[milters] Archive

Lists Index Date Thread Search

Article: 649
From: Matanya Elchanani
Date: 2005-07-11 18:17:45 -0400
Subject: SPF API problems

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Anthony and all,

First, I would like to thank you for making your API available. I'm working on getting
gris to optionally use SPF to skip compliant domains (similar to milter-greylist). While
testing my code, I was able to test the milter on a medium load system and started
discovering that your SPF implementation is returning too much SPF_PASS. I then followed
up by creating a test program that simply calls spfCheckDomain() on hard coded data and
unfortunately there seems to be some bugs in the implementation. My specific test data is
IP: 192.168.2.2 (RFC1918, should not return PASS) Domain: msn.com. spfCheckDomain()
returns SPF_PASS (it should return a SOFTFAIL). Dropping a few printf's into spf.c shows
that your code has recursive problems. The msn.com SPF is a record of 4 includes
terminating with ~all, each include'ed domain has around 12 ip4: records with a ~all
termination. It looks like  the code is loading the first include properly, searches
through it, but then, instead of going 
to the next include, it ends the search and falls back to the top SPF_PASS default
qualifier. Using an IP from one of the SPF'd ranges in the first include'ed domain will
correctly end the search and exit SPF_PASS. I'm still looking into the code to find fixes.
Just thought I would give heads up to the list.

Sincerely,

--
Matanya

Lists Index Date Thread Search