Another crash on IP address ending in newline

The crash is caused by this txt record:
"v=spf1 ip4:203.143.89.146 ip4:203.27.138.188 ip4:119.18.39.164\010 include:spf.protection.outlook.com ~all"

pyspf is where the retrieval and processing of the record is done, so it's a pyspf bug. It's moved to github, so please file an issue here:

https://github.com/sdgathman/pyspf/issues

Scott, I think there are 2 issues here:
1. The bug in pyspf, that causes the policyd-spf crash
2. The fact that policyd-spf crashes on an invalid record. Wouldn't a try/except block be a better approach? Something like:

try:
    mres = mfromquery.check()
except Exception as e:
    e = sys.exc_info()
    exceptionmessage = "Exception: %s, locals: %s" %(e, locals())
    syslog.syslog("Ouch, caught exc: %s" %exceptionmessage)
    return(( 'dunno', exceptionmessage, instance_dict, None))

Filed the pyspf issue to https://github.com/sdgathman/pyspf/issues/15

On Friday, August 30, 2019 12:18:10 AM EDT you wrote:
> Scott, I think there are 2 issues here:
> 1. The bug in pyspf, that causes the policyd-spf crash
> 2. The fact that policyd-spf crashes on an invalid record. Wouldn't a
> try/except block be a better approach? Something like:
>
> try:
> mres = mfromquery.check()
> except Exception as e:
> e = sys.exc_info()
> exceptionmessage = "Exception: %s, locals: %s" %(e, locals())
> syslog.syslog("Ouch, caught exc: %s" %exceptionmessage)
> return(( 'dunno', exceptionmessage, instance_dict, None))

In theory I could do that, but this isn't a case where an error is ever an
appropriate response. pyspf should detect that this is an invalid record by
catching the ipaddress error.

Scott K

From a coding perspective you're absolutely right, not to mention that trying to catch all possible exceptions is time consuming. pyspf needs to be fixed, no argument here.
But from a user & sysadmin perspective, all that's visible is a "451 4.3.5 Server configuration problem; [...]" translated at the other end to a nearly useless bounce message *only* after the queue lifetime of the message expires on the remote MTA. No hint in that bounce on what the actual problem might be. On the server running python-spf the sysadmin sees the stacktrace, yet this still isn't sufficient.
Regardless of where the issue is, the filter must NOT crash under any circumstance. There's of course the discussion on what should the filter return? Perhaps "dunno" or "reject"? If choosing "reject" the exception message can be customized so that the sender, when receiving the bounce, will be able to contact their service (DNS/email/etc) provider and offer them *some* useful information.
Currently the crash causes the MTA to return 451, which is probably the worst option in this particular case.

Scott is correct. This is a pyspf bug.

For sendmail, pymilter lets you specify how to handle untrapped exceptions. Hopefully, postfix also implements this API.

https://pythonhosted.org/pymilter/namespacemilter.html#a0cb75ce0c66ae67b2e4413e883b8ecf0

Note, I can't update pythonhosted.org - it is zombified. I haven't moved docs to a new platform yet. But the 1.0 docs are still accurate for set_exception_policy().

The challenge is that the default is to 450 in this case and almost no one changes it. I think the point from the earlier comment (#6 if you're on the web UI) is reasonable and I'll look into doing something to safeguard against this sort of thing in the policy server.

Note that pypolicyd-spf was renamed to spf-engine (since it now includes a milter option as well). Any bug fixes will be applied there.

Scott K

Not able to reproduce with 2.0.12 or 2.0.13.

I found an reproducer for 2.0.12 with python3. But 2.0.13 works and 2.0.12 works with python2. Suggest apircalabu update to 2.0.13 prerelease.

Fixed for the next release.

--- 2.9.1 (2019-10-06)
  * Use /run instead of /var/run
  * Fix-up sysv init so it works
  * Catch pyspf tracebacks so at least we don't die (thanks to Adi Pircalabu
    for both the report and the suggested fix) (LP: #1842005)
  * Correct over-writing of SPF identity by SPF reason for HELO checks and the
    reverse for Mail From (LP: #1822685)