Good catch! Thanks. I called up tech support at Coolcart and eventually,
after a call and a couple of emails, convinced the fellow on the desk that they
had an issue with infinite recursion. The young man was quite friendly, but
kept trying to convince me that my MTA had a problem, so I quoted RFC 4408 to
him and finally he got the picture and made the necessary change.
One point here that I'd like to bring up, though.
Infinite recursion in SPF record "include"s causes Courier to declare an SPF
Fail after 20 recursions. Granted that we have a misunderstanding of the spec
here on the part of the DNS server admin, but shouldn't Courier declare a
PermError ("error") rather than a Fail?
Sam, don't flame me! I know how you feel about morons!
Thus spake Sam Varshavchik on Wed, Sep 05, 2007 at 05:56:21PM CDT
> Lindsay Haisley writes:
> >MAIL From:<kitm@...> SIZE=3764
> > 517 SPF fail coolcart.com: Maximum of 20 nested SPF queries exceeded.
> > QUIT
> >--- End Transcript ---
> >Why are we getting "nested SPF queries"?
> Because coolcart.com are morons.
> coolcart.com's SPF record:
> coolcart.com. 86362 IN TXT "v=spf1 mx
> include:coolcart4.com -all"
> and coolcart4.com's SPF record:
> coolcart4.com. 86345 IN TXT "v=spf1 mx
> include:coolcart.com -all"
> Even if you do not really know much about SPF, it's quite clear that they
> have an infinite loop in their SPF specification.
> >Should I turn off SPF for the envelope sender address? Or should I leave
> >it on and indicate that a "fail" result is acceptable?
> If someone's SPF record is broken, and you desperately need their mail,
> you'll just have to turn off SPF filtering.
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> courier-users mailing list
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Lindsay Haisley | "Fighting against human | PGP public key
FMP Computer Services | creativity is like | available at
512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com>
http://www.fmp.com | dandelions" |
| (Pamela Jones) |