Bug 1770636

Summary:	python-pyspf-2.0.13-1.fc30 breaks for years running setup
Product:	[Fedora] Fedora	Reporter:	Harald Reindl <h.reindl>
Component:	python-pyspf	Assignee:	Paul Wouters <pwouters>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	30	CC:	bojan, brad, bratislav.ilic, cegolf, pwouters
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	python-pyspf-2.0.14-1.fc30 python-pyspf-2.0.14-1.fc31 python-pyspf-2.0.14-3.el8	Doc Type:	---
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-02-16 01:09:11 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Harald Reindl 2019-11-11 01:45:21 UTC

2019-11-10T17:13:09Z SUBDEBUG Upgrade: python3-pyspf-2.0.13-1.fc30.noarch
2019-11-10T17:13:09Z SUBDEBUG Upgraded: python3-pyspf-2.0.12-10.fc30.noarch
2019-11-11T01:34:56Z SUBDEBUG Downgrade: python3-pyspf-2.0.12-10.fc30.noarch

that package version has a massive problem on at least one of the two instances used in our postfix setup for at least 3 years unchanged

------------------------------------------

main.cf:
smtpd_recipient_restrictions =
 check_policy_service unix:private/spf-policy-info
 check_recipient_access proxy:hash:/etc/postfix/skip_spf_check.cf
 check_policy_service unix:private/spf-policy

master.cf:
spf-policy-info unix  -       n       n       -       0       spawn user=nobody argv=/usr/libexec/postfix/policyd-spf /etc/python-policyd-spf/policyd-spf-noreject.conf
spf-policy      unix  -       n       n       -       0       spawn user=nobody argv=/usr/libexec/postfix/policyd-spf /etc/python-policyd-spf/policyd-spf.conf


[root@mail-gw:~]$ cat /etc/python-policyd-spf/policyd-spf-noreject.conf
# first unconditional instance without logging but add headers
# this one does also SPF_HELO tests and so populates dns-caches for SpamAssassin
# the conditional instance deeper in the chain will re-use dns-caches
# SpamAssassin can re-use the trusted "Received-SPF" header and save lookups
# higher lookup-time and TEMP-REJECT in case of lookup-errors
debugLevel = 1
HELO_reject = False
Mail_From_reject = False
PermError_reject = False
TempError_Defer = True
Hide_Receiver = No
Lookup_Time = 20


[root@mail-gw:~]$ cat /etc/python-policyd-spf/policyd-spf.conf
# second instance with reject on SPF_FAIL
# this one is skipped by high trusted DNSWL
# in case of SPF_PASS the response for postfix is PERMIT
# so we skip here aggressive HELO/PTR tests and sender-verify
# reduced lookup-time since dns-caches should be already populated

debugLevel = 0
HELO_reject = No_Check
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = True
Hide_Receiver = No
Lookup_Time = 5
Mail_From_pass_restriction = OK

------------------------------------------

Nov 11 02:27:42 mail-gw postfix/spawn[768680]: warning: command /usr/libexec/postfix/policyd-spf exit status 1
Nov 11 02:27:42 mail-gw postfix/smtpd[768683]: warning: premature end-of-input on private/spf-policy-info while reading input attribute name
Nov 11 02:27:42 mail-gw postfix/smtpd[768683]: warning: problem talking to server private/spf-policy-info: Success

Nov 11 02:33:35 mail-gw policyd-spf[769278]: NameError: name 'strict' is not defined
Nov 11 02:33:35 mail-gw postfix/spawn[769086]: warning: command /usr/libexec/postfix/policyd-spf exit status 1
Nov 11 02:34:52 mail-gw policyd-spf[769355]: Traceback (most recent call last):
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/libexec/postfix/policyd-spf", line 809, in <module>
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    instance_dict, configData, peruser, peruserconfigData)
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/libexec/postfix/policyd-spf", line 623, in _spfcheck
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    mres = mfromquery.check()
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 595, in check
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    rc = self.check1(spf, self.d, 0)
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 634, in check1
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    return self.check0(spf, recursion)
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 917, in check0
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    d = self.dns_spf(arg)
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1159, in dns_spf
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1209, in dns_txt
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1353, in dns
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    for k, v in DNSLookup(name, qtype, self.strict, timeout):
Nov 11 02:34:52 mail-gw policyd-spf[769355]:  File "/usr/lib/python3.7/site-packages/spf.py", line 105, in DNSLookup_pydns
Nov 11 02:34:52 mail-gw policyd-spf[769355]:    if strict > 1:
Nov 11 02:34:52 mail-gw policyd-spf[769355]: NameError: name 'strict' is not defined
Nov 11 02:34:52 mail-gw postfix/spawn[769354]: warning: command /usr/libexec/postfix/policyd-spf exit status 1
Nov 11 02:34:53 mail-gw policyd-spf[769356]: Traceback (most recent call last):
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/libexec/postfix/policyd-spf", line 809, in <module>
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    instance_dict, configData, peruser, peruserconfigData)
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/libexec/postfix/policyd-spf", line 623, in _spfcheck
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    mres = mfromquery.check()
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 595, in check
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    rc = self.check1(spf, self.d, 0)
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 634, in check1
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    return self.check0(spf, recursion)
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 917, in check0
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    d = self.dns_spf(arg)
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1159, in dns_spf
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1209, in dns_txt
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1353, in dns
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    for k, v in DNSLookup(name, qtype, self.strict, timeout):
Nov 11 02:34:53 mail-gw policyd-spf[769356]:  File "/usr/lib/python3.7/site-packages/spf.py", line 105, in DNSLookup_pydns
Nov 11 02:34:53 mail-gw policyd-spf[769356]:    if strict > 1:
Nov 11 02:34:53 mail-gw policyd-spf[769356]: NameError: name 'strict' is not defined

