Your message dated Thu, 13 Nov 2014 22:14:18 -0500 with message-id <2347634.J6EDc7AgEm@scott-latitude-e6320> and subject line Re: Further testing has caused the Debian Bug report #769432, regarding python-spf: Fails to correctly address networks by IP to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 769432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769432 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-spf Version: 2.0.7-1ubuntu0.1 Severity: important Tags: upstream Dear Maintainer, The library doesn't handle well networks by IP: Action: for server in 92.39.253.{83..90} ; do pyspf 'v=spf1 ip4:92.39.253.83/29 -all' $server "[email protected]" a ; done Expected: ('pass', 250, 'sender SPF authorized') for each of the 8 IP addresses Got: ('fail', 550, 'SPF fail - not authorized') for the last 3 ones. This happens with bigger ranges too. I had to break up a /25 range into a whole bunch of /29 ones because it'd fail with many of them. The fact that pyspf seems to be the most commonly used SPF library in operation leads to having to sidestep the problem for stuff to work at all instead of putting these correctly on the DNS and hoping for the best, as it'll fail SPF validation pretty much everywhere. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise'), (100, 'precise-backports') Architecture: i386 (i686) Kernel: Linux 3.2.0-67-generic-pae (SMP w/2 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-spf depends on: ii python 2.7.3-0ubuntu2.2 ii python-dns 2.3.6-1.12.04 ii python2.7 2.7.3-0ubuntu3.5 Versions of packages python-spf recommends: ii python-authres 0.401-1ubuntu0.1 Versions of packages python-spf suggests: ii python-yaml 3.10-2 -- no debconf information
--- End Message ---
--- Begin Message ---On Thu, 13 Nov 2014 17:29:42 +0100 "Jaime Herazo B." <[email protected]> wrote: > Decided to try the next IP range too as an experiment, got this: > > jherazob@jherazob-OptiPlex-380:~$ for server in 92.39.253.{83..90} ; do > echo -ne "$server : " ; pyspf 'v=spf1 ip4:92.39.253.83/29 > ip4:92.39.253.91/29 -all' $server "[email protected]" a ; done > 92.39.253.83 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.83/29') > 92.39.253.84 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.83/29') > 92.39.253.85 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.83/29') > 92.39.253.86 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.83/29') > 92.39.253.87 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.83/29') > 92.39.253.88 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.91/29') > 92.39.253.89 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.91/29') > 92.39.253.90 : (('pass', 250, 'sender SPF authorized'), > 'ip4:92.39.253.91/29') > > Seems like it thinks the last 3 IPs are part of the next IP range when > they're not. That's not how it works. CIDR ranges don't start at arbitrary addresses. 92.39.253.83/29 is either an error, since the base address is incorrect or it covers 92.39.253.80 - 92.39.253.87 depending on how strict one is. You can experiment with it here: http://www.subnet-calculator.com/cidr.php or RFC 4632 Section 3.1 which indicates the CIDR length (or prefix) is the number of bits that are zeros. Scott K
--- End Message ---
