Bug#564576: libspf0: fails with IPv6
Package: libspf0
Version: 0.999-1.0.0-p3.dfsg-2
Severity: important
Hello,
It seems that libspf0 has a problem with validation of IPv6 addresses. I
discovered this problem with spfmilter, and I could reproduce it with
spfqtool. Here is the transcript of a test, with spfquery (libspf2) and
spfqtool (libspf0):
% spfquery -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s foobar@listes.ortolo.eu
pass
spfquery: domain of listes.ortolo.eu designates 2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender
Received-SPF: pass (spfquery: domain of listes.ortolo.eu designates 2a01:e34:ee8f:150:201:c0ff:fe04:d58b as permitted sender) client-ip=2a01:e34:ee8f:150:201:c0ff:fe04:d58b; envelope-from=foobar@listes.ortolo.eu;
% spfqtool -h vanvogt.ortolo.eu -i 2a01:e34:ee8f:150:201:c0ff:fe04:d58b -s foobar@listes.ortolo.eu
SPF short result: fail
SPF verbose result: policy result: [fail] from rule [-all]
RFC2822 header: Received-SPF: fail (vanvogt.ortolo.eu: domain of foobar@listes.ortolo.eu does not designate 2a01:e34:ee8f:15 as permitted sender) receiver=vanvogt.ortolo.eu; client_ip=2a01:e34:ee8f:15; envelope-from=foobar@listes.ortolo.eu;
Here, spfquery is right and spfqtool is wrong, because:
listes.ortolo.eu. 86400 IN SPF "v=spf1 +a:mx1.ortolo.eu +a:mx2.ortolo.eu -all"
mx2.ortolo.eu. 86400 IN AAAA 2a01:e34:ee8f:150:201:c0ff:fe04:d58b
(yes, the RFC for SPF defines the “a:” mechanism with A or AAAA lookups,
depending on the IP address family).
Regards,
--
Tanguy Ortolo
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.31.5-grsec-xxxx-grs-ipv6-32 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libspf0 depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
libspf0 recommends no packages.
libspf0 suggests no packages.
-- no debconf information
Reply to: