On Wed 20/Aug/2014 03:38:32 +0200 Sam Varshavchik wrote:
> Xepher writes:
>
>> I've attached a patch (spf-recursive.patch) which, I believe,
>> properly resolves the issue. However, as the current SPF tests
>> provided with courier (./testspf -test=1) do not work (the DNS
>> records used are no longer configured with SPF as far as I can tell)
>> I don't have proper unit tests. It's also possible that I (and
>> several of the testing tools) are misunderstanding the RFC, but I
>> don't believe that is the case.
>>
>> Please let me know if any further details are needed.
>
> The patch looks fine. The internal checks use non-published DNS
> records, and they're ok.
The test described by Xepher is missing from openspf's "official" test
suite too. I run that suite against both original and patched Courier
implementations, and the output is the same, which I attach.
I notified the missing test to spf-discuss:
http://www.listbox.com/member/archive/735/2014/08/sort/time_rev/page/1/entry/0:3/20140821074716:DE5D196E-2928-11E4-BF33-896525C37004/
In the attachment, results are classified as OK, WRONG (rejecting a
message that should have passed), MISS (accept a message that could
have been rejected), or DIFF (accepting with a different code). The
source file of the (possibly buggy) driver for running the test suite
is at http://www.tana.it/courier-spf-test-suite.c
Ale
scenario 1 : Initial processing, 11 test(s), 9 zone(s)
1/11 toolonglabel: DIFF result=error instead of none
2/11 longlabel: OK
3/11 emptylabel: DIFF result=unknown instead of none
4/11 helo-not-fqdn: DIFF result=unknown instead of none
5/11 helo-domain-literal: DIFF result=unknown instead of none
6/11 nolocalpart: OK, but explanation differs
7/11 domain-literal: DIFF result=unknown instead of none
8/11 non-ascii-policy: DIFF result=unknown instead of error
9/11 non-ascii-mech: WRONG result=fail instead of error
10/11 non-ascii-result: DIFF result=unknown instead of error
11/11 non-ascii-non-spf: MISS result=unknown instead of fail
scenario 2 : Record lookup, 7 test(s), 7 zone(s)
1/7 both: OK
2/7 txtonly: OK
3/7 spfonly: DIFF result=unknown instead of none
4/7 spftimeout: OK
5/7 txttimeout: OK
6/7 nospftxttimeout: OK
7/7 alltimeout: OK
scenario 3 : Selecting records, 10 test(s), 10 zone(s)
1/10 nospace1: DIFF result=neutral instead of none
2/10 empty: OK
3/10 nospace2: OK
4/10 spfoverride: OK
5/10 multitxt1: DIFF result=unknown instead of error
6/10 multitxt2: DIFF result=unknown instead of error
7/10 multispf1: DIFF result=unknown instead of error, or fail
8/10 multispf2: OK
9/10 nospf: DIFF result=unknown instead of none
10/10 case-insensitive: OK
scenario 4 : Record evaluation, 12 test(s), 13 zone(s)
1/12 detect-errors-anywhere: DIFF result=pass instead of error
2/12 modifier-charset-good: OK
3/12 modifier-charset-bad1: DIFF result=pass instead of error
4/12 modifier-charset-bad2: DIFF result=pass instead of error
5/12 redirect-after-mechanisms1: OK
6/12 redirect-after-mechanisms2: OK
7/12 default-result: OK
8/12 redirect-is-modifier: DIFF result=pass instead of error
9/12 invalid-domain: DIFF result=unknown instead of error
10/12 invalid-domain-empty-label: MISS result=pass instead of fail, or error
11/12 invalid-domain-long: MISS result=unknown instead of fail, or error
12/12 invalid-domain-long-via-macro: MISS result=unknown instead of fail, or
error
scenario 5 : ALL mechanism syntax, 5 test(s), 6 zone(s)
1/5 all-dot: DIFF result=neutral instead of error
2/5 all-arg: DIFF result=neutral instead of error
3/5 all-cidr: DIFF result=neutral instead of error
4/5 all-neutral: OK
5/5 all-double: OK
