[Pymilter] Failed SPF checks for _spf.google.com

Andre Esser andre.esser at geneity.co.uk
Wed Nov 26 09:32:42 EST 2014 

Hi,

Apologies in advance if this isn't the right place for my problem.

I'm seeing strange behaviour of the SPF module for Python. The issue
is that an SPF lookup for _spf.google.com returns 'None':

  # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com
  None

The equivalent query with dig on the same server however succeeds:

  # dig _spf.google.com txt +short
  "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \
   include:_netblocks3.google.com ~all"


After some more testing, I found out that when switching the server
to Google's DNS server 8.8.8.8, the first lookup also succeeds:

  # python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com
  v=spf1 include:_netblocks.google.com include:_netblocks2.google.com \
  include:_netblocks3.google.com ~all

I then ran a tcpdump (filtered by port 53) on the server in question
during the Python SPF checks.

The output for

  "python3 /usr/lib/python3/dist-packages/spf.py _spf.google.com"

(returning 'None'), ran against our own name server, was:

  14:04:35.060613 IP 10.33.192.15.3732 > 10.33.192.21.53: 8569+ \
  TXT? _spf.google.com. (33)
  14:04:35.061556 IP 10.33.192.21.53 > 10.33.192.15.3732: 8569 \
  1/4/4 TXT "v=spf1 include:_netblocks.google.com \
  include:_netblocks2.google.com include:_netblocks3.google.com \
  ~all" (323)

Running the same lookup using Google's 8.8.8.8 (returning the correct
TXT/SPF record) yielded:

  14:05:36.688605 IP 10.33.192.15.52896 > 8.8.8.8.53: 40951+ \
  TXT? _spf.google.com. (33)
  14:05:36.690980 IP 8.8.8.8.53 > 10.33.192.15.52896: 40951 \
  1/0/0 TXT "v=spf1 include:_netblocks.google.com \
  include:_netblocks2.google.com include:_netblocks3.google.com \
  ~all" (149)

The only difference I can make out are the different flags (1/4/4 vs
1/0/0). Would this indicate a configuration problem on our name server,
or a bug in pyspf, or perhaps something completely different?

Environment:

- Ubuntu 14.04 on x86_64
- python3-spf 2.0.10
- python3-dns 3.0.4


Thanks,

Andre
-- 
Andre Esser, IT Manager, Geneity Ltd
80 Hammersmith Road, London, W14 8UD
Registered in England,  No. 05676580

More information about the Pymilter mailing list