Bug#663595: python-spf: Gets confused by CNAMEs while parsing SPF records

[Andrei Caraman]

Package: python-spf
Version: 2.0.5-2
Severity: grave
Justification: causes non-serious data loss


Intermediate CNAMEs encountered while parsing SPF records confuse python-spf
into returning a hard error (domain has two or more type TXT spf records) when
really there is no second SPF record, and the existing one is indeed valid. 

Discovered while manually looking at the SPF record for
"support.zendesk.com" (which was in turn included by the SPF record for
"dropbox.com"):

        $ /usr/share/pyshared/spf.py support.zendesk.com
        PermError:  Two or more type TXT spf records found.

        $ host -t txt support.zendesk.com
        support.zendesk.com is an alias for www.shard-2.int.zendesk.com.
        www.shard-2.int.zendesk.com is an alias for www.pod-1.int.zendesk.com.
        www.pod-1.int.zendesk.com descriptive text "v=spf1 ip4:184.106.12.190
        ip4:173.203.47.176 ip4:173.203.47.177 ~all"

        $ /usr/share/pyshared/spf.py www.pod-1.int.zendesk.com
        v=spf1 ip4:184.106.12.190 ip4:173.203.47.176 ip4:173.203.47.177 ~all


In other words, the SPF record for www.pod-1.int.zendesk.com is valid, and
so is the one for support.zendesk.com, but the (double) indirection via
CNAME(s) causes an error.

The consequence is some domains with valid SPF records are perceived as
having faulty ones, and then depending on how SPF is used on the receiving
end, email messages from the affected domains may be mis-classified as spam
or outright rejected.



Regards,
adc




-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-spf depends on:
ii  python                  2.6.6-3+squeeze6 interactive high-level object-orie
ii  python-central          0.6.16+nmu1      register and build utility for Pyt
ii  python-dns              2.3.4-4          DNS client module for Python

python-spf recommends no packages.

Versions of packages python-spf suggests:
pn  python-yaml                   <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org