From stuart at bmsi.com Wed Dec 3 01:01:37 2014 From: stuart at bmsi.com (Stuart D Gathman) Date: Wed, 3 Dec 2014 01:01:37 -0500 (EST) Subject: [Pymilter] Failed SPF checks for _spf.google.com In-Reply-To: References: <5475E48A.4080000@geneity.co.uk> Message-ID: On Nov 29, Stuart D Gathman transmitted in part: > On Nov 26, Andre Esser transmitted in part: > >> I'm seeing strange behaviour of the SPF module for Python. The issue >> is that an SPF lookup for _spf.google.com returns 'None': >> >> # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com >> None >> >> The equivalent query with dig on the same server however succeeds: >> >> # dig _spf.google.com txt +short >> "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \ >> include:_netblocks3.google.com ~all" > > Just back from Thanksgiving, but shooting from the hip - there is a Since this is python3, another possibility is a problem with py3dns. From andre.esser at geneity.co.uk Wed Dec 3 11:49:28 2014 From: andre.esser at geneity.co.uk (Andre Esser) Date: Wed, 03 Dec 2014 16:49:28 +0000 Subject: [Pymilter] Failed SPF checks for _spf.google.com In-Reply-To: References: <5475E48A.4080000@geneity.co.uk> Message-ID: <547F3F18.2090800@geneity.co.uk> On 2014-12-03 06:01, Stuart D Gathman wrote: > On Nov 29, Stuart D Gathman transmitted in part: >> On Nov 26, Andre Esser transmitted in part: >> >>> I'm seeing strange behaviour of the SPF module for Python. The issue >>> is that an SPF lookup for _spf.google.com returns 'None': >>> >>> # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com >>> None >>> >>> The equivalent query with dig on the same server however succeeds: >>> >>> # dig _spf.google.com txt +short >>> "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \ >>> include:_netblocks3.google.com ~all" >> >> Just back from Thanksgiving, but shooting from the hip - there is a > > Since this is python3, another possibility is a problem with py3dns. Hi Stuart, Thanks for your replies. I've done some more testing and the behaviour I'm seeing is rather unusual. After restarting the Bind caching server, the first SPF check for _spf.google.com always succeeds. Subsequent SPF checks sometimes fail and sometimes succeed. However if the second SPF check after a Bind restart succeeds, then all subsequent checks also succeeds for at least a few minutes. On the other hand if the second check fails, then all further checks seem to fail until Bind is restarted again. After SPF checks have succeeded for a while (a varying number of hours it seems), they then suddenly start failing and keep failing until Bind is restarted. I have now added the option max-cache-ttl 3600; on our name servers. I will report tomorrow whether this has alleviated the problem. Andre From stuart at bmsi.com Sat Dec 6 09:21:13 2014 From: stuart at bmsi.com (Stuart D Gathman) Date: Sat, 06 Dec 2014 09:21:13 -0500 Subject: [Pymilter] Failed SPF checks for _spf.google.com In-Reply-To: <547F3F18.2090800@geneity.co.uk> References: <5475E48A.4080000@geneity.co.uk> <547F3F18.2090800@geneity.co.uk> Message-ID: <548310D9.6050903@bmsi.com> On 12/03/2014 11:49 AM, Andre Esser wrote: > I'm seeing strange behaviour of the SPF module for Python. The issue > is that an SPF lookup for _spf.google.com returns 'None': > > # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com > None > > The equivalent query with dig on the same server however succeeds: > > # dig _spf.google.com txt +short > "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \ > include:_netblocks3.google.com ~all" I just released pyspf-2.0.11, with case insensitive DNS cache. See if that addresses the problem. From andre.esser at geneity.co.uk Wed Dec 10 05:51:28 2014 From: andre.esser at geneity.co.uk (Andre Esser) Date: Wed, 10 Dec 2014 10:51:28 +0000 Subject: [Pymilter] Failed SPF checks for _spf.google.com In-Reply-To: <548310D9.6050903@bmsi.com> References: <5475E48A.4080000@geneity.co.uk> <547F3F18.2090800@geneity.co.uk> <548310D9.6050903@bmsi.com> Message-ID: <548825B0.7070004@geneity.co.uk> On 2014-12-06 14:21, Stuart D Gathman wrote: > On 12/03/2014 11:49 AM, Andre Esser wrote: >> I'm seeing strange behaviour of the SPF module for Python. The issue >> is that an SPF lookup for _spf.google.com returns 'None': >> >> # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com >> None >> >> The equivalent query with dig on the same server however succeeds: >> >> # dig _spf.google.com txt +short >> "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \ >> include:_netblocks3.google.com ~all" > I just released pyspf-2.0.11, with case insensitive DNS cache. See if > that addresses the problem. Success. I was able to create the failure condition in the Bind cache and the check with pyspf-2.0.11 still succeeded. Many thanks! Andre