Public bug reported:
Intermediate CNAMEs encountered while parsing SPF records confuse python-spf
into returning a hard error (domain has two or more type TXT spf records) when
really there is no second SPF record, and the existing one is indeed valid.
Discovered while manually looking at the SPF record for
"support.zendesk.com" (which was in turn included by the SPF record for
"dropbox.com"):
$ /usr/share/pyshared/spf.py support.zendesk.com
PermError: Two or more type TXT spf records found.
$ host -t txt support.zendesk.com
support.zendesk.com is an alias for www.shard-2.int.zendesk.com.
www.shard-2.int.zendesk.com is an alias for www.pod-1.int.zendesk.com.
www.pod-1.int.zendesk.com descriptive text "v=spf1 ip4:184.106.12.190
ip4:173.203.47.176 ip4:173.203.47.177 ~all"
$ /usr/share/pyshared/spf.py www.pod-1.int.zendesk.com
v=spf1 ip4:184.106.12.190 ip4:173.203.47.176 ip4:173.203.47.177 ~all
In other words, the SPF record for www.pod-1.int.zendesk.com is valid, and
so is the one for support.zendesk.com, but the (double) indirection via
CNAME(s) causes an error.
The consequence is some domains with valid SPF records are perceived as
having faulty ones, and then depending on how SPF is used on the receiving
end, email messages from the affected domains may be mis-classified as spam
or outright rejected.
TEST CASE: using the existing package, do:
$ /usr/share/pyshared/spf.py support.zendesk.com
See the error that's generated:
PermError: Two or more type TXT spf records found.
Install the updated packages and repeat:
$ /usr/share/pyshared/spf.py support.zendesk.com
See that you now get the correct reply:
v=spf1 ip4:184.106.12.190 ip4:173.203.47.176 ip4:173.203.47.177 ~all
** Affects: pyspf (Ubuntu)
Importance: High
Status: Fix Released
** Affects: pyspf (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: pyspf (Ubuntu Maverick)
Importance: Undecided
Status: New
** Affects: pyspf (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: pyspf (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Affects: pyspf (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #663595
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663595
** Also affects: pyspf (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663595
Importance: Unknown
Status: Unknown
** Also affects: pyspf (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: pyspf (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: pyspf (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: pyspf (Ubuntu Oneiric)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954936
Title:
Gets confused by CNAMEs while parsing SPF records
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyspf/+bug/954936/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
