==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
1.5.1
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
ubuntu 20
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
ldap
- Web server (Apache or Nginx):
nginx
- Manage mail accounts with iRedAdmin-Pro?
no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm on iredmail-1.5.1 and have spf implemented. I received the following:

"An attacker may use an infinite number of SPF referrals in his/her SPF setting and can send an email to your mail server which would make your SMTP server make a lot of DNS queries. By exploiting this vulnerability, an attacker can block your SMTP queue, flood the associated recursive resolver, or any DNS authoritative server.

According to RFC recommendations rfc7208, a few DNS lookup limits exist that an SMTP server needs to maintain while resolving an SPF record. That is, SPF implementations MUST limit the total number of query-causing terms to 10 and the number of void lookups to 2 to avoid unreasonable load on the DNS.

According to our study, your mail server software violates at least one of these limits, which may pave the way for an attacker to misuse your server and launch a DoS attack that might affect DNS and SMTP services."

I looked at the release notes for the next couple of versions but didn't see this addressed. I also tried to search the forum but searching for 'spf' is useless... 

Is this vulnerability addressed in the next versions? (I'll upgrade anyway, when I have time)