http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4836
Summary: Mail::SPF::Query::myquery must sanity-check $label
Product: Spamassassin
Version: 3.1.1
Platform: Other
URL: http://mccarthy.vg/
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Mail::SPF::Query::myquery() doesn't check $label for compliance with the RFC
before it calls
my $resquery = $query->resolver->query($label, $qtype);
As a result, if $label is longer than 63 chars, Net::DNS::Packet::dn_comp()
croaks. This dumps several of
these a day into my /var/log/syslog:
Mar 21 05:28:59 localhost spamd[4571]: spf: lookup failed: length of
hyper_luckylady8754158754_lookserver772_serebusystem03_heavensgift55 is larger
than 63 octets at
/usr/lib/perl5/Net/DNS/Question.pm line 179
I asked the author of Net::DNS about this and he pointed out:
>It is part of the spec (RFC1035 section 2.3.1. "Preferred name syntax")
>
>> The labels must follow the rules for ARPANET host names. They must
>> start with a letter, end with a letter or digit, and have as interior
>> characters only letters, digits, and hyphen. There are also some
>> restrictions on the length. Labels must be 63 characters or less.
If you need more debugging info, I changed the croak to a confess so I have a
stack trace in my logs.
Email me and I'll send it. The functions on the top of the stack were
Mail::SpamAssassin::Plugin::SPF::check_for_spf_helo_pass
Mail::SpamAssassin::Plugin::SPF::_check_spf
Mail::SpamAssassin::Timeout::run_and_catch
Mail::SpamAssassin::Timeout::_run
eval {...}
Mail::SpamAssassin::Plugin::SPF::__ANON__
Mail::SPF::Query::result
Mail::SPF::Query::spfquery
DirectiveSet::new
Mail::SPF::Query::myquery
Net::DNS::Resolver::Base::query
Net::DNS::Resolver::Base::send
Net::DNS::Packet::data
Net::DNS::Question::data
Net::DNS::Packet::dn_comp
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
