Skip Menu |
 

This queue is for tickets about the Mail-SPF CPAN distribution.

Report information
The Basics
Id: 88390
Status: patched
Priority: 0/
Queue: Mail-SPF

People
Owner: JMEHNLE [...] cpan.org
Requestors: jhall [...] efolder.net
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From jhall [...] efolder.net Tue Sep 3 12: 44:44 2013
MIME-Version: 1.0
X-Spam-Status: No, score=-6.111 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779, T_FRT_ADULT2=0.01] autolearn=ham
X-Spam-Flag: NO
X-Bogus: This is a test header with newlines foo.
X-Old-Spam-Check-BY: mx11.localdomain (mx11.localdomain)
Message-ID: <522611E7.1030209 [...] efolder.net>
content-type: text/plain; charset="utf-8"; format="flowed"
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -6.111
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 2B8272406CF for <cpan-bug+mail-spf [...] hipster.bestpractical.com>; Tue, 3 Sep 2013 12:44:44 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84zkMOZIibkv for <cpan-bug+mail-spf [...] hipster.bestpractical.com>; Tue, 3 Sep 2013 12:44:42 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 39E602406CE for <bug-mail-spf [...] rt.cpan.org>; Tue, 3 Sep 2013 12:44:38 -0400 (EDT)
Received: (qmail 19468 invoked by alias); 3 Sep 2013 16:44:37 -0000
Received: from mx11.dcmx.net (HELO mx11.localdomain) (207.210.100.175) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Tue, 03 Sep 2013 09:44:29 -0700
Received: from customer-GDL-154-216.megared.net.mx (HELO [192.168.0.30]) (177.226.154.216) (smtp-auth username jhall [...] efolder.net, mechanism plain) by mx11.localdomain (qpsmtpd/0.43rc1) with (CAMELLIA256-SHA encrypted) ESMTPSA; Tue, 03 Sep 2013 12:44:25 -0400
Delivered-To: cpan-bug+mail-spf [...] hipster.bestpractical.com
Subject: Improper handling of SPF records with embedded newlines
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130827 Icedove/17.0.8
X-DC-Version: 5.3.0~svn23041
Return-Path: <jhall [...] efolder.net>
X-RT-Mail-Extension: mail-spf
X-Original-To: cpan-bug+mail-spf [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
X-Spam: No
Date: Tue, 03 Sep 2013 11:44:23 -0500
X-Spam-Level:
X-Envelope-Sender: <jhall [...] efolder.net>
To: bug-Mail-SPF [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Jonathan Hall <jhall [...] efolder.net>
X-RT-Original-Encoding: iso-8859-1
X-RT-Interface: Email
Content-Length: 1487
Download (untitled) / with headers
text/plain 1.4k
Occasionally one will encounter an SPF record with an embedded newline. Experience shows this is most common in include records. Examples (with " marks around the text portion, to make newlines more apparent). directadvantage.com. 3600 IN TXT "v=spf1 a mx a:sue.directadvantage.com include:postalproducts.com ~all" postalproducts.com. 86400 IN TXT "v=spf1 a mx mx:mail.postalproducts.com mx:po2.postalproducts.com mx:post.postalproducts.com ~all" And: rtdquality.us. 100 IN TXT "v=spf1 include:_incspfcheck.mailspike.net ?all" _incspfcheck.mailspike.net. 100 IN TXT "v=spf1 exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}.spfcheck.mailspike.net ?all " When this happens, Mail::SPF generates an invalid Received header, such as: Received-SPF: permerror (rtdquality.us ... _incspfcheck.mailspike.net: Junk encountered in record 'v=spf1 exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}.spfcheck.mailspike.net ?all ') receiver=doublecheck.co.douglas.nv.us; identity=mailfrom; envelope-from="edwin590@rtdquality.us"; helo=rtdquality.us; client-ip=212.126.98.234 This header causes Mail::Header to complain, as there is no space after the newline. Possible solutions: - Strip the newline(s) in the DNS resolver. - Strip the newline(s) in the output headers - Add a space after the newline in the headers (This would make the header 'valid' again, but seems sloppy, as the newlines are rather arbitrary) - Raise an error?
MIME-Version: 1.0
In-Reply-To: <522611E7.1030209 [...] efolder.net>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <522611E7.1030209 [...] efolder.net>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.16-9645-1381466937-1527.88390-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 474
Download (untitled) / with headers
text/plain 474b
CR or LF characters are illegal in SPF records per http://tools.ietf.org/html/rfc4408#appendix-A and http://tools.ietf.org/html/rfc4234#appendix-B.1 . This is why Mail::SPF responds with a permerror. The fact that Mail::SPF::Result generates a Received-SPF header field containing CR or LF from the original record is a bug. The solution is for Mail::SPF::Result to sanitize the explanation string (which contains the original record). Will be fixed in the next release.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.