys.com include:mcgraw-hill.com -all"
it contains an include: for mcgraw-hill.com so now check the spf record
for mcgraw-hill
host -t TXT mcgraw-hill.com
mcgraw-hill.com text "v=spf1 ip4:66.54.164.0/24 ip4:64.94.160.128/26 mx
ptr -all"
now using spfquery from libspf2 the query fails
spfquery -i 198.45.18.176 -s xxx(_at_)wrtv(_dot_)com -h
corp148mr3-11.mcgraw-hill.com
fail
Please see
http://spf.pobox.com/why.html?sender=xxx%40wrtv.com&ip=198.45.18.176&receive
r=spfquery
spfquery: domain of wrtv.com does not designate 198.45.18.176 as permitted
sender
Received-SPF: fail (spfquery: domain of wrtv.com does not designate
198.45.18.176 as permitted sender) client-ip=198.45.18.176;
envelope-from=xxx(_at_)wrtv(_dot_)com; helo=corp148mr3-11.mcgraw-hill.com;
but using libspf spfqtool it passes (as it should)
spfqtool -i 198.45.18.176 -s xxx(_at_)wrtv(_dot_)com -h
corp148mr3-11.mcgraw-hill.com
SPF short result: pass
SPF verbose result: policy result: (pass) from rule (ptr)
RFC2822 header: Received-SPF: pass (corp148mr3-11.mcgraw-hill.com:
domain of xxx(_at_)wrtv(_dot_)com designates 198.45.18.176 as permitted sender)
receiver=corp148mr3-11.mcgraw-hill.com; client_ip=198.45.18.176;
envelope-from=xxx(_at_)wrtv(_dot_)com;
Rick Cooper
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.