I switched to the distro-pkgs case, execing with python2.
I switched to debugLevel = 5
On send/receive of a testmail from gmail,
(1) with Header_Type=SPF, the rcvd mail has this in its headers, what I expected
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>
Here's the log
tail mail.log | grep -i policyd-spf
Apr 7 06:34:14 mail01 policyd-spf[17175]: Starting Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "request=smtpd_access_policy" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_state=RCPT" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_name=ESMTP" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_address=209.85.220.67" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_name=mail-pa0-f67.google.com" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_port=36656" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "reverse_client_name=mail-pa0-f67.google.com" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "helo_name=mail-pa0-f67.google.com" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>" Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>" Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['None', '', 'helo']" Apr 7 06:34:14 mail01 policyd-spf[17175]: None; identity=helo; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden> Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']" Apr 7 06:34:14 mail01 policyd-spf[17175]: Pass; identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden> Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None Apr 7 06:34:14 mail01 policyd-spf[17175]: Action: prepend: Text: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.220.67; helo=mail-pa0-f67.google.com; <email address hidden>; <email address hidden>
(1) with Header_Type=AR, the rcvd mail's got no trace of *spf* in the headers at all.
and the log
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "request=smtpd_access_policy" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_state=RCPT" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_name=ESMTP" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_address=209.85.192.194" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_name=mail-pf0-f194.google.com" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_port=34984" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "reverse_client_name=mail-pf0-f194.google.com" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "helo_name=mail-pf0-f194.google.com" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "recipient_count=0" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "etrn_domain=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "stress=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_method=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_username=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_sender=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_subject=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_issuer=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_fingerprint=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_pubkey_fingerprint=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_protocol=TLSv1.2" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_keysize=128" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "policy_context=" Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "" Apr 7 06:23:24 mail01 policyd-spf[15736]: Found the end of entry Apr 7 06:23:24 mail01 policyd-spf[15736]: Config: {'Mail_From_reject': 'Fail', 'Void_Limit': 2, 'Header_Type': 'AR', 'PermError_reject': 'False', 'Lookup_Time': 20, 'Authserv_Id': 'mail01.example.com', 'defaultSeedOnly': 1, 'debugLevel': 5, 'skip_addresses': '127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'HELO_reject': 'SPF_Not_Pass', 'TempError_Defer': 'False'} Apr 7 06:23:24 mail01 policyd-spf[15736]: Cached data for this instance: [] Apr 7 06:23:24 mail01 policyd-spf[15736]: ERROR: 127.0.0.0/8 in skip_addresses not IP network. Message: '209.85.192.194' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?. Aborting whitelist processing. Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['None', '', 'helo']" Apr 7 06:23:24 mail01 policyd-spf[15736]: None; identity=helo; client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden> Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']" Apr 7 06:23:24 mail01 policyd-spf[15736]: Pass; identity=mailfrom; client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden> Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com Apr 7 06:23:24 mail01 policyd-spf[15736]: Action: prepend: Text: Authentication-Results: mail01.example.com; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=209.85.192.194; helo=mail-pf0-f194.google.com; <email address hidden>; <email address hidden>)
I switched to the distro-pkgs case, execing with python2.
