----- Original Message -----
From: <philip-spf@gladstonefamily.net>
To: <spf-devel@v2.listbox.com>
Sent: Wednesday, January 21, 2004 4:15 AM
Subject: [spf-devel] Changes for Mail::SPQ::Query 1.98
Philip,
I stumbled on another small bug; or is it a feature? :)
I applied your latest patch, and made an SPF query, using the following set:
ip => '209.6.17.217',
sender => 'admin@asarian-host.com',
helo => 'asarian-host.com',
debug => 1,
trusted => 0
(mind you, in this Vmware test environment, I published a local "+mx -all"
record for asarian-host.com). The result, as expected, is a 'fail'
---------------------------------------------
| asarian-host.com new: ipv4=209.6.17.217,
sender@˜Ê¡Ëè?Öž—Å`ˆÜ¸Ó, helo=asarian-host.com
| admin asarian-host.com localpart is admin
| admin asarian-host.com DirectiveSet->new(): doing TXT query on
asarian-host.com
| admin asarian-host.com myquery: doing TXT query on
asarian-host.com
| admin asarian-host.com DirectiveSet->new(): SPF policy: +mx -all
report=abuse
| admin asarian-host.com lookup: TXT +mx -all report=abuse
| admin asarian-host.com lookup: TXT prefix=+, lhs=mx, rhs=
| admin asarian-host.com lookup: TXT prefix=-, lhs=all, rhs=
| admin asarian-host.com lookup: mec mechanisms=+mx() -all()
| admin asarian-host.com evaluate_mechanism: +mx() for
domain=asarian-host.com
| admin asarian-host.com myquery: doing MX query on
asarian-host.com
| admin asarian-host.com myquery: doing A query on
anonymizer.asarian-host.net
| admin asarian-host.com myquery: doing A query on
mail.asarian-host.net
| admin asarian-host.com evaluate_mechanism: +mx() returned
| admin asarian-host.com evaluate_mechanism: -all() for
domain=asarian-host.com
| admin asarian-host.com evaluate_mechanism: -all() returned hit
| admin asarian-host.com saving result fail to cache point and
returning.
| admin asarian-host.com macro_substitute_item: S: field=S, num=,
reverse=, delim=., newval=admin%40asarian-host.com
| admin asarian-host.com macro_substitute_item: I: field=I, num=,
reverse=, delim=., newval=209.6.17.217
| admin asarian-host.com macro_substitute:
http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=asarian-host.net ->
http://spf.pobox.com/why.html?sender=admin%40asarian-host.com&ip=209.6.17.217&receiver=asarian-host.net fail, please see
http://spf.pobox.com/why.html?sender=admin%40asarian-host.com&ip=209.6.17.217&receiver=asarian-host.net, asarian-host.net: domain of admin@asarian-host.com does not designate
209.6.17.217 as permitted sender
---------------------------------------------
When I enable the new "trusted" parameter, the result is unexpected:
ip => '209.6.17.217',
sender => 'admin@asarian-host.com',
helo => 'asarian-host.com',
debug => 1,
trusted => 1
---------------------------------------------
| asarian-host.com new: ipv4=209.6.17.217,
sender@˜Ê¡Ëè?Öž—Å`ˆÜ¸Ó, helo=asarian-host.com
| admin asarian-host.com localpart is admin
| admin asarian-host.com DirectiveSet->new(): doing TXT query on
asarian-host.com
| admin asarian-host.com myquery: doing TXT query on
asarian-host.com
| admin asarian-host.com DirectiveSet->new(): SPF policy: +mx -all
report=abuse
| admin asarian-host.com lookup: TXT +mx -all report=abuse
| admin asarian-host.com lookup: TXT prefix=+, lhs=mx, rhs=
| admin asarian-host.com lookup: TXT prefix=-, lhs=all, rhs=
| admin asarian-host.com locating place to insert local policy
mechanisms=+mx() -all()
| admin asarian-host.com DirectiveSet->new(): SPF policy: v=spf1
include:spf.trusted-forwarder.org ?all
| admin asarian-host.com lookup: TXT v=spf1
include:spf.trusted-forwarder.org ?all
| admin asarian-host.com lookup: TXT version=spf1
| admin asarian-host.com lookup: TXT prefix=+, lhs=include,
rhs=spf.trusted-forwarder.org
| admin asarian-host.com lookup: TXT prefix=?, lhs=all, rhs=
| admin asarian-host.com lookup: mec
mechanisms=+include(spf.trusted-forwarder.org) ?all()
| admin asarian-host.com lookup: mec mechanisms=+mx()
+include(spf.trusted-forwarder.org) -all()
| admin asarian-host.com evaluate_mechanism: +mx() for
domain=asarian-host.com
| admin asarian-host.com myquery: doing MX query on
asarian-host.com
| admin asarian-host.com myquery: doing A query on
anonymizer.asarian-host.net
| admin asarian-host.com myquery: doing A query on
mail.asarian-host.net
| admin asarian-host.com evaluate_mechanism: +mx() returned
| admin asarian-host.com evaluate_mechanism:
+include(spf.trusted-forwarder.org) for domain=asarian-host.com
| admin asarian-host.com mechanism include: recursing into
spf.trusted-forwarder.org
| admin asarian-host.com clone: new object:
|| admin spf.trusted-forwarder.org clone: local =
include:spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org clone: res =
