Bug#892477: spf-milter-python: If connection is IPv6, milter says "Void lookup limit of 2 exceeded"

Fri, 09 Mar 2018 04:57:43 -0800 

Package: spf-milter-python
Version: 0.8.18-2
Severity: grave
Tags: ipv6
Justification: causes non-serious data loss

Dear Maintainer,

I noted that when someone at mdh.se tries to send e-mail to us, and the 
connection is from 
an IPv6-address (almost all connections are these days), spf-milter-python will 
reply "Void 
lookup limit of 2 exceeded". The domain always passes all checks on both 
mxtoolbox.com/spf.aspx and http://www.kitterman.com/spf/validate.html.

I even had a loop running for a day, using spfquery to log the results while 
waiting for a 
failing e-mail. When the mail-server responded "Void lookup limit of 2 
exceeded", the data
in the diagnostic-log looked correct and had not failed.

I can reproduce this by telnetting my SMTP-gateway, and pretend to be sending 
from mdh.se. If
I connect over an IPv6-connection I get a "Void lookup limit of 2 exceeded", 
every time. If 
I telnet the IPv4-address of the SMTP-gateway i get a soft-error (expected 
result).

I have the same software on the other SMTP-gateway, and it has the same 
behaviour.

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages spf-milter-python depends on:
ii  adduser        3.115
ii  lsb-base       9.20161125
ii  python         2.7.13-2
ii  python-milter  1.0-2
ii  python-spf     2.0.12t-3

spf-milter-python recommends no packages.

Versions of packages spf-milter-python suggests:
ii  sendmail  8.15.2-8

-- Configuration Files:
/etc/spf-milter-python/spfmilter.cfg changed:
[milter]
socketname = /var/run/spf-milter-python/spfmiltersock
;umask = 0177
name = pyspffilter
;trusted_relay =
internal_connect = 
127.0.0.1,192.168.0.0/16,10.0.0.0/8,IPv6:0:0:0:0:0:0:0:1,::1,0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1
;best_guess = v=spf1 a mx ptr ?all
;delegate = domain.com
untrapped_exception = CONTINUE
[spf]
access_file = /etc/mail/access.db
;access_file_nulls = false
;trusted_forwarder = careerbuilder.com


-- no debconf information

Reply via email to