Crash on (invalid) newline in SPF record
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pypolicyd-spf |
Invalid
|
Undecided
|
Unassigned |
Bug Description
We're seeing the following from one domain:
Traceback (most recent call last):
File "/usr/lib/
instance_dict, configData, peruser)
File "/usr/lib/
res = spf.check2(ip, sender, helo, querytime=
File "/usr/lib64/
receiver=
File "/usr/lib64/
rc = self.check1(spf, self.d, 0)
File "/usr/lib64/
return self.check0(spf, recursion)
File "/usr/lib64/
if self.cidrmatch(
File "/usr/lib64/
for netwrk in [ipaddress.
File "/usr/lib64/
for netwrk in [ipaddress.
File "/usr/lib64/
address)
ValueError: '208.117.60.150\n' does not appear to be an IPv4 or IPv6 network
This comes from nfp.com, who have a busted SPF record:
$ dig +short nfp.com txt | grep spf
"v=spf1 ip4:66.194.186.0/24 ip4:208.66.204.0/22 ip4:208.85.51.54 ip4:50.31.32.156 ip4:208.
ip4:204.
include:
Notice the "ip4:208.
This is actually a bug in the underlying SPF module used by the policy server, not the policy server itself. I've filed a bug on the Sourceforge project that contains pyspf.
https:/ /sourceforge. net/p/pymilter/ bugs/45/