Package: python-spf Version: 2.0.10-1 Severity: important Tags: upstream The RFC 4408 and RFC 7208 ABNF for SPF (Sender Policy Framework) records allow for multiple spaces between different terms in the record. Currently, python-spf gets this wrong and raises errors in this case. This can result in mail being rejected incorrectly in cases where senders have published such records.
This has been fixed upstream (based on feedback about a real world case of it being problematic), but a new upstream release will not be available to meet the Jessie important bug fix cutoff, so backporting the one line change would be a good idea. Here's an example using the python-spf module as a script: $ /usr/lib/python2.7/dist-packages/spf.py "v=spf1 +mx +ip4:10.0.0.1 -all" 10.0.0.1 [email protected] a (('pass', 250, 'sender SPF authorized'), '+ip4:10.0.0.1') $ /usr/lib/python2.7/dist-packages/spf.py "v=spf1 +mx +ip4:10.0.0.1 -all" 10.0.0.1 [email protected] a (('permerror', 550, 'SPF Permanent Error: Unknown mechanism found'), '+ip4:10.0.0.1') -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
