Description of problem: If I use pypolicyd-spf as a policy service for postfix, I get tracebacks in the log (and the mail is not delivered). One of the causes seems to be if the originating IP is IPv6 Version-Release number of selected component (if applicable): 1.3.1-2.el6.noarch How reproducible: Readily Steps to Reproduce 1. Issue this command: spfquery --sender=bugzilla_noreply --ip=2a01:4f8:162:31a2::4 2. 3. Actual results: Traceback (most recent call last): File "/usr/bin/spfquery", line 136, in <module> main(sys.argv[1:]) File "/usr/bin/spfquery", line 120, in main format(q) File "/usr/bin/spfquery", line 97, in format res,code,txt = q.check() File "/usr/lib/python2.6/site-packages/spf.py", line 547, in check rc = self.check1(spf, self.d, 0) File "/usr/lib/python2.6/site-packages/spf.py", line 586, in check1 return self.check0(spf, recursion) File "/usr/lib/python2.6/site-packages/spf.py", line 900, in check0 if self.cidrmatch(self.dns_mx(arg), cidrlength): File "/usr/lib/python2.6/site-packages/spf.py", line 1194, in dns_mx return [a for mx in mxnames[:max] for a in self.dns_a(mx[1],self.A)] File "/usr/lib/python2.6/site-packages/spf.py", line 1206, in dns_a return [ipaddress.Bytes(ip) for ip in r] AttributeError: 'module' object has no attribute 'Bytes' Expected results: Something like pass () ('spfquery:', 'domain of kde.org designates 46.4.96.248 as permitted sender') ('Received-SPF:', 'Pass (spfquery: domain of kde.org designates 46.4.96.248 as permitted sender) client-ip=2a01:4f8:162:31a2::4; envelope-from=bugzilla_noreply; receiver=spfquery; mechanism=mx; identity=mailfrom') Additional info: Using spfquery demonstrates the bug, but the same thing happens in live use. The version of postfix in el6 doesn't have the facility to set smtpd_policy_service_default_action=DUNNO, so when this happens the mail is rejected.
This seems to be relevant: https://bugs.launchpad.net/pypolicyd-spf/+bug/1229862 Which suggests that updating python-ipaddr would help. I have python-ipaddr-2.1.9-3 and as far as I can tell, this is the latest version in the repos for CentOS 6.6.
This must be EL6 specific. I get this on F-21: --------------- $ spfquery --sender=bugzilla_noreply --ip=2a01:4f8:162:31a2::4 neutral () ('spfquery:', '2a01:4f8:162:31a2::4 is neither permitted nor denied by domain of kde.org') ('Received-SPF:', 'Neutral (spfquery: 2a01:4f8:162:31a2::4 is neither permitted nor denied by domain of kde.org) client-ip=2a01:4f8:162:31a2::4; envelope-from="bugzilla_noreply"; receiver=spfquery; mechanism=?all; identity=mailfrom') --------------- The RPM is: --------------- $ rpm -q pypolicyd-spf pypolicyd-spf-1.3.1-2.fc21.noarch --------------- Will have to have a look on an EL6 box, which I don't have handy right now. What version of Python is it using on your box? What is the version of python-ipaddr RPM that you have?
Thanks. Versions: python-2.6.6-52.el6.x86_64 python-ipaddr-2.1.9-3.el6.noarch
Right, so the python-ipaddr is too old, according to that Ubuntu bug. I can hardcode this requirement into the spec, but we should get the owner to rebuild that package for EL6 first, otherwise it won't work.
OK, what's the correct procedure for that? It's not in EPEL, but presumably the CentOS repo just tracks the RHEL one, so should I file a bug on RHEL6.6?
Or you can just reassign this one.
The problem is with python-ipaddr. I rebuilt the current rawhide package (2.1.10-2) for CentOS 7 and I confirm it resolves the issue. Also monitor #1208811 and update this this issue accordingly.
python-ipaddr was updated to 2.1.11, so I believe this can be closed.
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.