On 2022-08-03 at 18:24:31 UTC-0400 (Wed, 3 Aug 2022 18:24:31 -0400)
Rob McEwen <r...@invaluement.com>
is rumored to have said:
I provided a ham sample off-list.
Indeed; thank you.
We determined that this was an interaction between local resolver config
and (probably) Net::DNS or a sub-module. Setting BIND EDNS options fixed
it.
Also, I've recently encountered a similar issues with DHL - for
example - them, several weeks ago, using an alterate domain in the
mail header FROM-address - that didn't actually have ANY DNS records -
crazy stuff like that - although I think that they've since stopped
using that particular domain name?
--Rob McEwen
On 8/2/2022 10:50 AM, Bill Cole wrote:
Bug 8021 reports breakage in SPF checking for dhl.com mail, due to an
inability to resolve theĀ SPF TXT record for dhl.com. That breakage
is essentially due to DHL having far too many TXT records (some are
clearly stale) and having a SPF record which is right at the limit of
complexity, having 10 'include' directives at the top level.
If anyone has samples of real legitimate mail from a dhl.com address,
please share. I'm seeking a way to reproduce the reported bug, which
strikes me as too stupid to be real; we SHOULD have noticed long
before now if SPF lookups were not handling UDP truncation of
replies.
--
Rob McEwen, invaluement
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
