Handle invalid SPF records with Unicode without crashing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pypolicyd-spf |
New
|
Undecided
|
Unassigned |
Bug Description
I've run across a domain that has what look like encoded Unicode characters in its spf record (names and ips obfuscated):
"\194\147v=spf1" "ip4:192.
Pypolicyd-spf 1.0 chokes on this record with the following logging:
Traceback (most recent call last):
File "/usr/bin/
instance_dict, configData, peruser)
File "/usr/bin/
res = spf.check2(ip, helo_fake_sender, helo)
File "/usr/lib/
receiver=
File "/usr/lib/
spf = self.dns_
File "/usr/lib/
a = [t for t in self.dns_
File "/usr/lib/
for a in self.dns(
File "/usr/lib/
return [''.join(
UnicodeDecodeE
Postfix (2.9.3) sees this as a policy service failure and tempfails the message.
I installed pypolicyd-spf several days ago and ran in testing mode while monitoring logging to look for problems. Nothing seemed to be wrong so I made the switch from the perl based policy server I had been using to pypolicyd-spf. Then this delivery attempt started happening, which makes me wonder whether this record should be seen as invalid and discarded or decoded before interpretation.
I'm tempted to email their postmaster and tell them the record is at best invalid, but was hoping for some clarification on this first.
I'd like to know what domain this is for testing purposes. You can email me directly if you'd rather not make it public.