Bill Cole wrote:
Bug 8021 reports breakage in SPF checking for dhl.com mail, due to an
inability to resolve theĀ SPF TXT record for dhl.com. That breakage is
essentially due to DHL having far too many TXT records (some are clearly
stale) and having a SPF record which is right at the limit of
complexity, having 10 'include' directives at the top level.
If anyone has samples of real legitimate mail from a dhl.com address,
please share. I'm seeking a way to reproduce the reported bug, which
strikes me as too stupid to be real; we SHOULD have noticed long before
now if SPF lookups were not handling UDP truncation of replies.
The newest one I have on file (headers below, should be enough to test
SPF) is a bit old; Feb 2021. I just rechecked and the complete
original passed both SPF and DKIM without complaint on SA 3.4.6 on
Debian 10.
Delivered-To: [email protected]
Return-Path: <[email protected]>
Received: from gateway2h.dhl.com (gateway2h.dhl.com [199.40.206.31]) by
mx2.vianet.ca (Postfix) with ESMTPS id 69E9C100C9E for
<[email protected]>;
Tue, 23 Feb 2021 07:39:41 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dhl.com; l=35875;
s=20140901; t=1614083981; h=date:from:to:message-id:subject:mime-version;
bh=DIpnjzWIqceTkeAfTQXi/K36OKJqsxnmJxUdU+eemXU=;
b=exBQWWKggKa2c/ZuOeuwZBUx80u4IzrsKwSToUeyFR5wE9sb1oTbpnAp
3DJ4iSPWdwc8JJTAlwNXmQZXYSMwCy1WBHOh3ISkTrGKf8mqQ4AQSfGmz
QOLWJtFD1oCx0Bdxk6fiAimrLLv7bcYWJfch9Y2Jg5FYfsZYmxFhfzQHi
4UL8dPVFmhnUa/6GbzrWAGZ/fIY62vFcgAVRoFJrFoUg+rJpWUuBO5FdL
Ap0vK0NYSR6NvZPBJjOfcADJVzgucYOoiTk5luWUx7BoyZzx+RrYR3hvu
6fl1x9+EBQt5+4Rd2HTON/gvSmnmc2x6zsxWXmTllAxBAOsuh8nC9nwad g==;
Received: from mykullspc000017.apis.dhl.com ([199.40.12.27]) by
gateway2h.dhl.com with ESMTP; 23 Feb 2021 12:39:36 +0000
Date: Tue, 23 Feb 2021 12:39:36 +0000 (UTC)
From: DHL EXPRESS <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
Subject: DHL On Demand Delivery
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_834663_677665159.1614083976694"
-kgd