Net::DNS::Resolver=HASH(0x81a3580)
|| admin spf.trusted-forwarder.org clone: domain =
spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org clone: myhostname =
asarian-host.net
|| admin spf.trusted-forwarder.org clone: debug = 1
|| admin spf.trusted-forwarder.org clone: lookup_count = 1
|| admin spf.trusted-forwarder.org clone: helo =
asarian-host.com
|| admin spf.trusted-forwarder.org clone: parent =
Mail::SPF::Query=HASH(0x8128974)
|| admin spf.trusted-forwarder.org clone: localpart = admin
|| admin spf.trusted-forwarder.org clone: ipv4 =
209.6.17.217
|| admin spf.trusted-forwarder.org clone: directive_set =
DirectiveSet=HASH(0x81a78b4)
|| admin spf.trusted-forwarder.org clone: trusted = 1
|| admin spf.trusted-forwarder.org clone: depth = 1
|| admin spf.trusted-forwarder.org clone: orig_domain =
asarian-host.com
|| admin spf.trusted-forwarder.org clone: Reversed_IP =
217.17.6.209
|| admin spf.trusted-forwarder.org clone: spf_source = local
policy
|| admin spf.trusted-forwarder.org clone: sender =
admin@asarian-host.com
|| admin spf.trusted-forwarder.org clone: loop_report =
ARRAY(0x81afaac)
|| admin spf.trusted-forwarder.org DirectiveSet->new(): doing TXT
query on spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing TXT query on
spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org DirectiveSet->new(): SPF policy:
exists:%{ir}.wl.trusted-forwarder.org exists:%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT
exists:%{ir}.wl.trusted-forwarder.org exists:%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT prefix=+,
lhs=exists, rhs=%{ir}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: TXT prefix=+,
lhs=exists, rhs=%{p}.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org lookup: mec
mechanisms=+exists(%{ir}.wl.trusted-forwarder.org)
+exists(%{p}.wl.trusted-forwarder.org)
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{ir}.wl.trusted-forwarder.org) for domain=spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org macro_substitute_item: ir:
field=i, num=, reverse=r, delim=., newval=217.17.6.209
|| admin spf.trusted-forwarder.org macro_substitute:
%{ir}.wl.trusted-forwarder.org -> 217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org mechanism exists: looking up
217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing A query on
217.17.6.209.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery:
217.17.6.209.wl.trusted-forwarder.org A failed: NXDOMAIN.
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{ir}.wl.trusted-forwarder.org) returned
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{p}.wl.trusted-forwarder.org) for domain=spf.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing PTR query on
217.17.6.209.in-addr.arpa
|| admin spf.trusted-forwarder.org get_ptr_domain: 209.6.17.217 is
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org get_ptr_domain: checking hostname
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com for legitimacy.
|| admin spf.trusted-forwarder.org myquery: doing A query on
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org get_ptr_domain: hostname
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com -> 209.6.17.217
|| admin spf.trusted-forwarder.org macro_substitute_item: p:
field=p, num=, reverse=, delim=.,
newval=209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
|| admin spf.trusted-forwarder.org macro_substitute:
%{p}.wl.trusted-forwarder.org ->
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org mechanism exists: looking up
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery: doing A query on
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
|| admin spf.trusted-forwarder.org myquery:
209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com.wl.trusted-forwarder.org
A failed: NXDOMAIN.
|| admin spf.trusted-forwarder.org evaluate_mechanism:
+exists(%{p}.wl.trusted-forwarder.org) returned
|| admin spf.trusted-forwarder.org mechanisms returned unknown;
deleting cache point and using unknown
| admin asarian-host.com mechanism include: got back result unknown
/ /
| admin asarian-host.com evaluate_mechanism:
+include(spf.trusted-forwarder.org) returned UNKNOWN
| admin asarian-host.com saving result UNKNOWN to cache point and
returning.
unknown, , asarian-host.net: unable to determine SPF status for
admin@asarian-host.com
---------------------------------------------
This is unexpected; and, imho, unwanted; the result should still be 'fail'
when the 'trusted' mech did not yield a 'pass'. Or, rather, if the 'trusted'
mech did not explicitely say 'pass', SPF Query should preserve the
pre-trusted result, in this case 'fail'.
Or am I missing something?
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h