[Pymilter] Failed SPF checks for _spf.google.com

Andre Esser andre.esser at geneity.co.uk
Wed Dec 3 11:49:28 EST 2014


On 2014-12-03 06:01, Stuart D Gathman wrote:
> On Nov 29, Stuart D Gathman transmitted in part:
>> On Nov 26, Andre Esser transmitted in part:
>>
>>>  I'm seeing strange behaviour of the SPF module for Python. The issue
>>>  is that an SPF lookup for _spf.google.com returns 'None':
>>>
>>>   # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com
>>>   None
>>>
>>>  The equivalent query with dig on the same server however succeeds:
>>>
>>>   # dig _spf.google.com txt +short
>>>   "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \
>>>    include:_netblocks3.google.com ~all"
>>
>> Just back from Thanksgiving, but shooting from the hip - there is a
> 
> Since this is python3, another possibility is a problem with py3dns.

Hi Stuart,

Thanks for your replies. I've done some more testing and the behaviour
I'm seeing is rather unusual.

After restarting the Bind caching server, the first SPF check for
_spf.google.com always succeeds.

Subsequent SPF checks sometimes fail and sometimes succeed. However if
the second SPF check after a Bind restart succeeds, then all subsequent
checks also succeeds for at least a few minutes. On the other hand if
the second check fails, then all further checks seem to fail until Bind
is restarted again.

After SPF checks have succeeded for a while (a varying number of hours
it seems), they then suddenly start failing and keep failing until Bind
is restarted.

I have now added the option

  max-cache-ttl 3600;

on our name servers. I will report tomorrow whether this has alleviated
the problem.

Andre



More information about the Pymilter mailing list