You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Miguel Di Ciurcio Filho (JIRA)" <se...@james.apache.org> on 2006/07/14 22:48:15 UTC
[jira] Created: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
SPF1Data.MAX_DEPTH = 10 not enough
----------------------------------
Key: JSPF-21
URL: http://issues.apache.org/jira/browse/JSPF-21
Project: jSPF
Issue Type: Bug
Components: Core
Reporter: Miguel Di Ciurcio Filho
Priority: Blocker
Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
Try with microsoft.com, it will fail :-P
Microsoft's domain have alot of includes.
Well, I rised it to 15 and now works fine.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Commented: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JSPF-21?page=comments#action_12421301 ]
Norman Maurer commented on JSPF-21:
-----------------------------------
>From spf spec:
SPF implementations MUST limit the number of mechanisms and modifiers
that do DNS lookups to at most 10 per SPF check, including any
lookups caused by the use of the "include" mechanism or the
"redirect" modifier. If this number is exceeded during a check, a
PermError MUST be returned. The "include", "a", "mx", "ptr", and
"exists" mechanisms as well as the "redirect" modifier do count
against this limit. The "all", "ip4", and "ip6" mechanisms do not
require DNS lookups and therefore do not count against this limit.
The "exp" modifier does not count against this limit because the DNS
lookup to fetch the explanation string occurs after the SPF record
has been evaluated.
See: http://new.openspf.org/svn/project/specs/rfc4408.txt
10.1. Processing Limits
So this should be ok.
> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
> Key: JSPF-21
> URL: http://issues.apache.org/jira/browse/JSPF-21
> Project: jSPF
> Issue Type: Bug
> Components: Core
> Reporter: Miguel Di Ciurcio Filho
> Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Commented: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JSPF-21?page=comments#action_12421463 ]
Norman Maurer commented on JSPF-21:
-----------------------------------
>From spf-devel:
Norman Maurer wrote:
> we developed a java implementation for spf called jSPF. Version 0.9b1
> wil be released next week if nothing goes wrong.. Now someone open a bug
> report which report us that microsoft.com return a permError cause the
> maximum includes of 10 is to less.. But i think the bugreport is invalid
> cause the specs are really clear on this..
You are absolutely correct, the microsoft.com records are invalid -- hard
to believe but true. And I think it is important that implementations and
their users NOT begin to weaken their lookup limits, because otherwise
more and more domains will begin to ignore the lookup limits, in turn
again causing other implementations to have to raise, or entirely get rid
of, their limits.
The limits are a necessary evil that serve the purpose of mitigating the
risks of DoS attacks.
> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
> Key: JSPF-21
> URL: http://issues.apache.org/jira/browse/JSPF-21
> Project: jSPF
> Issue Type: Bug
> Components: Core
> Reporter: Miguel Di Ciurcio Filho
> Assigned To: Norman Maurer
> Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Assigned: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JSPF-21?page=all ]
Norman Maurer reassigned JSPF-21:
---------------------------------
Assignee: Norman Maurer
> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
> Key: JSPF-21
> URL: http://issues.apache.org/jira/browse/JSPF-21
> Project: jSPF
> Issue Type: Bug
> Components: Core
> Reporter: Miguel Di Ciurcio Filho
> Assigned To: Norman Maurer
> Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: [jira] Resolved: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
Posted by Stefano Bagnara <ap...@bago.org>.
Hi Norman,
can you check on the spf list what do they think about this?
What is the result from the other spf libraries for microsoft.com?
Anyway the bug seems to be invalid because the RFC is really clear about
this issue: "MUST limit the number of mechanisms and modifiers that do
DNS lookups to at most 10" and "If this number is exceeded during a
check, a PermError MUST be returned".
Stefano
Norman Maurer (JIRA) wrote:
> [ http://issues.apache.org/jira/browse/JSPF-21?page=all ]
>
> Norman Maurer resolved JSPF-21.
> -------------------------------
>
> Resolution: Invalid
>
> The current SPF specs shows us that this issue is invalid. jSPF acts like the specs descript it
>
>> SPF1Data.MAX_DEPTH = 10 not enough
>> ----------------------------------
>>
>> Key: JSPF-21
>> URL: http://issues.apache.org/jira/browse/JSPF-21
>> Project: jSPF
>> Issue Type: Bug
>> Components: Core
>> Reporter: Miguel Di Ciurcio Filho
>> Assigned To: Norman Maurer
>> Priority: Blocker
>>
>> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
>> Try with microsoft.com, it will fail :-P
>> Microsoft's domain have alot of includes.
>> Well, I rised it to 15 and now works fine.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Resolved: (JSPF-21) SPF1Data.MAX_DEPTH = 10 not enough
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JSPF-21?page=all ]
Norman Maurer resolved JSPF-21.
-------------------------------
Resolution: Invalid
The current SPF specs shows us that this issue is invalid. jSPF acts like the specs descript it
> SPF1Data.MAX_DEPTH = 10 not enough
> ----------------------------------
>
> Key: JSPF-21
> URL: http://issues.apache.org/jira/browse/JSPF-21
> Project: jSPF
> Issue Type: Bug
> Components: Core
> Reporter: Miguel Di Ciurcio Filho
> Assigned To: Norman Maurer
> Priority: Blocker
>
> Using the default MAX_DEPTH = 10 in SPF1Data can not finish the probe for a decision.
> Try with microsoft.com, it will fail :-P
> Microsoft's domain have alot of includes.
> Well, I rised it to 15 and now works fine.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org