Comment 11 for bug 1566561

I switched to the distro-pkgs case, execing with python2.

I switched to debugLevel = 5

On send/receive of a testmail from gmail,

(1) with Header_Type=SPF, the rcvd mail has this in its headers, what I expected

 Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>

Here's the log

tail mail.log | grep -i policyd-spf

 Apr 7 06:34:14 mail01 policyd-spf[17175]: Starting
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "request=smtpd_access_policy"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_state=RCPT"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_name=ESMTP"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_address=209.85.220.67"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_name=mail-pa0-f67.google.com"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_port=36656"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "reverse_client_name=mail-pa0-f67.google.com"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "helo_name=mail-pa0-f67.google.com"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['None', '', 'helo']"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: None; identity=helo; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None
 Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']"
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Pass; identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None
 Apr 7 06:34:14 mail01 policyd-spf[17175]: Action: prepend: Text: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>

(1) with Header_Type=AR, the rcvd mail's got no trace of *spf* in the headers at all.

and the log

tail mail.log | grep -i policyd-spf

 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "request=smtpd_access_policy"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_state=RCPT"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_name=ESMTP"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_address=209.85.192.194"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_name=mail-pf0-f194.google.com"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_port=34984"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "reverse_client_name=mail-pf0-f194.google.com"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "helo_name=mail-pf0-f194.google.com"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "recipient_count=0"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "etrn_domain="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "stress="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_method="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_username="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_sender="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_subject="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_issuer="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_fingerprint="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_pubkey_fingerprint="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_protocol=TLSv1.2"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_keysize=128"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "policy_context="
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: ""
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Found the end of entry
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Config: {'Mail_From_reject': 'Fail', 'Void_Limit': 2, 'Header_Type': 'AR', 'PermError_reject': 'False', 'Lookup_Time': 20, 'Authserv_Id': 'mail01.example.com', 'defaultSeedOnly': 1, 'debugLevel': 5, 'skip_addresses': '127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'HELO_reject': 'SPF_Not_Pass', 'TempError_Defer': 'False'}
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Cached data for this instance: []
 Apr 7 06:23:24 mail01 policyd-spf[15736]: ERROR: 127.0.0.0/8 in skip_addresses not IP network. Message: '209.85.192.194' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?. Aborting whitelist processing.
 Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['None', '', 'helo']"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: None; identity=helo; client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden>
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com
 Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']"
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Pass; identity=mailfrom; client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden>
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com
 Apr 7 06:23:24 mail01 policyd-spf[15736]: Action: prepend: Text: Authentication-Results: mail01.example.com; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden>)