SPF Engine

Bug in Received-SPF header

Bug #1969996 reported by Bret McGee on 2022-04-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	SPF Engine	Invalid	Undecided	Unassigned

Bug Description

Line 698 of __init__.py appears to have a bug:

header = 'Received-SPF: '+ mfrom_result[0] + ' (' + mfrom_result[2] +') ' + spfDetail

The Received-SPF header in my emails looks like this (with some bits redacted):

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=156.70.12.106; helo=<redacted by Bret>; envelope-from=<redacted by Bret>; receiver=<UNKNOWN>

This looks wrong - "Pass (mailfrom)" is a repeat of identity.

If you change the code to read: (index changed from 2 to 1)

header = 'Received-SPF: '+ mfrom_result[0] + ' (' + mfrom_result[1] +') ' + spfDetail

You get this header:

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a01:111:f400:fe15::81e; helo=gbr01-lo2-obe.outbound.protection.outlook.com; envelope-from=<redacted by Bret>
; receiver=<UNKNOWN>

Revision history for this message

Scott Kitterman (kitterman) wrote on 2022-11-28:

I think, but haven't had time to check that if you have both mail from and helo results each has it's identity= section and the parenthetical (mailfrom) is how you know which was actually used.

If that's not true, then I think your suggestion makes sense.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2022-11-29:

That assessment is correct. Here's an example based on the test suite in git. Both Mail From and HELO pass in this case, but the Mail From result is what was used (based on the configuration of the policy server):

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=72.81.252.18; helo=relay02.kitterman.com; <email address hidden>; receiver=kitterman.org

Changed in spf-engine:
status:	New → Invalid

Revision history for this message

Bret McGee (bretmac) wrote on 2022-12-18: Re: [Bug 1969996] Re: Bug in Received-SPF header

I appreciate you looking into this Scott!

Regards,

Bret

On 29/11/2022 00:23, Scott Kitterman wrote:
> That assessment is correct. Here's an example based on the test suite
> in git. Both Mail From and HELO pass in this case, but the Mail From
> result is what was used (based on the configuration of the policy
> server):
>
> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=72.81.252.18;
> helo=relay02.kitterman.com; <email address hidden>;
> receiver=kitterman.org
>
> ** Changed in: spf-engine
> Status: New => Invalid
>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.