SPF Policy Server crashes on every mail

/var/log/syslog:

policyd-spf[10034]: Traceback (most recent call last):
policyd-spf[10034]: File "/usr/bin/policyd-spf", line 684, in <module>
policyd-spf[10034]: instance_dict, configData, peruser)
policyd-spf[10034]: File "/usr/bin/policyd-spf", line 426, in _spfcheck
policyd-spf[10034]: res = spf.check2(ip, helo_fake_sender, helo)
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 310, in check2
policyd-spf[10034]: receiver=receiver,timeout=timeout,verbose=verbose,querytime=querytime).check()
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 538, in check
policyd-spf[10034]: spf = self.dns_spf(self.d)
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 1094, in dns_spf
policyd-spf[10034]: a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 1131, in dns_txt
policyd-spf[10034]: for a in self.dns(domainname, 'TXT')]
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 1255, in dns
policyd-spf[10034]: for k, v in DNSLookup(name, qtype, self.strict, timeout):
policyd-spf[10034]: File "/usr/lib/python3/dist-packages/spf.py", line 147, in DNSLookup
policyd-spf[10034]: if resp.header['tc'] == True:
policyd-spf[10034]: AttributeError: 'NoneType' object has no attribute 'header'
postfix/spawn[10033]: warning: command /usr/bin/policyd-spf exit status 1
postfix/smtpd[10026]: warning: premature end-of-input on private/policy-spf while reading input attribute name

sorry wrong package

What version of python3-dns do you have installed? There was a post-release update, 3.0.2-1ubuntu1, that fixed an issue that would cause a traceback like this one.

Hi Scott

thanks for the project-Change.

I have installed python3-dns in version 3.0.2-1ubuntu1

And you are still having the problem?

Hi Scott,

I test it this afternoon.

Do you need more/other informations?

Just if you're still having that problem. I'm pretty sure after updating python3-dns you won't.

My config:

/etc/postfix-policyd-spf-python/policyd-spf.conf:

# For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1
defaultSeedOnly = 1

HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128

/etc/postfix/master.cf:

[...]
policy-spf unix - n n - - spawn
     user=nobody argv=/usr/bin/policyd-spf

/etc/postfix/main.cf:

[...]
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    check_client_access pcre:/etc/postfix/checks/client-whitelist,
    check_client_access pcre:/etc/postfix/checks/client-blacklist,
    reject_unknown_client_hostname,
    check_policy_service unix:private/policy-spf,
[...]

policy-spf_time_limit = 3600s

I see you've got the newer python3-dns installed, so that theory wasn't right. Would you please bump the log level in /etc/postfix-policyd-spf-python/policyd-spf.conf: to 5 and then attach a few (I shouldn't need many) messages worth of log output from the policy server. That should help me make sure I'm replicating your situation precisely.

Works fine here (of course). For some reason, the DNS module isn't returning anything and I'm not sure how that's possible.

What happens if you run:

python3 /usr/share/doc/python3-dns/examples/test5.py openstreetmap.org

OK, I can cause AttributeError: 'NoneType' object has no attribute 'header' by having an empty list of nameservers. So I think your problem is the python3-dns isn't, for some reason, discovering a usable nameserver.

What is in your /etc/resolv.conf and /etc/network/interfaces?

I also think py3dns should handle this better.

I've committed a python3-dns fix that will raise the correct error if no nameservers are found, but we still need to figure out why you ended up with none.

Hi Scott,

I've found my error:

In resol.conf are all nameserver commented out.

With

nameserver 127.0.0.1

spf work fine.

Thanks for your help und sorry for my mistake..

Jörg