Package: libspf2-2 Version: 1.2.10-7.2+b1 Severity: important Dear Maintainer,
Exim, which uses SPF checks in my setup, gave me a failed SPF check on an email. I looked into the issue and it seems to me that it should actually pass. The sender domain is wolterskluwer.com, that has 59 TXT records in its DNS. The SPF record is quite convoluted, and I was expecting some sort of failure in recursively handling the included records, since the IP that failed was one of salesforce that is the last inclusion and also uses a complex construct. But it seems it's something far more easy, since the command spfquery -debug=3 -ip=13.48.121.234 -sender=wolterskluwer.com that is the "manual" query for the email that failed SPF test, gives an output that states: Response result: none Response reason: (invalid reason) Response err: Could not find a valid SPF record While in the (long) series of TXT records that are resolved, there is one SPF record that seems valid to me. v=spf1 include:spf.wolterskluwer.com include:spf2.wolterskluwer.com ~all So it seems that with such a long list of TXT records, libspf fails to find the spf record at all. I have checked the whole inclusion chain manually (by using nslookup and checking responses) and it should actually pass. I have checked it using an online tool at https://www.kitterman.com/spf/validate.html and it does indeed pass. I have also reported the bug upstream at https://github.com/shevek/libspf2/issues/55 -- System Information: Debian Release: 12.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-28-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libspf2-2 depends on: ii libc6 2.36-9+deb12u9 libspf2-2 recommends no packages. libspf2-2 suggests no packages. -- no debconf information
