Package: tumgreyspf
Version: 1.35-7
Severity: wishlist
tumgreyspf 1.35 (current version in Debian) causes mail to be rejected, if the
sender-domain has an invalid SPF record (SPF check returns a "Permerror").
This can cause valid mail to be rejected.
In version 1.36, released a couple of weeks ago, this was changed so it is
now configurable what tumgreyspf should do in the case of invalid SPF records,
and the default was set to accept mail when that is the case.
I would suggest this change be included in a future Debian release, and
hopefully
as an update to Squeeze. The attached patch is taken directly from a diff
between
version 1.35 and the new 1.36, and will implement this change.
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tumgreyspf depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii passwd 1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
ii python 2.6.6-3+squeeze6 interactive high-level object-orie
ii python-spf 2.0.5-2 sender policy framework (SPF) modu
ii spfquery 1.2.9-4 query SPF (Sender Policy Framework
tumgreyspf recommends no packages.
tumgreyspf suggests no packages.
-- Configuration Files:
/etc/cron.daily/tumgreyspf changed [not included]
-- no debconf information
diff -ur ../tumgreyspf-1.35//tumgreyspf ./tumgreyspf
--- ../tumgreyspf-1.35//tumgreyspf 2009-07-24 01:59:00.000000000 +0200
+++ ./tumgreyspf 2011-11-24 15:14:38.000000000 +0100
@@ -119,11 +119,16 @@
))
syslog.syslog('%s: %s; %s' % ( spfReason, queue_id, spfDetail ))
- if spfResult == 'Fail' or spfResult == 'Permerror':
+ if spfResult == 'Fail':
+ return(( 'reject', '%s SPF Reports: %s' % ( queue_id, spfReason )))
+
+ spfAcceptOnPermError = configGlobal.get('spfAcceptOnPermError', 1)
+ if spfResult == 'Permerror' and not spfAcceptOnPermError:
return(( 'reject', '%s SPF Reports: %s' % ( queue_id, spfReason )))
if spfResult == 'Temperror':
return(( 'defer', '%s SPF Reports: %s' % ( queue_id, spfReason )))
+
header = ('Received-SPF: '+ spfResult + ' (' + spfReason
+ ') ' + spfDetail)
diff -ur ../tumgreyspf-1.35//tumgreyspf.conf ./tumgreyspf.conf
--- ../tumgreyspf-1.35//tumgreyspf.conf 2009-07-24 01:59:00.000000000 +0200
+++ ./tumgreyspf.conf 2011-11-24 15:14:38.000000000 +0100
@@ -42,3 +42,11 @@
# originating machine, not by IP, sender address, and reciever address
# as is the default. This option honors the 'ingoreLastByte' option.
greylistByIPOnly = 1
+
+# If set to zero, permanent spf errors will reject the message.
+# If set to one, permanent spf errors do not reject the message.
+# Permanent errors are user errors in the domains SPF record
+# that cause SPF processing to fail: for example typos, recursive
+# inclusion, having two spf records for a domain, etc.
+# Default is 1
+spfAcceptOnPermError = 1
