Package: spfmilter
Version: 1.99+0.97-1
Severity: grave
Justification: causes data loss and violates a MUST directive of RFC2821
Here's a diff between a two otherwise identical messages (IDs and dates
replaced with constants for easy diffing), one with spfmilter disabled,
the other with enabled.
| --- t32008-04-09 09:55:19.0 +0100
| +++ t22008-04-09 09:55:19.0 +0100
| @@ -1,42 +1,39 @@
| From [EMAIL PROTECTED] date
| Return-path: [EMAIL PROTECTED]
| Envelope-to: [EMAIL PROTECTED]
| Delivery-date: date
| Delivered-To: [EMAIL PROTECTED]
| +Received-SPF: none (mail.vicoop.com: [EMAIL PROTECTED] does not designate
permitted sender hosts) receiver=mail.vicoop.com; client-ip=70.103.162.29;
helo=master.debian.org; [EMAIL PROTECTED]; x-software=spfmilter 0.97
http://www.acme.com/software/spfmilter/ with libspf-unknown;
| Received: from mail0.vicoop.com [85.17.210.107]
| by beczulka with POP3 (fetchmail-6.3.6)
| for [EMAIL PROTECTED] (single-drop); date
| Received: from master.debian.org (master.debian.org [70.103.162.29])
| by mail.vicoop.com (Postfix) with ESMTP id ID
| for [EMAIL PROTECTED]; date
| -Received: from mail0.vicoop.com ([85.17.210.107] helo=mail.vicoop.com)
| - by master.debian.org with esmtp (Exim 4.63)
| - (envelope-from [EMAIL PROTECTED])
| - id ID
| - for [EMAIL PROTECTED]; date
| +Received-SPF: pass (mail.vicoop.com: authenticated connection)
receiver=mail.vicoop.com; client-ip=82.10.150.33; helo=beczulka; [EMAIL
PROTECTED]; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/
with libspf-unknown;
| Received: from beczulka (cpc2-seve11-0-0-cust544.popl.cable.ntl.com
[82.10.150.33])
| (Authenticated sender: [EMAIL PROTECTED])
| by mail.vicoop.com (Postfix) with ESMTP id ID
| for [EMAIL PROTECTED]; date
| Received: from porridge by beczulka with local (Exim 4.63)
| (envelope-from [EMAIL PROTECTED])
| id ID
| for [EMAIL PROTECTED]; date
| Date: date
| From: Marcin Owsiany [EMAIL PROTECTED]
| To: [EMAIL PROTECTED]
| -Subject: t3
| -Message-ID: [EMAIL PROTECTED]
| +Subject: t2
| +Message-ID: [EMAIL PROTECTED]
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Disposition: inline
| User-Agent: Mutt/1.5.13 (2006-08-11)
| Status: RO
| Content-Length: 154
| Lines: 4
|
|
| --
| Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/
| GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
mail0.vicoop.com (which is the host I'm debugging) acted both as a
smarthost for beczulka, and as the intermediate destination for the
message (subsequently fetched by beczulka).
Notice how the Received line added by master.debian.org got eaten by
mail0. I'm 100% certain that master did send the Received header,
because I sniffed the SMTP dialogue.
Interestingly, the Received header added by beczulka did NOT get eaten
when the message got relayed by mail0 for the first time. This suggests
that the header only gets eaten when the status is none but not when
it's pass.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6b-ovz-686
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Versions of packages spfmilter depends on:
ii adduser3.102 Add and remove users and groups
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libmilter0 8.13.8-3 Sendmail Mail Filter API (Milter)
ii libspf00.999-1.0.0-p3-3 the ANSI C SPF reference library (
spfmilter recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
