Bug#940538: /usr/bin/policyd-spf: spf policy lookup sometimes fails

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#940538: /usr/bin/policyd-spf: spf policy lookup sometimes fails

admin1
Package: postfix-policyd-spf-python
Version: 2.9.0-4
Severity: normal
File: /usr/bin/policyd-spf

Dear Maintainer,

  Started seeing this issue on September 8th and started using
  various whitelist entries in
  /etc/postfix-policyd-spf-python/policyd-spf.conf as a
  workaround.  Please let me know what other information I can provide.

example syslog output:

*** bug
2019-09-16T20:27:57.499774-04:00 es postfix/smtpd[30690]: connect from a13-8.smtp-out.amazonses.com[54.240.13.8]
2019-09-16T20:27:57.682675-04:00 es postfix/smtpd[30690]: Anonymous TLS connection established from a13-8.smtp-out.amazonses.com[54.240.13.8]: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)
2019-09-16T20:27:58.608596-04:00 es policyd-spf[30698]: Traceback (most recent call last):
2019-09-16T20:27:58.609222-04:00 es policyd-spf[30698]:   File "/usr/bin/policyd-spf", line 11, in <module>#012    load_entry_point('spf-engine==2.9.0', 'console_scripts', 'policyd-spf')()
2019-09-16T20:27:58.609793-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf_engine/policyd_spf.py", line 102, in main#012    peruser, peruserconfigData)
2019-09-16T20:27:58.610274-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf_engine/__init__.py", line 643, in _spfcheck#012    mres = mfromquery.check()
2019-09-16T20:27:58.610699-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 598, in check#012    rc = self.check1(spf, self.d, 0)
2019-09-16T20:27:58.611154-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012    return self.check0(spf, recursion)
2019-09-16T20:27:58.611679-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 922, in check0#012    res, code, txt = self.check1(d,arg, recursion + 1)
2019-09-16T20:27:58.612083-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012    return self.check0(spf, recursion)
2019-09-16T20:27:58.612486-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 920, in check0#012    d = self.dns_spf(arg)
2019-09-16T20:27:58.612914-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 1162, in dns_spf#012    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
2019-09-16T20:27:58.613683-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 1212, in dns_txt#012    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
2019-09-16T20:27:58.614286-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 1356, in dns#012    for k, v in DNSLookup(name, qtype, self.strict, timeout):
2019-09-16T20:27:58.615146-04:00 es policyd-spf[30698]:   File "/usr/lib/python3/dist-packages/spf.py", line 106, in DNSLookup_pydns#012    if strict > 1:
2019-09-16T20:27:58.615738-04:00 es policyd-spf[30698]: NameError: name 'strict' is not defined
2019-09-16T20:27:58.655288-04:00 es postfix/spawn[30697]: warning: command /usr/bin/policyd-spf exit status 1
2019-09-16T20:27:58.656627-04:00 es postfix/smtpd[30690]: warning: premature end-of-input on private/policy-spf while reading input attribute name
2019-09-16T20:28:00.172352-04:00 es policyd-spf[30699]: Traceback (most recent call last):
2019-09-16T20:28:00.172889-04:00 es policyd-spf[30699]:   File "/usr/bin/policyd-spf", line 11, in <module>#012    load_entry_point('spf-engine==2.9.0', 'console_scripts', 'policyd-spf')()
2019-09-16T20:28:00.173342-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf_engine/policyd_spf.py", line 102, in main#012    peruser, peruserconfigData)
2019-09-16T20:28:00.173751-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf_engine/__init__.py", line 643, in _spfcheck#012    mres = mfromquery.check()
2019-09-16T20:28:00.174378-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 598, in check#012    rc = self.check1(spf, self.d, 0)
2019-09-16T20:28:00.174836-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012    return self.check0(spf, recursion)
2019-09-16T20:28:00.175274-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 922, in check0#012    res, code, txt = self.check1(d,arg, recursion + 1)
2019-09-16T20:28:00.175676-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012    return self.check0(spf, recursion)
2019-09-16T20:28:00.176209-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 920, in check0#012    d = self.dns_spf(arg)
2019-09-16T20:28:00.176629-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 1162, in dns_spf#012    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
2019-09-16T20:28:00.177045-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 1212, in dns_txt#012    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
2019-09-16T20:28:00.177454-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 1356, in dns#012    for k, v in DNSLookup(name, qtype, self.strict, timeout):
2019-09-16T20:28:00.177855-04:00 es policyd-spf[30699]:   File "/usr/lib/python3/dist-packages/spf.py", line 106, in DNSLookup_pydns#012    if strict > 1:
2019-09-16T20:28:00.178339-04:00 es policyd-spf[30699]: NameError: name 'strict' is not defined
2019-09-16T20:28:00.218896-04:00 es postfix/spawn[30697]: warning: command /usr/bin/policyd-spf exit status 1
2019-09-16T20:28:00.220208-04:00 es postfix/smtpd[30690]: warning: premature end-of-input on private/policy-spf while reading input attribute name
2019-09-16T20:28:00.220628-04:00 es postfix/smtpd[30690]: warning: problem talking to server private/policy-spf: Success
2019-09-16T20:28:00.221056-04:00 es postfix/smtpd[30690]: NOQUEUE: reject: RCPT from a13-8.smtp-out.amazonses.com[54.240.13.8]: 451 4.3.5 <[hidden email]>: Recipient address rejected: Server configuration problem; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<a13-8.smtp-out.amazonses.com>
2019-09-16T20:28:20.811784-04:00 es postfix/smtpd[30690]: disconnect from a13-8.smtp-out.amazonses.com[54.240.13.8] ehlo=2 starttls=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=6/7


