https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8280

--- Comment #6 from Bill Cole <billc...@apache.org> ---
(In reply to William Herrin from comment #3)
> Howdy,
> 
> My resolver does TCP fallback fine, as evidenced by the successful "dig"
> command.

Dig sidesteps the system resolver and does DNS on its own without looking at
nsswitch or resolv.conf. 

> Does the SPF module successfully do TCP fallback?

Well, it does on the 3 machines I've tested this on, because it relies on 
Net::DNS which is at v1.46 on all of them. That does not guarantee that the
version on your system will. 

You can get (LOTS) more details on what SA thinks it is doing here by adding
"-D spf,dns" to the spamassassin command line. In the resulting spew of
information, each DNS query will have a line like this:

Sep 24 16:54:20.805 [98443] dbg: dns: providing a callback for id:
8883/IN/TXT/overdrive.com

And an answer later in the scan with the same id followed by a SPF line, like
these:

Sep 24 16:54:20.814 [98443] dbg: dns: dns reply 8883 is OK, 18 answer records
Sep 24 16:54:20.826 [98443] dbg: spf: query for
donotre...@overdrive.com/207.54.136.3/postfix1c.hq.overdrive.com: result: pass,
comment: , text: Mechanism 'ip4:207.54.136.3' matched

Of course, those are from a successful scan, but you will at least have the
'callback' line when the query is issued and *something* with the same ID
later. That will hopefully provide a useful clue.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to