pypolicyd-spf

spf ends with warning and "Success" but mail was rejected

Asked by Victor Rubiella Monfort

last stable spf python library has a bug: https://github.com/sdgathman/pyspf/commit/4744deeec4a2c10987aae72989d7137156ed4151#diff-728612d6830a136aab0f3f7598071dea

This bug generates some errors/warnings on filter, who finalizes with warning: problem talking to server private/policy-spf: Success

But postfix ends up rejecting the mail.

I think policyd-spf should prevent the mail from being rejected due to an internal error. ¿Maybe the problems is status code?

¿How can I prevent this situation?

Example:

   File "/usr/local/lib/python3.5/site-packages/spf.py", line 1160, in dns_spf
     a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
   File "/usr/local/lib/python3.5/site-packages/spf.py", line 1210, in dns_txt
     dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
   File "/usr/local/lib/python3.5/site-packages/spf.py", line 1354, in dns
     for k, v in DNSLookup(name, qtype, self.strict, timeout):
   File "/usr/local/lib/python3.5/site-packages/spf.py", line 106, in DNSLookup_pydns
     if strict > 1:
 NameError: name 'strict' is not defined
4]: warning: command /usr/local/bin/policyd-spf exit status 1
4]: warning: premature end-of-input on private/policy-spf while reading input attribute name
4]: warning: problem talking to server private/policy-spf: Success
4]: NOQUEUE: reject: RCPT from mail.xxxxx.com[XXXXXXXX]: 451 4.3.5 Server configuration problem; from=.....

Note: Now I applied a patch with bug correction, but I ask for prevent postfix reject mails when policyd-spf error fails internally.

Question information

Language:
English Edit question
Status:
Answered
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Scott Kitterman (kitterman) said : 		#1

Note the status code:

451 4.3.5 Server configuration problem

This is a temporary, not permanent, rejection. It tells the sending mail server to try again later, so no mail will be lost in this case. Most mail server will retry for several days before giving up. If you want a different default, that's a postfix configuration setting. There's nothing the policy server can do. See:

http://www.postfix.org/postconf.5.html#smtpd_policy_service_default_action

That explains how to change it in postfix.

Can you help with this problem?

Provide an answer of your own, or ask Victor Rubiella Monfort for more information if necessary.

To post a message you must log in.