Package: libmail-spf-query-perl Version: 1:1.999.1-3 Severity: normal
Hi, By defauly spfquery limits itself to 10 DNS lookups. This can be overridden from the command line. It returns an "unknown" response if more than 10 lookups are needed. It seems that getting all the SPF information for paypal.com takes 11 lookups. (It looks like there is a limit on the length of the TXT record, and in order to list all its IP ranges paypal has to use a number of includes.) Since phishing emails with a forged @paypal.com sender are rather common, I suggest slightly increasing the default limit to accommodate it. Or, perhaps the limit could be substantially increased, e.g. 50 - I can't think what it's guarding against, except for misconfigured SPF records with include loops, and I'm not aware of that being a serious problem. I note that the limit was reduced from 20 to 10 in 1.998-1, but I am unaware of the rationale for that. Regards, Phil. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages libmail-spf-query-perl depends on: ii libnet-cidr-lite-perl 0.20-1 Merge IPv4 or IPv6 CIDR address ra ii libnet-dns-perl 0.60-1 Perform DNS queries from a Perl sc ii libsys-hostname-long-perl 1.4-1 Figure out the long (fully-qualifi ii liburi-perl 1.35.dfsg.1-1 Manipulates and accesses URI strin ii perl 5.8.8-7 Larry Wall's Practical Extraction libmail-spf-query-perl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