scenario 6 : PTR mechanism syntax, 6 test(s), 8 zone(s)
1/6 ptr-cidr: WRONG result=fail instead of error
2/6 ptr-match-target: OK
3/6 ptr-match-implicit: OK
4/6 ptr-nomatch-invalid: OK
5/6 ptr-match-ip6: requires IPv6
6/6 ptr-empty-domain: DIFF result=neutral instead of error
scenario 7 : A mechanism syntax, 29 test(s), 27 zone(s)
1/29 a-cidr6: MISS result=unknown instead of fail
2/29 a-bad-cidr4: DIFF result=unknown instead of error
3/29 a-bad-cidr6: DIFF result=unknown instead of error
4/29 a-dual-cidr-ip4-match: OK
5/29 a-dual-cidr-ip4-err: DIFF result=pass instead of error
6/29 a-dual-cidr-ip6-match: requires IPv6
7/29 a-dual-cidr-ip4-default: OK
8/29 a-dual-cidr-ip6-default: requires IPv6
9/29 a-multi-ip1: OK
10/29 a-multi-ip2: OK
11/29 a-bad-domain: DIFF result=unknown instead of error
12/29 a-nxdomain: MISS result=unknown instead of fail
13/29 a-cidr4-0: OK
14/29 a-cidr4-0-ip6: requires IPv6
15/29 a-cidr6-0-ip4: MISS result=unknown instead of fail
16/29 a-cidr6-0-ip4mapped: requires IPv6
17/29 a-cidr6-0-ip6: requires IPv6
18/29 a-ip6-dualstack: requires IPv6
19/29 a-cidr6-0-nxdomain: requires IPv6
20/29 a-null: DIFF result=pass instead of error
21/29 a-numeric: DIFF result=unknown instead of error
22/29 a-numeric-toplabel: DIFF result=unknown instead of error
23/29 a-dash-in-toplabel: OK
24/29 a-bad-toplabel: DIFF result=unknown instead of error
25/29 a-only-toplabel: DIFF result=unknown instead of error
26/29 a-only-toplabel-trailing-dot: DIFF result=unknown instead of error
27/29 a-colon-domain: DIFF result=unknown instead of pass
28/29 a-colon-domain-ip4mapped: requires IPv6
29/29 a-empty-domain: DIFF result=unknown instead of error
scenario 8 : Include mechanism semantics and syntax, 9 test(s), 15 zone(s)
1/9 include-fail: OK
2/9 include-softfail: OK
3/9 include-neutral: OK
4/9 include-temperror: OK
5/9 include-permerror: DIFF result=pass instead of error
6/9 include-syntax-error: DIFF result=pass instead of error
7/9 include-cidr: DIFF result=unknown instead of error
8/9 include-none: DIFF result=unknown instead of error
9/9 include-empty-domain: DIFF result=unknown instead of error
scenario 9 : MX mechanism syntax, 21 test(s), 19 zone(s)
1/21 mx-cidr6: MISS result=error instead of fail
2/21 mx-bad-cidr4: OK
3/21 mx-bad-cidr6: OK
4/21 mx-multi-ip1: OK
5/21 mx-multi-ip2: OK
6/21 mx-bad-domain: OK
7/21 mx-nxdomain: MISS result=error instead of fail
8/21 mx-cidr4-0: OK
9/21 mx-cidr4-0-ip6: requires IPv6
10/21 mx-cidr6-0-ip4: MISS result=error instead of fail
11/21 mx-cidr6-0-ip4mapped: requires IPv6
12/21 mx-cidr6-0-ip6: requires IPv6
13/21 mx-cidr6-0-nxdomain: requires IPv6
14/21 mx-null: DIFF result=pass instead of error
15/21 mx-numeric-top-label: OK
16/21 mx-colon-domain: DIFF result=error instead of pass
17/21 mx-colon-domain-ip4mapped: requires IPv6
18/21 mx-bad-toplab: OK
19/21 mx-empty: DIFF result=unknown instead of neutral
20/21 mx-implicit: DIFF result=error instead of neutral
21/21 mx-empty-domain: OK
scenario 10 : EXISTS mechanism syntax, 7 test(s), 9 zone(s)
1/7 exists-empty-domain: DIFF result=neutral instead of error
2/7 exists-implicit: DIFF result=neutral instead of error
3/7 exists-cidr: DIFF result=neutral instead of error
4/7 exists-ip4: OK
5/7 exists-ip6: requires IPv6
6/7 exists-ip6only: requires IPv6
7/7 exists-dnserr: requires IPv6
scenario 11 : IP4 mechanism syntax, 9 test(s), 10 zone(s)
1/9 cidr4-0: OK
2/9 cidr4-32: OK
3/9 cidr4-33: DIFF result=pass instead of error
4/9 cidr4-032: DIFF result=pass instead of error
5/9 bare-ip4: DIFF result=neutral instead of error
6/9 bad-ip4-port: DIFF result=neutral instead of error
