pypolicyd_spf reference to URL openspf.net?

Asked by pgnd on 2019-03-05

I've got

 pypolicyd_spf-2.0.2

installed,

 find /usr/lib/python* -type f -name "*spf*"
  /usr/lib/python3.6/site-packages/spf.py
  /usr/lib/python3.6/site-packages/policydspfuser.py
  /usr/lib/python3.6/site-packages/pypolicyd_spf-2.0.2-py3.6.egg-info
  /usr/lib/python3.6/site-packages/__pycache__/policydspfuser.cpython-36.pyc
  /usr/lib/python3.6/site-packages/__pycache__/policydspfsupp.cpython-36.pyc
  /usr/lib/python3.6/site-packages/__pycache__/spf.cpython-36.pyc
  /usr/lib/python3.6/site-packages/policydspfsupp.py

after a recent upgrade to postfix 3.4, checking logs, I noticed

 ...
 Mar 1 11:33:23 mx04 postfix/postscreen-internal/smtpd[5644]: NOQUEUE: reject: RCPT from o10.email.yotpo.com[192.254.121.91]: 550 5.7.24 <email address hidden>: Recipient address rejected: Message rejected due to: SPF Permanent Error: Void lookup limit of 2 exceeded. Please see http://www.openspf.net/Why?s=mfrom;<email address hidden>;ip=192.254.121.91;r=<UNKNOWN>; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<o10.email.yotpo.com>
 ...

which appears to be an error message generated by

 cat policyd-spf
  ...
  def _rejectmessage(result, type, info, ip, recipient):
      if result[3] == 'reject':
          rejectdefer = "rejected"
      elif result[3] == 'defer':
          rejectdefer = "deferred"
>> url = ("http://www.openspf.net/Why?s={0};id={1};ip={2};r={3}"
                .format(type, info, ip, recipient))
      msg = configData.get('Reason_Message')
      return msg.format(
              rejectdefer=rejectdefer,
              spf=result[1],
              url=url,
      )
  ...

Both openspf.org, and openspf.net appear to be down.

A google search,

 https://www.google.com/search?q=openspf.org+status

pops up one mention
 ...

 OpenSPF's SPF tools
 www.openspf.org/Tools

     Anonymous View

 Nov 9, 2018 ... NOTE: The openspf.net tester is currently out of service. We provide an e-mail based record tester. Send an e-mail to <email address hidden>.
 ...

My logs actually have lots of these messages back thru Dec (as far as I keep 'em). Unclear to me if/when the referred link was actually working.

Is this fixable/fixed with an alternative in pypolicyd_spf-2.0.2 ?
Or is it now time to switch to its apparent successor, spf-engine?

Question information

Language:
English Edit question
Status:
Answered
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Last query:
2019-03-16
Last reply:
2019-03-17
Scott Kitterman (kitterman) said : #1

The server behind the openspf.org web site had a disaster late last week and is being resurrected. It should be back in a few days.

See 'void lookup limits' in https://tools.ietf.org/html/rfc7208#section-4.6.4 for an explanation of the error you're seeing (it's an error in the SPF record that you looked up, nothing related to the policy server of postfix 3.4.

pgnd (pgnd) said : #2

> The server behind the openspf.org web site had a disaster late last week and is being resurrected. It should be back in a few days.

Understood. As it's still out of commission, is there a flag/option to DISABLE the inclusion of, or customize, the message from pypolicy in the reject response?

Every reject message sends this (currently) non-valid URL -- and is causing recipients to wonder 'WTF?' ...

Scott Kitterman (kitterman) said : #3

You can customize the response. See https://manpages.debian.org/unstable/postfix-policyd-spf-python/policyd-spf.conf.5.en.html "Reason Message".

I don't plan to do further pypolicyd-spf updates, so switching to spf-engine at some point is recommended.

Can you help with this problem?

Provide an answer of your own, or ask pgnd for more information if necessary.

To post a message you must log in.