[Pymilter] Issue with spfmilter?

Stuart D. Gathman stuart at gathman.org
Fri Mar 9 08:25:47 EST 2018


On Fri, 9 Mar 2018, Harald Hannelius wrote:

> Sorry, the domain is mdh.se and they have an SPF-record. It validates OK on 
> both mxtoolbox and kitterman.com tests.

You apparently only tested with IP4.

> I then noted that if I telnet the IPv6-address of my SMTP-gateway, and 
> pretend to send from mdh.se I get the "Void lookup" error every time. If I 
> telnet the IPv4-address, the test succeeds.

That's because their record has way more than 2 void lookups for IPv6.

> One and a half minute later, the SPF-record validates and the mail is 
> delivered. The difference I see is that the first connections was over IPv6, 
> and the second over IPv4.
>
> There seems to be an issue with IPv6. I also posted a bug-report for Debian:

Yes, they shouldn't be trying to connect via IPv6 when their sender
policy is full of void lookups for IPv6.  That is why the void lookup
limit was added in RFC7208.

If you want to be lenient on void lookups only for IPv6, that should
be simple to add via code.  When I get around to adding a config for
void lookups, I should probably have separate configs for IP4 and IPv6.

-- 
 	      Stuart D. Gathman <stuart at gathman.org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.



More information about the Pymilter mailing list