Bug#606000: libmail-spf-query-perl: Incorrect query results with IPv6 addresses; should warn about missing IPv6 support and/or fail graciously

gregor herrmann gregoa at debian.org
Sat Dec 18 18:14:28 UTC 2010 

On Sun, 05 Dec 2010 18:14:03 +0100, gregor herrmann wrote:

> $ PERL5LIB=lib bin/spfquery -i 82.150.197.85 -m comodo.priv.at -h colleen.colgarra.priv.at
> pass
> Please see http://www.openspf.org/why.html?sender=comodo.priv.at&ip=82.150.197.85&receiver=spfquery: comodo.priv.at MX colleen.colgarra.priv.at A 82.150.197.85
> spfquery: domain of comodo.priv.at designates 82.150.197.85 as permitted sender
> Received-SPF: pass (spfquery: domain of comodo.priv.at designates 82.150.197.85 as permitted sender) client-ip=82.150.197.85; envelope-from=comodo.priv.at; helo=colleen.colgarra.priv.at;
> 
> $ PERL5LIB=lib bin/spfquery -i 2a02:5d8:192::201 -m comodo.priv.at -h colleen.colgarra.priv.at
> no IP address given at lib/Mail/SPF/Query.pm line 255.
> 
> $ echo $?
> 255

Let's try spfquery from spf-tools-perl (which depends on
libmail-spf-perl):

$ spfquery --ip 82.150.197.85 --mfrom comodo.priv.at --hostname colleen.colgarra.priv.at
pass
comodo.priv.at: 82.150.197.85 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)
comodo.priv.at: 82.150.197.85 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)
Received-SPF: pass (comodo.priv.at: 82.150.197.85 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)) receiver=colleen.colgarra.priv.at; identity=mailfrom; envelope-from=comodo.priv.at; client-ip=82.150.197.85

$ spfquery --ip 2a02:5d8:192::201 --mfrom comodo.priv.at --hostname colleen.colgarra.priv.at
neutral
comodo.priv.at: Domain does not state whether sender is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism '?all' matched)
comodo.priv.at: Domain does not state whether sender is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism '?all' matched)
Received-SPF: neutral (comodo.priv.at: Domain does not state whether sender is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism '?all' matched)) receiver=colleen.colgarra.priv.at; identity=mailfrom; envelope-from=comodo.priv.at; client-ip="2a02:5d8:192::201"

$ spfquery --ip 2a02:5d8:193::13 --mfrom comodo.priv.at
pass
comodo.priv.at: 2a02:5d8:193::13 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)
comodo.priv.at: 2a02:5d8:193::13 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)
Received-SPF: pass (comodo.priv.at: 2a02:5d8:193::13 is authorized to use 'comodo.priv.at' in 'mfrom' identity (mechanism 'mx' matched)) receiver=belanna.comodo.priv.at; identity=mailfrom; envelope-from=comodo.priv.at; client-ip="2a02:5d8:193::13"


$ spfquery --ip 193.141.107.90 --mfrom marzen.de
pass
marzen.de: 193.141.107.90 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'a' matched)
marzen.de: 193.141.107.90 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'a' matched)
Received-SPF: pass (marzen.de: 193.141.107.90 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'a' matched)) receiver=belanna.comodo.priv.at; identity=mailfrom; envelope-from=marzen.de; client-ip=193.141.107.90

$ spfquery --ip 2001:6f8:98b::a42:3592 --mfrom marzen.de
pass
marzen.de: 2001:6f8:98b::a42:3592 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'mx' matched)
marzen.de: 2001:6f8:98b::a42:3592 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'mx' matched)
Received-SPF: pass (marzen.de: 2001:6f8:98b::a42:3592 is authorized to use 'marzen.de' in 'mfrom' identity (mechanism 'mx' matched)) receiver=belanna.comodo.priv.at; identity=mailfrom; envelope-from=marzen.de; client-ip="2001:6f8:98b::a42:3592"


Looks like spf-tools-perl/libmail-spf-perl is indeed a good
replacement; in practice some adjustments to the command line options
might be necessary.


Cheers,
gregor


-- 
 .''`.   http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-    NP: The Doors: Alabama Song
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101218/9a15b108/attachment.pgp>

More information about the pkg-perl-maintainers mailing list