Bug#564576: libspf0: fails with IPv6

Sun, 10 Jan 2010 04:50:49 -0800 

Package: libspf0
Version: 0.999-1.0.0-p3.dfsg-2
Severity: important

Hello,

It seems that libspf0 has a problem with validation of IPv6 addresses. I
discovered this problem with spfmilter, and I could reproduce it with
spfqtool. Here is the transcript of a test, with spfquery (libspf2) and
spfqtool (libspf0):
    % spfquery -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s 
foo...@listes.ortolo.eu
    pass                                                                        
    
    
    spfquery: domain of listes.ortolo.eu designates 
2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender
    Received-SPF: pass (spfquery: domain of listes.ortolo.eu designates 
2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender) 
client-ip=2a01:e34:ee8f:150:201:c0ff:fe04:d58b; 
envelope-from=foo...@listes.ortolo.eu;

    % spfqtool -h vanvogt.ortolo.eu -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s 
foo...@listes.ortolo.eu
    SPF short result:   fail                                                    
                         
    SPF verbose result: policy result: [fail] from rule [-all]
    RFC2822 header:     Received-SPF: fail (vanvogt.ortolo.eu: domain of 
foo...@listes.ortolo.eu does not designate 2a01:e34:ee8f:15 as permitted 
sender) receiver=vanvogt.ortolo.eu; client_ip=2a01:e34:ee8f:15; 
envelope-from=foo...@listes.ortolo.eu;

Here, spfquery is right and spfqtool is wrong, because:
    listes.ortolo.eu.   86400   IN  SPF     "v=spf1 +a:mx1.ortolo.eu 
+a:mx2.ortolo.eu -all"
    mx2.ortolo.eu.      86400   IN  AAAA    2a01:e34:ee8f:150:201:c0ff:fe04:d58b
(yes, the RFC for SPF defines the “a:” mechanism with A or AAAA lookups,
depending on the IP address family).

Regards,

-- 
Tanguy Ortolo

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.31.5-grsec-xxxx-grs-ipv6-32 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libspf0 depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries

libspf0 recommends no packages.

libspf0 suggests no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to