When receiving and parsing a mail which has an unqualified envelope-from, pypolicyd-spf generates the following backtrace:
Aug 20 15:04:27 aaaaa policyd-spf[18616]: Permerror; identity=helo; client-ip=dd.ddd.dd.ddd; helo=aaaa.aa-aaa.aa; envelope-from=aaaaaa; <email address hidden>
Aug 20 15:04:27 aaaaa policyd-spf[18616]: Traceback (most recent call last):
Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 420, in <module>
Aug 20 15:04:27 aaaaa policyd-spf[18616]: instance_dict, configData)
Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 343, in spfcheck
Aug 20 15:04:27 aaaaa policyd-spf[18616]: mfrom_resultpolicy, local = get_resultcodes(configData, 'mfrom')
Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 122, in get_resultcodes
Aug 20 15:04:27 aaaaa policyd-spf[18616]: if spf.domainmatch(reject_domain_list, sender_domain[1]):
Aug 20 15:04:27 aaaaa policyd-spf[18616]: IndexError: list index out of range
Addresses and IPs have been obfuscated (a for chars, d for digits). Not sure if this problem can be used for DDOS attacks. Feel free to mark as security vulnerability.
What version are you using?