7/9 bad-ip4-short: DIFF result=neutral instead of error
8/9 ip4-dual-cidr: DIFF result=neutral instead of error
9/9 ip4-mapped-ip6: requires IPv6
scenario 12 : IP6 mechanism syntax, 9 test(s), 7 zone(s)
1/9 bare-ip6: WRONG result=fail instead of error
2/9 cidr6-0-ip4: OK
3/9 cidr6-ip4: requires IPv6
4/9 cidr6-0: requires IPv6
5/9 cidr6-129: DIFF result=neutral instead of error
6/9 cidr6-bad: DIFF result=neutral instead of error
7/9 cidr6-33: requires IPv6
8/9 cidr6-33-ip4: OK
9/9 ip6-bad1: DIFF result=neutral instead of error
scenario 13 : Semantics of exp and other modifiers, 23 test(s), 35 zone(s)
1/23 redirect-none: DIFF result=unknown instead of error
2/23 redirect-cancels-exp: OK
3/23 redirect-syntax-error: DIFF result=neutral instead of error
4/23 include-ignores-exp: OK
5/23 redirect-cancels-prior-exp: OK
6/23 invalid-modifier: DIFF result=neutral instead of error
7/23 empty-modifier-name: DIFF result=neutral instead of error
8/23 dorky-sentinel: OK
9/23 exp-multiple-txt: OK
10/23 exp-no-txt: OK
11/23 exp-dns-error: OK
12/23 exp-empty-domain: WRONG result=fail instead of error
13/23 explanation-syntax-error: OK
14/23 exp-syntax-error: DIFF result=neutral instead of error
15/23 exp-twice: WRONG result=fail instead of error
16/23 redirect-empty-domain: DIFF result=neutral instead of error
17/23 redirect-twice: WRONG result=fail instead of error
18/23 unknown-modifier-syntax: WRONG result=fail instead of error
19/23 default-modifier-obsolete: OK
20/23 default-modifier-obsolete2: OK
21/23 non-ascii-exp: OK
22/23 two-exp-records: OK
23/23 exp-void: MISS result=unknown instead of fail
scenario 14 : Macro expansion rules, 24 test(s), 41 zone(s)
1/24 trailing-dot-domain: OK
2/24 trailing-dot-exp: OK
3/24 exp-only-macro-char: WRONG result=fail instead of error
4/24 invalid-macro-char: DIFF result=neutral instead of error
5/24 invalid-embedded-macro-char: DIFF result=neutral instead of error
6/24 invalid-trailing-macro-char: DIFF result=neutral instead of error
7/24 macro-mania-in-domain: DIFF result=unknown instead of pass
8/24 exp-txt-macro-char: OK, but explanation differs
9/24 domain-name-truncation: OK, but explanation differs
10/24 v-macro-ip4: OK
11/24 v-macro-ip6: requires IPv6
12/24 undef-macro: requires IPv6
13/24 p-macro-ip4-novalid: OK, but explanation differs
14/24 p-macro-ip4-valid: OK, but explanation differs
15/24 p-macro-ip6-novalid: requires IPv6
16/24 p-macro-ip6-valid: requires IPv6
17/24 p-macro-multiple: DIFF result=neutral instead of pass, or softfail
18/24 upper-macro: OK, but explanation differs
19/24 hello-macro: DIFF result=unknown instead of pass
20/24 invalid-hello-macro: MISS result=unknown instead of fail
21/24 hello-domain-literal: MISS result=unknown instead of fail
22/24 require-valid-helo: MISS result=unknown instead of fail
23/24 macro-reverse-split-on-dash: OK
24/24 macro-multiple-delimiters: DIFF result=neutral instead of pass
scenario 15 : Processing limits, 11 test(s), 15 zone(s)
1/11 redirect-loop: DIFF result=unknown instead of error
2/11 include-loop: DIFF result=unknown instead of error
3/11 mx-limit: DIFF result=pass instead of error
4/11 ptr-limit: OK, but not first choice
5/11 false-a-limit: OK
6/11 mech-at-limit: OK
7/11 mech-over-limit: OK
8/11 include-at-limit: OK
9/11 include-over-limit: DIFF result=pass instead of error
10/11 void-at-limit: DIFF result=unknown instead of neutral
11/11 void-over-limit: DIFF result=unknown instead of error
168 total tests in 15 scenarios
8 wrongly issued fail
14 miss to issue fail
74 different result code
25 skipped
72 ok
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
