Hi, I am the upstream author of Mail::SPF. Two things first:

 1. The policyd timeout is indeed a postfix-policyd-spf-perl issue. Maybe I can 
add an option to Mail::SPF that allows a shorter timeout period (than the 
Net::DNS default) to be specified.
 2. The SERVFAIL DNS status code (RCODE 2) does NOT mean "unsupported 
operation". According to RFC 1035, it means "The name server was unable to 
process this query due to a problem with the name server". There is another 
status code, "Not Implemented" (RCODE 4), that means "The name server does not 
support the requested kind of query". Please do not conflate the two. Thus, 
interpreting SERVFAIL as "not found" is inappropriate because it could just as 
well mean "out of memory" or "out of database connections, try again later".

Now on to the Mail::SPF issue. If you look at
<http://spf.pastebin.com/f3b588a5a>, the name servers responsible for
smtp03.hkpc.org really seem to have a much bigger problem than not
supporting the SPF RR type. Based on this, the TempError returned by
Mail::SPF appears to me as being absolutely justified, regardless of
Mail::SPF's handling of the SPF RR type.

However, concerning the handling of the SPF RR type, understand that
while Mail::SPF queries for both the SPF and TXT RR types (in this
order), only the SPF-type lookup failing isn't enough for TempError to
be returned. If the SPF-type lookup fails but the (following) TXT-type
lookup succeeds, Mail::SPF silently uses the TXT response to calculate
an SPF result. Only if /both/ the SPF- and TXT-type lookups fail does it
return an error (based on the result of the SPF-type lookup, which was
the first performed).

-- 
SPF rejects mail on unsupported SPF RR type
https://bugs.launchpad.net/bugs/161133
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to