IPv6 and SPF error - ORF Forums

Hello Johan,

I was able to reproduce the error in our lab. It looks like there is an issue with the IPv6 address parser in the SPF Test module which triggers the error message when the test runs at the Before Arrival filtering point. The good news is that the bug does not affect email delivery, since ORF simply skips the SPF Test when the error occurs, and the error only manifests when an internal email is received (via an interface with IPv6 link-local address+scope-ID) which would not be filtered anyway.

If you want to get rid of the SPF error messages until we release the next update, I suggest that you force ORF to run the SPF Test at the On Arrival filtering point, by enabling the "Wait for headers" option in the SPF Test filtering actions dialog:

Filtering > Actions > SPF Test [...] > Reject > [x] "Wait for headers" > Ok

Make sure to save the ORF configuration (Ctrl + S) to apply the new settings.

Thank you for reporting this issue, and sorry for the inconvenience. In case you need further assistance, just let me know.

@johan.strand: Just one more thing regarding not being able to add the IPv6 address with the scope-id to the SPF Test IP exceptions. You do not have to that. If you check the "Filtering > Intermediate Hosts" page, you will find that the fe80::/10 range is already there, which means ORF will *whitelist* the email if it finds that the original sender of the email had a IPv6 link-local address. Furthermore, as I mentioned in my previous post, ORF's error handling policy will ensure that the emails will get through.

@johan.strand: Could you send us (to ) the ORF log file from the day of the incident for analysis, please? You may find it on the configured logging path (default: C:\ProgramData\ORF Fusion\TextLogs)

If the email originated from an intranet host, it should have been whitelisted at the On Arrival filtering point.