We ship our products with version 1.0.0 of sid-milter and one of our customers has an issue with emails being rejected as a result of the SPF check. In this case, looking at the SPF record in question, I cant see why the check is failing, assuming the milter does support the a:domain/cidr format?
The SPF record is: spf1 a:spf.credit-agricole.fr/24 ip4:220.127.116.11/24 ip4:18.104.22.168/24 -all and the emails are originating from 22.214.171.124
A dns lookup of spf.credit-agricole.fr returns 126.96.36.199. I believe that the /24 in the SPF record indicates that all IP addresses in the range 188.8.131.52-254 should be ok, but the milter check fails.
Looking at the code I am not sure that the sm_marid_scan_cidr code can handle a domain name, rather than an IP address before a CIDR. See the logging below.