Bug#475130: Some more info..

Thu, 10 Apr 2008 14:16:21 -0700 

Yes, I do get the "spoofed header" warnings with the problematic messages. And
no, I did not change the HEADER_NAME macro in source code :-)

Here are the config snippets:

main.cf:
-------------------------------------------------------
smtpd_milters =
        inet:127.0.0.1:12345,
#       unix:/var/run/dkim-filter/dkim-filter.sock,
        unix:/var/run/clamav/clamav-milter.ctl
milter_default_action = accept
-------------------------------------------------------

/etc/default/spfmilter:
-------------------------------------------------------
DAEMON_OPTS="-l a:master.debian.org"
NO_MACROS_CHECK=1
SOCKET="inet:[EMAIL PROTECTED]" # listen just on loopback on port 12345
-------------------------------------------------------

If you'd like to see complete configs, I can send them to you privately.

The only other non-standard thing I can think of is libspf0, patched for
#392927 and #464029 (interdiff attached), but I don't think this matters.

-- 
Marcin Owsiany <[EMAIL PROTECTED]>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

diff -u libspf-0.999-1.0.0-p3/debian/changelog libspf-0.999-1.0.0-p3/debian/changelog
--- libspf-0.999-1.0.0-p3/debian/changelog
+++ libspf-0.999-1.0.0-p3/debian/changelog
@@ -1,3 +1,10 @@
+libspf (0.999-1.0.0-p3-3.0.sl.1) unstable; urgency=low
+
+  * Patched to avoid #392927
+  * Patched to avoid #464029
+
+ -- Marcin Owsiany <[EMAIL PROTECTED]>  Thu, 13 Mar 2008 13:41:00 +0000
+
 libspf (0.999-1.0.0-p3-3) unstable; urgency=low
 
   * Fixed debian/rules file syntax (closes: #353857)
only in patch2:
unchanged:
--- libspf-0.999-1.0.0-p3.orig/src/libspf/main.c
+++ libspf-0.999-1.0.0-p3/src/libspf/main.c
@@ -1683,7 +1683,8 @@
     xfree(p->from);
   }
 
-  if (p->spf_rlevel > 0)
+  if ((p->spf_rlevel > 0) &&
+      (p->current_domain != p->original_domain))
   {
     xfree(p->current_domain);
   }
@@ -1830,6 +1831,11 @@
   xvprintf("local-part: [%s]; domain: [%s]; sender: [%s]\n",
     p->local_part, p->current_domain, p->from);
 
+  /*
+   * We need to reset this, otherwise we'll hit the recursion limit after N rejected MAIL FROMs.
+   */
+  p->spf_rlevel = 0;
+
   return(SPF_TRUE);
 }
 
only in patch2:
unchanged:

Reply via email to