Mailing List Archive: test-suite: mx-limit

test-suite: mx-limit

Aug 30, 2006, 6:00 PM

Post #1 of 4 (3561 views)

Should exceeding mx or ptr limit result in permerror, or simply
not match? The RFC just says you MUST not use more than 10. (10.1/7)
However, the preceding paragraph mandates PermError for other limits.
Also, there is no way to predict *which* 10 you will get first.
So the only consistent result is to PermError if there are more than 10.

Comments?

tests:
mx-limit-fail:
description: >-
there MUST be a limit of no more than 10 MX looked up and checked.
spec: 10.1/7
helo: mail.example.com
host: 1.2.3.5
mailfrom: foo@e4.example.com
result: permerror
mx-limit-pass:
description: >-
there MUST be a limit of no more than 10 MX looked up and checked.
spec: 10.1/7
helo: mail.example.com
host: 1.2.3.4
mailfrom: foo@e4.example.com
result: permerror
zonedata:
mail.example.com:
- A: 1.2.3.4
e4.example.com:
- SPF: v=spf1 mx
- MX: [0, mail.example.com]
- MX: [1, mail.example.com]
- MX: [2, mail.example.com]
- MX: [3, mail.example.com]
- MX: [4, mail.example.com]
- MX: [5, mail.example.com]
- MX: [6, mail.example.com]
- MX: [7, mail.example.com]
- MX: [8, mail.example.com]
- MX: [9, mail.example.com]
- MX: [10, e4.example.com]
- A: 1.2.3.5

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Re: test-suite: mx-limit [ In reply to ]

nobody at xyzzy

Aug 30, 2006, 7:46 PM

Post #2 of 4 (3470 views)

Permalink

Stuart D. Gathman wrote:

> Should exceeding mx or ptr limit result in permerror, or
> simply not match?

The latter.

> The RFC just says you MUST not use more than 10. (10.1/7)

It's also in 5.4, and similar in 5.5 for PTR. No match is
fine if the 11th MX would match. Permerror would be wrong.
Temperror would be fatal.

> there is no way to predict *which* 10 you will get first.

Yes, IIRC that was intentional for the PTR case.

Frank

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Re: test-suite: mx-limit [ In reply to ]

scott at kitterman

Aug 30, 2006, 8:21 PM

Post #3 of 4 (3476 views)

Permalink

On Wed, 30 Aug 2006 21:00:25 -0400 (EDT) "Stuart D. Gathman"
<stuart@bmsi.com> wrote:
>Should exceeding mx or ptr limit result in permerror, or simply
>not match? The RFC just says you MUST not use more than 10. (10.1/7)
>However, the preceding paragraph mandates PermError for other limits.
>Also, there is no way to predict *which* 10 you will get first.
>So the only consistent result is to PermError if there are more than 10.
>
>Comments?
>
>tests:
> mx-limit-fail:
> description: >-
> there MUST be a limit of no more than 10 MX looked up and checked.
> spec: 10.1/7
> helo: mail.example.com
> host: 1.2.3.5
> mailfrom: foo@e4.example.com
> result: permerror
> mx-limit-pass:
> description: >-
> there MUST be a limit of no more than 10 MX looked up and checked.
> spec: 10.1/7
> helo: mail.example.com
> host: 1.2.3.4
> mailfrom: foo@e4.example.com
> result: permerror
>zonedata:
> mail.example.com:
> - A: 1.2.3.4
> e4.example.com:
> - SPF: v=spf1 mx
> - MX: [0, mail.example.com]
> - MX: [1, mail.example.com]
> - MX: [2, mail.example.com]
> - MX: [3, mail.example.com]
> - MX: [4, mail.example.com]
> - MX: [5, mail.example.com]
> - MX: [6, mail.example.com]
> - MX: [7, mail.example.com]
> - MX: [8, mail.example.com]
> - MX: [9, mail.example.com]
> - MX: [10, e4.example.com]
> - A: 1.2.3.5
>
IIRC, my validator takes the don't match/warn approach.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Re: test-suite: mx-limit [ In reply to ]

julian at mehnle

Aug 31, 2006, 12:02 AM

Post #4 of 4 (3471 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote:
> Should exceeding mx or ptr limit result in permerror, or simply
> not match? The RFC just says you MUST not use more than 10. (10.1/7)
> However, the preceding paragraph mandates PermError for other limits.

Going from 10.1/6, I think it is safe to assume that a PermError should be
thrown for _every_ processing limit that is exceeded. Silently mis-
matching the mechanism and proceeding with evaluation would be prone to
hard-to-debug flip-flop situations.

> Also, there is no way to predict *which* 10 you will get first.

Exactly.

> So the only consistent result is to PermError if there are more than 10.

What I said. :-)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9omPwL7PKlBZWjsRAogEAKDAdCCkoUgdpUCkw1fKx+LA3uZgxQCeMWWy
DYfVoEGhwLq30cFno3DK9AE=
=b+2l
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com