Hey!
> On Oct 28, 2014, at 10:51 AM, Thomas Preißler <tho...@preissler.me> wrote: > > > Hey Mark, > > >> Do you have a firewall in place that tries to do a deep packet >> inspection >> on DNS UDP packets but does not understand EDNS0 (the OPT RR) ? >> >> > > > thanks for the suggestion! > Unfortunately, the network is not the culprit. I tried to apply my chef > recipes to a virtual machine on my desktop computer (different network) and > get the same message from spamassassin. But when I try to install debian > wheezy, spamassassin and unbound manually I’m not able to reproduce this > issue anymore. There must be any package or configuration option in my chef > recipes that causes spamassassin to fail the DNS lookup. I’ll further > investigate this issue tomorrow. > It looks like the problem appears only with the package libmail-dkim-perl and some nameservers. If I uninstall this package or use 8.8.8.8 as the DNS server I don’t get the message “spf: lookup failure” anymore. The response of the two mail servers seems to be pretty much the same. There is just a very small difference if you ask for the dnssec signature: "dig @ip SPF mail.sys4.de +dnssec" 156.154.70.1 shows "EDNS: version: 0, flags: do; udp: 4096" 8.8.8.8 shows “EDNS: version: 0, flags: do; udp: 512" Finally, I’m able to reproduce this issue on a plain debian wheezy system: - install debian wheezy - enable backports and run apt-get update - apt-get -t wheezy-backports install spamassassin - apt-get install libmail-dkim-perl - set 156.154.70.1 as the only nameserver in /etc/resolv.conf - run spamassassin -D < mail.eml But removing libmail-dkim-perl is not really a solution. This package provides the Mail::DKIM module which is required to check the DKIM signature. Thanks! Thomas Sent with Unibox