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages postfix-policyd-spf-python depends on:
ii  adduser                3.118
ii  postfix                3.4.5-1+b1
ii  python3                3.7.3-1
ii  python3-authres        1.2.0-1
ii  python3-pkg-resources  41.2.0-1
ii  python3-spf            2.0.13-2
ii  python3-spf-engine     2.9.0-4

postfix-policyd-spf-python recommends no packages.

postfix-policyd-spf-python suggests no packages.

-- Configuration Files:
/etc/postfix-policyd-spf-python/policyd-spf.conf changed:
debugLevel = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
HELO_Whitelist = sciron.cuyahoga.lib.oh.us
Whitelist = 54.240.13.42
Domain_Whitelist = amazonses.com


-- no debconf information

Reply | Threaded
Open this post in threaded view
|

Bug#940538: /usr/bin/policyd-spf: spf policy lookup sometimes fails

Scott Kitterman-5
reassign -1 python3-spf

It looks like this is a problem in the new pyspf release.

Thanks,

Scott K

On September 17, 2019 1:46:31 AM UTC, [hidden email] wrote:

>Package: postfix-policyd-spf-python
>Version: 2.9.0-4
>Severity: normal
>File: /usr/bin/policyd-spf
>
>Dear Maintainer,
>
>  Started seeing this issue on September 8th and started using
>  various whitelist entries in
>  /etc/postfix-policyd-spf-python/policyd-spf.conf as a
>  workaround.  Please let me know what other information I can provide.
>
>example syslog output:
>
>*** bug
>2019-09-16T20:27:57.499774-04:00 es postfix/smtpd[30690]: connect from
>a13-8.smtp-out.amazonses.com[54.240.13.8]
>2019-09-16T20:27:57.682675-04:00 es postfix/smtpd[30690]: Anonymous TLS
>connection established from a13-8.smtp-out.amazonses.com[54.240.13.8]:
>TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)
>2019-09-16T20:27:58.608596-04:00 es policyd-spf[30698]: Traceback (most
>recent call last):
>2019-09-16T20:27:58.609222-04:00 es policyd-spf[30698]:   File
>"/usr/bin/policyd-spf", line 11, in <module>#012  
>load_entry_point('spf-engine==2.9.0', 'console_scripts',
>'policyd-spf')()
>2019-09-16T20:27:58.609793-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf_engine/policyd_spf.py", line 102,
>in main#012    peruser, peruserconfigData)
>2019-09-16T20:27:58.610274-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf_engine/__init__.py", line 643, in
>_spfcheck#012    mres = mfromquery.check()
>2019-09-16T20:27:58.610699-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 598, in check#012    rc =
>self.check1(spf, self.d, 0)
>2019-09-16T20:27:58.611154-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012  
>return self.check0(spf, recursion)
>2019-09-16T20:27:58.611679-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 922, in check0#012  
>res, code, txt = self.check1(d,arg, recursion + 1)
>2019-09-16T20:27:58.612083-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012  
>return self.check0(spf, recursion)
>2019-09-16T20:27:58.612486-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 920, in check0#012    d =
>self.dns_spf(arg)
>2019-09-16T20:27:58.612914-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1162, in dns_spf#012    a
>= [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
>2019-09-16T20:27:58.613683-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1212, in dns_txt#012  
>dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
>2019-09-16T20:27:58.614286-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1356, in dns#012    for
>k, v in DNSLookup(name, qtype, self.strict, timeout):
>2019-09-16T20:27:58.615146-04:00 es policyd-spf[30698]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 106, in
>DNSLookup_pydns#012    if strict > 1:
>2019-09-16T20:27:58.615738-04:00 es policyd-spf[30698]: NameError: name
>'strict' is not defined
>2019-09-16T20:27:58.655288-04:00 es postfix/spawn[30697]: warning:
>command /usr/bin/policyd-spf exit status 1
>2019-09-16T20:27:58.656627-04:00 es postfix/smtpd[30690]: warning:
>premature end-of-input on private/policy-spf while reading input
>attribute name
>2019-09-16T20:28:00.172352-04:00 es policyd-spf[30699]: Traceback (most
>recent call last):
