On 09/Feb/11 05:13, Mark Constable wrote: > On 09/02/11, Sam Varshavchik wrote: >> The only thing I can think of would be a transient DNS lookup >> failure for pobox.com. mailfromok is accepted only if the SPF >> lookup on the MAIL FROM resulted in pass. > > That may be possible because I'm in AU and a lookup I just did > now from the same mailserver was... > > ~ dig txt pobox.com > ;; Query time: 245 msec
>> A transient DNS lookup failure results in an SPF softfail >> result, rather. Isn't it TempError? RFC 4408 says (sect. 4.4) If all DNS lookups that are made return a server failure (RCODE 2), or other error (RCODE other than 0 or 3), or time out, then check_host() exits immediately with the result "TempError". and (sect. 5) Several mechanisms rely on information fetched from DNS. For these DNS queries, except where noted, if the DNS server returns an error (RCODE other than 0 or 3) or the query times out, the mechanism throws the exception "TempError". If the server returns "domain does not exist" (RCODE 3), then evaluation of the mechanism continues as if the server returned no error (RCODE 0) and zero answer records. and in such cases (sect 2.5.6) A "TempError" result means that the SPF client encountered a transient error while performing the check. Checking software can choose to accept or temporarily reject the message. If the message is rejected during the SMTP transaction for this reason, the software SHOULD use an SMTP reply code of 451 and, if supported, the 4.4.3 DSN code. >> I think this is probably wrong; mailfromok should be accepted if >> the SPF lookup resulted in softfail, as well... > > So courier is "at fault" in this particular corner case? Well, testing BOFHSPFFROM is obviously non-standard. For the TempError issue above, without looking at the code, I recall Courier passes the timeout tests (scenario 2) --according to the results I posted a couple of years ago: http://www.mail-archive.com/[email protected]/msg33232.html -- ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
