Hi,

We ship our products with version 1.0.0 of sid-milter and one of our customers has an issue with emails being rejected as a result of the SPF check. In this case, looking at the SPF record in question, I cant see why the check is failing, assuming the milter does support the a:domain/cidr format?

The SPF record is:
spf1 a:spf.credit-agricole.fr/24 ip4:93.92.211.0/24 ip4:216.104.223.0/24 -all
and the emails are originating from 192.44.63.130

A dns lookup of spf.credit-agricole.fr returns 192.44.63.1. I believe that the /24 in the SPF record indicates that all IP addresses in the range 192.44.63.1-254 should be ok, but the milter check fails.

Looking at the code I am not sure that the sm_marid_scan_cidr code can handle a domain name, rather than an IP address before a CIDR. See the logging below.

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 check_host ip=192.44.63.130 domain=ca-sits.com sender=equipe.messagerie@ca-sits.com

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 >>> check-host ip=192.44.63.130 domain=ca-sits.com sender=equipe.messagerie@ca-sits.com

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 < marid ca-sits.com?

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 > v=spf1 a:spf.credit-agricole.fr/24 ip4:93.92.211.0/24 ip4:216.104.223.0/24 -all

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 < addr spf.credit-agricole.fr/24?

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 > NXDOMAIN

Sep 25 08:30:42 svredge00prod sid-filter[8474]: n8P6Uf1a000626 <<< check_host ip=192.44.63.130 domain=ca-sits.com sender=equipe.messagerie@ca-sits.com: Fail NotPermitted

Cheers
Steve