Bug#440450: libmail-spf-query-perl: Suggest increasing default max DNS lookups to work with paypal

[phil]

Package: libmail-spf-query-perl
Version: 1:1.999.1-3
Severity: normal


Hi,

By defauly spfquery limits itself to 10 DNS lookups.  This can be overridden from
the command line.  It returns an "unknown" response if more than 10 lookups are
needed.

It seems that getting all the SPF information for paypal.com takes 11 lookups.  (It 
looks like there is a limit on the length of the TXT record, and in order to list all
its IP ranges paypal has to use a number of includes.)

Since phishing emails with a forged @paypal.com sender are rather common, I suggest
slightly increasing the default limit to accommodate it.

Or, perhaps the limit could be substantially increased, e.g. 50 - I can't think what
it's guarding against, except for misconfigured SPF records with include loops, and 
I'm not aware of that being a serious problem.  I note that the limit was reduced
from 20 to 10 in 1.998-1, but I am unaware of the rationale for that.

Regards,

Phil.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.21-1-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages libmail-spf-query-perl depends on:
ii  libnet-cidr-lite-perl      0.20-1        Merge IPv4 or IPv6 CIDR address ra
ii  libnet-dns-perl            0.60-1        Perform DNS queries from a Perl sc
ii  libsys-hostname-long-perl  1.4-1         Figure out the long (fully-qualifi
ii  liburi-perl                1.35.dfsg.1-1 Manipulates and accesses URI strin
ii  perl                       5.8.8-7       Larry Wall's Practical Extraction 

libmail-spf-query-perl recommends no packages.

-- no debconf information