[opendmarc-users] Problems with 1.3.2~Beta0..deb and this mailing list failing DMARC

Juri Haberland juri at sapienti-sat.org
Thu Nov 17 01:10:33 PST 2016


Ping!

Scott,
now that opendmarc-1.3.2~Beta0+dfsg-3 was migrated to testing, I just want to
remind you that the way it is now libopendmarc-1.3.2~Beta0+dfsg-3 uses the
internal SPF implementation and *not libspf2* ...

See below.

Cheers,
  Juri

PS: and please reconsider the decision to not include tickets 95 & 165 as they
are for libspf2

Juri Haberland wrote:
> On 2016-11-09 01:25, Scott Kitterman wrote:
>>> On 08.11.2016 21:34, Juri Haberland wrote:
>
>>>> I'd like to suggest at least the following tickets, which are all
>>>> bugs in 1.3.2-beta0 (or even older):
>
>>>> ticket  95 - SPF validation fail for ipv6
>>>> ticket 165 - SPF Internal check fails on helo
>
>> Generally, I stayed away from adding features and avoided things that
>> looked like they only apply to the internal SPF code.  The Debian
>> packages are built using libspf2.  I recommend everyone do that and
>> not worry about the internal implementation.
>
> Agreed, but the two patches above touch the code used to interact with
> libspf2.
>
> And just for completeness, reconsider including ticket 171 - it's just a
> documentation fix.
>
> Oh, looking at the sources of your new Debian package, I discovered a
> problem present also in your older packages:
> Somehow the \$${prefix} syntax in the configure call in the debian/rules
> file does not work:
>> [...] --with-spf2-include=\$${prefix}/include/spf2 [...]
>
> Your package ends up with a libopendmarc2 using the old internal spf
> code. This is also reflected in the debian/libopendmarc2.symbols file:
> [...]
> opendmarc_spf_alloc_ctx at Base 1.3.1+dfsg-2~
> opendmarc_spf_free_ctx at Base 1.3.1+dfsg-2~
> [...]
> opendmarc_spf_test at Base 1.3.1+dfsg-2~
> [...]
>
> It should read:
> [...]
> opendmarc_spf2_alloc_ctx at Base 1.3.1+dfsg-2~
> opendmarc_spf2_free_ctx at Base 1.3.1+dfsg-2~
> opendmarc_spf2_find_mailfrom_domain at Base 1.3.1+dfsg-2~
> opendmarc_spf2_specify_ip_address at Base 1.3.1+dfsg-2~
> opendmarc_spf2_test at Base 1.3.1+dfsg-2~
> [...]
>
> Notice the 'spf' versus 'spf2'!
>
> Check it yourself with 'strings /usr/lib/libopendmarc.so.2 | grep spf'
> and don't get fooled by running
> 'ldd /usr/lib/libopendmarc.so.2' - it will report libspf2 in both cases.




More information about the opendmarc-users mailing list