Bug#606000: libmail-spf-query-perl: Incorrect query results with IPv6 addresses; should warn about missing IPv6 support and/or fail graciously

Torsten Jerzembeck toje at nightingale.ms.sub.org
Sun Dec 5 12:37:19 UTC 2010 

Package: libmail-spf-query-perl
Version: 1:1.999.1-3
Severity: grave
Justification: renders package unusable

Using Mail::SPF::Query with an IPv6 enabled mailserver (increasingly
common today, and bound to get even more common due to the shortage of
IPv4 addresses) leads to mail being blocked incorrectly.

The "spfquery" helper script used in the example configuration for exim4
interprets any supplied IPv6 address as an IPv4 address and tries to
match it against the "ip4" part of SPF information. This obviously fails
and leads to incorrectly blocked/rejected mail if the SPF policy uses "fail"
instead of "softfail".

The missing IPv6 support is documented in the "BUGS" section of the
Mail::SPF::Query manpage, but not in any documentation for "spfquery"
itself. In addition, "spfquery" or Mail::SPF::Query do not report any
error when being supplied with an IPv6 address. As IPv6 deployments are
getting increasingly common, the script and/or the module should display
an error message in this case or should at least fail graciously. In
addition, a prominent warning should be displayed about the inability
to deal with IPv6 addresses.

Greetings from Stuttgart,

=ToJe=

-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (900, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libmail-spf-query-perl depends on:
ii  libnet-cidr-lite-perl    0.20-2          Merge IPv4 or IPv6 CIDR address ra
ii  libnet-dns-perl          0.63-2          Perform DNS queries from a Perl sc
ii  libsys-hostname-long-per 1.4-2           Figure out the long (fully-qualifi
ii  liburi-perl              1.35.dfsg.1-1   Manipulates and accesses URI strin
ii  perl                     5.10.0-19lenny2 Larry Wall's Practical Extraction 

libmail-spf-query-perl recommends no packages.

libmail-spf-query-perl suggests no packages.

-- no debconf information

More information about the pkg-perl-maintainers mailing list