Hello, I'm experiencing some issues with SPF checking, which in some cases can execute during more than 20 seconds when the remote DNS servers do not respond to type 99 DNS requests because of some firewall filtering.
With Google for example, no problems (tcpdump snapshot) : 08:57:15.258710 IP 10.10.100.45790 > 8.8.8.8.domain: 10980+ Type99? yahoo.fr. (26) 08:57:15.308105 IP 8.8.8.8.domain > 10.10.100.45790: 10980 0/1/0 (106) But when type 99 is filtered, no response is returned : 09:07:33.773695 IP 10.10.100.2.45983 > HIDDEN.domain: 19161 Type99? HIDDEN. (38) 09:07:35.776550 IP 10.10.100.2.45983 > HIDDEN.domain: 3 Type99? HIDDEN. (38) 09:07:43.778003 IP 10.10.100.2.45983 > HIDDEN.domain: 50260 Type99? HIDDEN. (38) 09:07:51.780149 IP 10.10.100.2.45983 > HIDDEN.domain: 58838 Type99? HIDDEN. (38) I bumped into this with a client of mine and now that he has removed the type 99 filtering on his firewall, everything's smooth. But is there a way to specify some sort of timeout in an ACL ? defer_ok ? delay ? Unfortunatelly I can't easily do testing on my production mail platform. As far as I understand, libspf2 looks up for type 99 (SPF) records and if a 'no such record' is returned, moves on to a type 16 (TXT) lookup. The problem here is that libspf2 never gets a response and remote SMTP servers close the connection considering it has timed out. Thanks for your help. Christian -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
