| Subject: | Mail::SPF::Query::myquery should sanity-check $label |
Mail::SPF::Query::myquery() doesn't check $label for compliance with the RFC before it calls
my $resquery = $query->resolver->query($label, $qtype);
As a result, if $label is longer than 63 chars, Net::DNS::Packet::dn_comp() croaks. This means
SpamAssassin dumps several of these a day into my /var/log/syslog:
Mar 21 05:28:59 localhost spamd[4571]: spf: lookup failed: length of
hyper_luckylady8754158754_lookserver772_serebusystem03_heavensgift55 is larger than
63 octets at /usr/lib/perl5/Net/DNS/Question.pm line 179
I asked the author of Net::DNS about this and he pointed out:
Show quoted text
>It is part of the spec (RFC1035 section 2.3.1. "Preferred name syntax")
>
If you need more debugging info, I changed the croak to a confess so I have a stack trace in
my logs. Email me and I'll send it. The functions on the top of the stack were
Mail::SpamAssassin::Plugin::SPF::check_for_spf_helo_pass
Mail::SpamAssassin::Plugin::SPF::_check_spf
Mail::SpamAssassin::Timeout::run_and_catch
Mail::SpamAssassin::Timeout::_run
eval {...}
Mail::SpamAssassin::Plugin::SPF::__ANON__
Mail::SPF::Query::result
Mail::SPF::Query::spfquery
DirectiveSet::new
Mail::SPF::Query::myquery
Net::DNS::Resolver::Base::query
Net::DNS::Resolver::Base::send
Net::DNS::Packet::data
Net::DNS::Question::data
Net::DNS::Packet::dn_comp
>> The labels must follow the rules for ARPANET host names. They must
>> start with a letter, end with a letter or digit, and have as interior
>> characters only letters, digits, and hyphen. There are also some
>> restrictions on the length. Labels must be 63 characters or less.