You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Miguel Di Ciurcio Filho (JIRA)" <se...@james.apache.org> on 2006/07/14 22:48:15 UTC

[jira] Created: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

SPF1Data.MAX_DEPTH = 10 not enough
----------------------------------

                 Key: JSPF-21
                 URL: http://issues.apache.org/jira/browse/JSPF-21
             Project: jSPF
          Issue Type: Bug
          Components: Core
            Reporter: Miguel Di Ciurcio Filho
            Priority: Blocker


Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.

Try with microsoft.com, it will fail :-P 
Microsoft's domain have alot of includes.

Well, I rised it to 15 and now works fine.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Commented: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.

    [ http://issues.apache.org/jira/browse/JSPF-21?page=comments#action_12421301 ] 
            
Norman Maurer commented on JSPF-21:
-----------------------------------

>From spf spec:

SPF implementations MUST limit the number of mechanisms and modifiers
   that do DNS lookups to at most 10 per SPF check, including any
   lookups caused by the use of the "include" mechanism or the
   "redirect" modifier.  If this number is exceeded during a check, a
   PermError MUST be returned.  The "include", "a", "mx", "ptr", and
   "exists" mechanisms as well as the "redirect" modifier do count
   against this limit.  The "all", "ip4", and "ip6" mechanisms do not
   require DNS lookups and therefore do not count against this limit.
   The "exp" modifier does not count against this limit because the DNS
   lookup to fetch the explanation string occurs after the SPF record
   has been evaluated.


See: http://new.openspf.org/svn/project/specs/rfc4408.txt
          10.1.  Processing Limits


So this should be ok.

> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
>                 Key: JSPF-21
>                 URL: http://issues.apache.org/jira/browse/JSPF-21
>             Project: jSPF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Miguel Di Ciurcio Filho
>            Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P 
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Commented: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.

    [ http://issues.apache.org/jira/browse/JSPF-21?page=comments#action_12421463 ] 
            
Norman Maurer commented on JSPF-21:
-----------------------------------

>From spf-devel:

Norman Maurer wrote:
> we developed a java implementation for spf called jSPF. Version 0.9b1
> wil be released next week if nothing goes wrong.. Now someone open a bug
> report which report us that microsoft.com return a permError cause the
> maximum includes of 10 is to less.. But i think the bugreport is invalid
> cause the specs are really clear on this..

You are absolutely correct, the microsoft.com records are invalid -- hard 
to believe but true.  And I think it is important that implementations and 
their users NOT begin to weaken their lookup limits, because otherwise 
more and more domains will begin to ignore the lookup limits, in turn 
again causing other implementations to have to raise, or entirely get rid 
of, their limits.

The limits are a necessary evil that serve the purpose of mitigating the 
risks of DoS attacks.


> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
>                 Key: JSPF-21
>                 URL: http://issues.apache.org/jira/browse/JSPF-21
>             Project: jSPF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Miguel Di Ciurcio Filho
>         Assigned To: Norman Maurer
>            Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P 
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Assigned: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.

     [ http://issues.apache.org/jira/browse/JSPF-21?page=all ]

Norman Maurer reassigned JSPF-21:
---------------------------------

    Assignee: Norman Maurer

> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
>                 Key: JSPF-21
>                 URL: http://issues.apache.org/jira/browse/JSPF-21
>             Project: jSPF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Miguel Di Ciurcio Filho
>         Assigned To: Norman Maurer
>            Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P 
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

Re: [jira] Resolved: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

Posted by Stefano Bagnara <ap...@bago.org>.

Hi Norman,

can you check on the spf list what do they think about this?

What is the result from the other spf libraries for microsoft.com?

Anyway the bug seems to be invalid because the RFC is really clear about 
this issue: "MUST limit the number of mechanisms and modifiers that do 
DNS lookups to at most 10" and "If this number is exceeded during a 
check, a PermError MUST be returned".

Stefano


Norman Maurer (JIRA) wrote:
>      [ http://issues.apache.org/jira/browse/JSPF-21?page=all ]
> 
> Norman Maurer resolved JSPF-21.
> -------------------------------
> 
>     Resolution: Invalid
> 
> The current SPF specs shows us that this issue is invalid. jSPF acts like the specs descript it
> 
>> SPF1Data.MAX_DEPTH = 10 not enough
>> ----------------------------------
>>
>>                 Key: JSPF-21
>>                 URL: http://issues.apache.org/jira/browse/JSPF-21
>>             Project: jSPF
>>          Issue Type: Bug
>>          Components: Core
>>            Reporter: Miguel Di Ciurcio Filho
>>         Assigned To: Norman Maurer
>>            Priority: Blocker
>>
>> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
>> Try with microsoft.com, it will fail :-P 
>> Microsoft's domain have alot of includes.
>> Well, I rised it to 15 and now works fine.
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Resolved: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough

Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.

     [ http://issues.apache.org/jira/browse/JSPF-21?page=all ]

Norman Maurer resolved JSPF-21.
-------------------------------

    Resolution: Invalid

The current SPF specs shows us that this issue is invalid. jSPF acts like the specs descript it

> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
>                 Key: JSPF-21
>                 URL: http://issues.apache.org/jira/browse/JSPF-21
>             Project: jSPF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Miguel Di Ciurcio Filho
>         Assigned To: Norman Maurer
>            Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P 
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org