------------------------------------------

Comment 1 Bratislav.ILIC@prointer.rs 2019-12-04 09:02:19 UTC

Ths bug has already been resolved in the upstream ...
https://github.com/sdgathman/pyspf/issues/17

Comment 2 Bojan Smojver 2019-12-11 11:15:08 UTC

*** Bug 1778380 has been marked as a duplicate of this bug. ***

Comment 3 Harald Reindl 2020-02-05 01:51:26 UTC Comment hidden (abuse)

damend fix it or at least purge the broken version from the fedora repos
it's a joke run into the same bug 3 months later due dist-upgrade to F31

2020-02-05T00:52:25Z SUBDEBUG Upgrade: python3-pyspf-2.0.13-1.fc31.noarch
2020-02-05T00:52:32Z SUBDEBUG Upgraded: python3-pyspf-2.0.12-10.fc30.noarch
2020-02-05T01:48:57Z SUBDEBUG Downgrade: python3-pyspf-2.0.12-11.fc31.noarch
2020-02-05T01:48:57Z SUBDEBUG Downgraded: python3-pyspf-2.0.13-1.fc31.noarch

Feb  5 02:40:13 mail-gw policyd-spf[17148]: Traceback (most recent call last):
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/libexec/postfix/policyd-spf", line 809, in <module>
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    instance_dict, configData, peruser, peruserconfigData)
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/libexec/postfix/policyd-spf", line 623, in _spfcheck
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    mres = mfromquery.check()
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 595, in check
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    rc = self.check1(spf, self.d, 0)
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 634, in check1
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    return self.check0(spf, recursion)
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 917, in check0
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    d = self.dns_spf(arg)
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1159, in dns_spf
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1209, in dns_txt
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1353, in dns
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    for k, v in DNSLookup(name, qtype, self.strict, timeout):
Feb  5 02:40:13 mail-gw policyd-spf[17148]:  File "/usr/lib/python3.7/site-packages/spf.py", line 105, in DNSLookup_pydns
Feb  5 02:40:13 mail-gw policyd-spf[17148]:    if strict > 1:
Feb  5 02:40:13 mail-gw policyd-spf[17148]: NameError: name 'strict' is not defined
Feb  5 02:40:13 mail-gw postfix/spawn[17147]: warning: command /usr/libexec/postfix/policyd-spf exit status 1
Feb  5 02:40:13 mail-gw postfix/smtpd[16921]: warning: premature end-of-input on private/spf-policy-info while reading input attribute name
Feb  5 02:40:14 mail-gw policyd-spf[17149]: Traceback (most recent call last):
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/libexec/postfix/policyd-spf", line 809, in <module>
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    instance_dict, configData, peruser, peruserconfigData)
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/libexec/postfix/policyd-spf", line 623, in _spfcheck
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    mres = mfromquery.check()
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 595, in check
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    rc = self.check1(spf, self.d, 0)
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 634, in check1
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    return self.check0(spf, recursion)
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 917, in check0
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    d = self.dns_spf(arg)
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1159, in dns_spf
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)]
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1209, in dns_txt
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    dns_list = self.dns(domainname, rr,ignore_void=ignore_void)
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 1353, in dns
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    for k, v in DNSLookup(name, qtype, self.strict, timeout):
Feb  5 02:40:14 mail-gw policyd-spf[17149]:  File "/usr/lib/python3.7/site-packages/spf.py", line 105, in DNSLookup_pydns
Feb  5 02:40:14 mail-gw policyd-spf[17149]:    if strict > 1:
Feb  5 02:40:14 mail-gw policyd-spf[17149]: NameError: name 'strict' is not defined

Comment 4 Fedora Update System 2020-02-07 01:19:59 UTC

FEDORA-2020-422cdb6958 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-422cdb6958

Comment 5 Fedora Update System 2020-02-07 01:20:01 UTC

FEDORA-2020-8581056244 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-8581056244

Comment 6 Fedora Update System 2020-02-07 01:20:02 UTC

FEDORA-EPEL-2020-a78639c3e0 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a78639c3e0

Comment 7 Fedora Update System 2020-02-08 02:09:59 UTC

python-pyspf-2.0.14-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-8581056244

Comment 8 Fedora Update System 2020-02-08 02:34:48 UTC

python-pyspf-2.0.14-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-422cdb6958

Comment 9 Fedora Update System 2020-02-08 03:04:51 UTC

python-pyspf-2.0.14-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a78639c3e0

Comment 10 Fedora Update System 2020-02-16 01:09:11 UTC

python-pyspf-2.0.14-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2020-02-16 01:29:47 UTC

python-pyspf-2.0.14-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2020-02-21 01:55:12 UTC

python-pyspf-2.0.14-2.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-582b05fe3c

Comment 13 Fedora Update System 2020-02-23 01:35:18 UTC

python-pyspf-2.0.14-3.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-582b05fe3c

Comment 14 Fedora Update System 2020-03-09 02:05:42 UTC

python-pyspf-2.0.14-3.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report.