I switched to debugLevel = 5
On send/receive of a testmail from gmail,
(1) with Header_Type=SPF, the rcvd mail has this in its headers, what I expected
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client- ip=209. 85.220. 67; helo=mail- pa0-f67. google. com; <email address hidden>; <email address hidden>
Here's the log
tail mail.log | grep -i policyd-spf
Apr 7 06:34:14 mail01 policyd-spf[17175]: Starting smtpd_access_ policy" state=RCPT" name=ESMTP" address= 209.85. 220.67" name=mail- pa0-f67. google. com" client_ name=mail- pa0-f67. google. com" mail-pa0- f67.google. com" ip=209. 85.220. 67; helo=mail- pa0-f67. google. com; <email address hidden>; <email address hidden> ip=209. 85.220. 67; helo=mail- pa0-f67. google. com; <email address hidden>; <email address hidden> ip=209. 85.220. 67; helo=mail- pa0-f67. google. com; <email address hidden>; <email address hidden>
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "request=
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "protocol_
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "client_port=36656"
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "reverse_
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "helo_name=
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>"
Apr 7 06:34:14 mail01 policyd-spf[17175]: Read line: "<email address hidden>"
Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['None', '', 'helo']"
Apr 7 06:34:14 mail01 policyd-spf[17175]: None; identity=helo; client-
Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None
Apr 7 06:34:14 mail01 policyd-spf[17175]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']"
Apr 7 06:34:14 mail01 policyd-spf[17175]: Pass; identity=mailfrom; client-
Apr 7 06:34:14 mail01 policyd-spf[17175]: Header type: SPF; Authres ID (for AR): None
Apr 7 06:34:14 mail01 policyd-spf[17175]: Action: prepend: Text: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-
(1) with Header_Type=AR, the rcvd mail's got no trace of *spf* in the headers at all.
and the log
tail mail.log | grep -i policyd-spf
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "request= smtpd_access_ policy" state=RCPT" name=ESMTP" address= 209.85. 192.194" name=mail- pf0-f194. google. com" client_ name=mail- pf0-f194. google. com" mail-pf0- f194.google. com" fingerprint= " pubkey_ fingerprint= " protocol= TLSv1.2" cipher= ECDHE-RSA- AES128- GCM-SHA256" keysize= 128" From_reject' : 'Fail', 'Void_Limit': 2, 'Header_Type': 'AR', 'PermError_reject': 'False', 'Lookup_Time': 20, 'Authserv_Id': 'mail01. example. com', 'defaultSeedOnly': 1, 'debugLevel': 5, 'skip_addresses': '127.0. 0.0/8,: :ffff:127. 0.0.0/104, ::1', 'HELO_reject': 'SPF_Not_Pass', 'TempError_Defer': 'False'} ip=209. 85.192. 194; helo=mail- pf0-f194. google. com; <email address hidden>; <email address hidden> ip=209. 85.192. 194; helo=mail- pf0-f194. google. com; <email address hidden>; <email address hidden> Results: mail01.example.com; spf=pass (sender SPF authorized) smtp.mailfrom= gmail.com (client- ip=209. 85.192. 194; helo=mail- pf0-f194. google. com; <email address hidden>; <email address hidden>)
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "protocol_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "client_port=34984"
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "reverse_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "helo_name=
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>"
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "<email address hidden>"
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "recipient_count=0"
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "etrn_domain="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "stress="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_method="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_username="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "sasl_sender="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_subject="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_issuer="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "ccert_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "encryption_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: "policy_context="
Apr 7 06:23:24 mail01 policyd-spf[15736]: Read line: ""
Apr 7 06:23:24 mail01 policyd-spf[15736]: Found the end of entry
Apr 7 06:23:24 mail01 policyd-spf[15736]: Config: {'Mail_
Apr 7 06:23:24 mail01 policyd-spf[15736]: Cached data for this instance: []
Apr 7 06:23:24 mail01 policyd-spf[15736]: ERROR: 127.0.0.0/8 in skip_addresses not IP network. Message: '209.85.192.194' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?. Aborting whitelist processing.
Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['None', '', 'helo']"
Apr 7 06:23:24 mail01 policyd-spf[15736]: None; identity=helo; client-
Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com
Apr 7 06:23:24 mail01 policyd-spf[15736]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']"
Apr 7 06:23:24 mail01 policyd-spf[15736]: Pass; identity=mailfrom; client-
Apr 7 06:23:24 mail01 policyd-spf[15736]: Header type: AR; Authres ID (for AR): mail01.example.com
Apr 7 06:23:24 mail01 policyd-spf[15736]: Action: prepend: Text: Authentication-