>2019-09-16T20:28:00.172889-04:00 es policyd-spf[30699]:   File
>"/usr/bin/policyd-spf", line 11, in <module>#012  
>load_entry_point('spf-engine==2.9.0', 'console_scripts',
>'policyd-spf')()
>2019-09-16T20:28:00.173342-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf_engine/policyd_spf.py", line 102,
>in main#012    peruser, peruserconfigData)
>2019-09-16T20:28:00.173751-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf_engine/__init__.py", line 643, in
>_spfcheck#012    mres = mfromquery.check()
>2019-09-16T20:28:00.174378-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 598, in check#012    rc =
>self.check1(spf, self.d, 0)
>2019-09-16T20:28:00.174836-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012  
>return self.check0(spf, recursion)
>2019-09-16T20:28:00.175274-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 922, in check0#012  
>res, code, txt = self.check1(d,arg, recursion + 1)
>2019-09-16T20:28:00.175676-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 637, in check1#012  
>return self.check0(spf, recursion)
>2019-09-16T20:28:00.176209-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 920, in check0#012    d =
>self.dns_spf(arg)
>2019-09-16T20:28:00.176629-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1162, in dns_spf#012    a
>= [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
>2019-09-16T20:28:00.177045-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1212, in dns_txt#012  
>dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
>2019-09-16T20:28:00.177454-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 1356, in dns#012    for
>k, v in DNSLookup(name, qtype, self.strict, timeout):
>2019-09-16T20:28:00.177855-04:00 es policyd-spf[30699]:   File
>"/usr/lib/python3/dist-packages/spf.py", line 106, in
>DNSLookup_pydns#012    if strict > 1:
>2019-09-16T20:28:00.178339-04:00 es policyd-spf[30699]: NameError: name
>'strict' is not defined
>2019-09-16T20:28:00.218896-04:00 es postfix/spawn[30697]: warning:
>command /usr/bin/policyd-spf exit status 1
>2019-09-16T20:28:00.220208-04:00 es postfix/smtpd[30690]: warning:
>premature end-of-input on private/policy-spf while reading input
>attribute name
>2019-09-16T20:28:00.220628-04:00 es postfix/smtpd[30690]: warning:
>problem talking to server private/policy-spf: Success
>2019-09-16T20:28:00.221056-04:00 es postfix/smtpd[30690]: NOQUEUE:
>reject: RCPT from a13-8.smtp-out.amazonses.com[54.240.13.8]: 451 4.3.5
><[hidden email]>: Recipient address rejected: Server
>configuration problem;
>from=<[hidden email]>
>to=<[hidden email]> proto=ESMTP
>helo=<a13-8.smtp-out.amazonses.com>
>2019-09-16T20:28:20.811784-04:00 es postfix/smtpd[30690]: disconnect
>from a13-8.smtp-out.amazonses.com[54.240.13.8] ehlo=2 starttls=1 mail=1
>rcpt=0/1 rset=1 quit=1 commands=6/7
>
>
>-- System Information:
>Debian Release: bullseye/sid
>  APT prefers testing
>  APT policy: (990, 'testing')
>Architecture: amd64 (x86_64)
>
>Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
>Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
>(ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8
>(charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
>Shell: /bin/sh linked to /bin/dash
>Init: systemd (via /run/systemd/system)
>LSM: AppArmor: enabled
>
>Versions of packages postfix-policyd-spf-python depends on:
>ii  adduser                3.118
>ii  postfix                3.4.5-1+b1
>ii  python3                3.7.3-1
>ii  python3-authres        1.2.0-1
>ii  python3-pkg-resources  41.2.0-1
>ii  python3-spf            2.0.13-2
>ii  python3-spf-engine     2.9.0-4
>
>postfix-policyd-spf-python recommends no packages.
>
>postfix-policyd-spf-python suggests no packages.
>
>-- Configuration Files:
>/etc/postfix-policyd-spf-python/policyd-spf.conf changed:
>debugLevel = 1
>HELO_reject = Fail
>Mail_From_reject = Fail
>PermError_reject = False
>TempError_Defer = False
>skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
>HELO_Whitelist = sciron.cuyahoga.lib.oh.us
>Whitelist = 54.240.13.42
>Domain_Whitelist = amazonses.com
>
>
>-- no debconf information