0 Replies Latest reply: Mar 15, 2013 7:18 PM by mathew_chan RSS

    SPF IPv4 IPv6 Cross-Checking Bug - Producing PermError, Rejecting Mails

    mathew_chan
      Messaging Server SPF Query with IPv6 and IPv4 cross checking not skipped, but rather producing a PermError. This would reject a lot of incoming mails which have both ipv4 and ipv6 spf records published.

      I suspect that it is a bug.

      Linux:

      bin/imsimta version

      Oracle Communications Messaging Server 7u4-27.01(7.0.4.27.0) 64bit (built Aug 30 2012)
      libimta.so 7u4-27.01 64bit (built 08:50:46, Aug 30 2012)
      Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
      Linux mx1.mathewsystems.com 2.6.18-028stab101.1 #1 SMP Sun Jun 24 19:50:48 MSD 2012 x86_64 x86_64 x86_64 GNU/Linux


      Solaris x86:

      bin/imsimta version
      Oracle Communications Messaging Server 7u4-27.01(7.0.4.27.0) 64bit (built Aug 30 2012)
      libimta.so 7u4-27.01 64bit (built 08:47:11, Aug 30 2012)
      Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
      SunOS COMM1 5.10 Generic_147441-01 i86pc i386 i86pc

      -----

      ./spfquery -i 2a00:1450:400c:c05::22e -v gmail.com

      Running SPF query with:
      IP address: 2a00:1450:400c:c05::22e
      Domain: gmail.com
      Sender: postmaster@gmail.com (local-part: postmaster)
      HELO Domain: gmail.com

      01:09:35.41: ----------------------------------------------------------------
      01:09:35.41: SPFcheck_host called:
      01:09:35.41: source ip = 2a00:1450:400c:c05::22e
      01:09:35.41: domain = gmail.com
      01:09:35.41: sender = postmaster@gmail.com
      01:09:35.41: local_part = postmaster
      01:09:35.41: helo_domain = gmail.com
      01:09:35.41:
      01:09:35.41: Looking up "v=spf1" records for gmail.com
      01:09:35.42: DNS query status: Pass
      01:09:35.42: "v=spf1 redirect=_spf.google.com"
      01:09:35.42:
      01:09:35.42: Parsing modifier: "redirect = _spf.google.com"
      01:09:35.42: Processing macros in _spf.google.com
      01:09:35.42: Returned: _spf.google.com
      01:09:35.42:
      01:09:35.42: No match found, following redirect to _spf.google.com
      01:09:35.42: Recursing into SPFcheck_host
      01:09:35.42: ----------------------------------------------------------------
      01:09:35.42: SPFcheck_host called:
      01:09:35.42: source ip = 2a00:1450:400c:c05::22e
      01:09:35.42: domain = _spf.google.com
      01:09:35.42: sender = postmaster@gmail.com
      01:09:35.42: local_part = postmaster
      01:09:35.42: helo_domain = gmail.com
      01:09:35.42:
      01:09:35.42: Looking up "v=spf1" records for _spf.google.com
      01:09:35.43: DNS query status: Pass
      01:09:35.43: "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ?all"
      01:09:35.43:
      01:09:35.43: Parsing mechanism: " include : _netblocks.google.com"
      01:09:35.43: Assuming a Pass prefix
      01:09:35.43: Processing macros in _netblocks.google.com
      01:09:35.43: Returned: _netblocks.google.com
      01:09:35.43: Recursing into SPFcheck_host
      01:09:35.43: ----------------------------------------------------------------
      01:09:35.43: SPFcheck_host called:
      01:09:35.43: source ip = 2a00:1450:400c:c05::22e
      01:09:35.43: domain = _netblocks.google.com
      01:09:35.43: sender = postmaster@gmail.com
      01:09:35.43: local_part = postmaster
      01:09:35.43: helo_domain = gmail.com
      01:09:35.44:
      01:09:35.44: Looking up "v=spf1" records for _netblocks.google.com
      01:09:35.44: DNS query status: Pass
      01:09:35.44: "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
      01:09:35.44:
      *01:09:35.44: Parsing mechanism: " ip4 : 216.239.32.0/19"*
      *01:09:35.44: Assuming a Pass prefix*
      *01:09:35.44: +"ip4" not supported for IPv6; returning PermError+*
      +01:09:35.44:   Mechanism failed with PermError+
      01:09:35.44:
      01:09:35.44: SPFcheck_host is returning PermError
      01:09:35.45: Returned from recursion with status: PermError
      01:09:35.45: Returning with status: PermError
      01:09:35.45: Mechanism failed with PermError
      01:09:35.45:
      01:09:35.45: SPFcheck_host is returning PermError
      01:09:35.45: Returned from recursion with status: PermError
      01:09:35.45:
      01:09:35.45: SPFcheck_host is returning PermError
      01:09:35.45: ----------------------------------------------------------------



      Mathew

      Edited by: 994254 on 15.03.2013 17:18