Opened 5 years ago

Closed 4 years ago

#2489 closed defect (fixed)

Limit number of DNS queries for SPF

Reported by: matze Assignee: matze
Priority: P2 Milestone:
Module: Infrastructure Keywords:
Cc: fred Blocked By:
Blocking: Platform: Unknown
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description

The TXT records for SPF must not require more than 10 DNS lookups during validation. Otherwise strict implementations trigger a permerror when they reach that threshold but haven't found a match yet:

Authentication-Results: mx.aol.com;
	spf=permerror (aol.com: while processing the SPF record for adblockplus.org we encountered a fatal error.)

See also issue #2331.

Change History (3)

comment:1 Changed 5 years ago by matze

A temporary fix (skipping the filter-servers) has been applied last week. We still need to find a permanent solution. (Note that the four lookups required implicitly for Google-Mail limit our threshold significantly!)

comment:2 Changed 4 years ago by matze

  • Tester set to Unknown

The temporary fix has been declared permanent until we have setup our own mail relay server (see #277). In the context of #2965, the records have been cleaned up and updated.

Last edited 4 years ago by matze (previous) (diff)

comment:3 Changed 4 years ago by matze

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.