[opendmarc-users] Problems with 1.3.2~Beta0..deb and this mailing list failing DMARC

Juri Haberland juri at sapienti-sat.org
Wed Nov 9 01:33:16 PST 2016


On 2016-11-09 01:25, Scott Kitterman wrote:
>> On 08.11.2016 21:34, Juri Haberland wrote:

>>> I'd like to suggest at least the following tickets, which are all
>>> bugs in 1.3.2-beta0 (or even older):

>>> ticket  95 - SPF validation fail for ipv6
>>> ticket 165 - SPF Internal check fails on helo

> Generally, I stayed away from adding features and avoided things that
> looked like they only apply to the internal SPF code.  The Debian
> packages are built using libspf2.  I recommend everyone do that and
> not worry about the internal implementation.

Agreed, but the two patches above touch the code used to interact with 
libspf2.

And just for completeness, reconsider including ticket 171 - it's just a 
documentation fix.

Oh, looking at the sources of your new Debian package, I discovered a 
problem present also in your older packages:
Somehow the \$${prefix} syntax in the configure call in the debian/rules 
file does not work:
> [...] --with-spf2-include=\$${prefix}/include/spf2 [...]

Your package ends up with a libopendmarc2 using the old internal spf 
code. This is also reflected in the debian/libopendmarc2.symbols file:
[...]
opendmarc_spf_alloc_ctx at Base 1.3.1+dfsg-2~
opendmarc_spf_free_ctx at Base 1.3.1+dfsg-2~
[...]
opendmarc_spf_test at Base 1.3.1+dfsg-2~
[...]

It should read:
[...]
opendmarc_spf2_alloc_ctx at Base 1.3.1+dfsg-2~
opendmarc_spf2_free_ctx at Base 1.3.1+dfsg-2~
opendmarc_spf2_find_mailfrom_domain at Base 1.3.1+dfsg-2~
opendmarc_spf2_specify_ip_address at Base 1.3.1+dfsg-2~
opendmarc_spf2_test at Base 1.3.1+dfsg-2~
[...]

Notice the 'spf' versus 'spf2'!

Check it yourself with 'strings /usr/lib/libopendmarc.so.2 | grep spf' 
and don't get fooled by running
'ldd /usr/lib/libopendmarc.so.2' - it will report libspf2 in both cases.


   Juri


More information about the opendmarc-users mailing list