# [SOLVED] Crash of mail-filter/pypolicyd-spf

## SwordArMor

Hi,

Today I tried to add SPF support to my postfix, but mail-filter/pypolicyd-spf crash when I receive an email

```
Apr  8 16:11:40 bulbizarre postfix/smtpd[26779]: connect from cabale.usenet-fr.net[2001:1b78:0:2:d918:5204:0:1]

Apr  8 16:11:40 bulbizarre postgrey[32332]: action=pass, reason=triplet found, client_name=cabale.usenet-fr.net, client_address=2001:1b78:0:2:d918:5204:0:1, sender=frnog-owner@frnog.org, recipient=alarig@swordarmor.fr

Apr  8 16:11:40 bulbizarre policyd-spf[26813]: Traceback (most recent call last):

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:   File "/usr/bin/policyd-spf-2.7", line 684, in <module>

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:     instance_dict, configData, peruser)

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:   File "/usr/bin/policyd-spf-2.7", line 350, in _spfcheck

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:     skip_check = _spfbypass(data, 'skip_addresses', configData)

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:   File "/usr/bin/policyd-spf-2.7", line 206, in _spfbypass

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:     if _cidrmatch(ip, good_ip, int(cidr_range)):

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:   File "/usr/bin/policyd-spf-2.7", line 53, in _cidrmatch

Apr  8 16:11:40 bulbizarre policyd-spf[26813]:     connectip = spf.inet_pton(connectip)

Apr  8 16:11:40 bulbizarre policyd-spf[26813]: AttributeError: 'module' object has no attribute 'inet_pton'

Apr  8 16:11:40 bulbizarre postfix/spawn[26789]: warning: command /usr/bin/policyd-spf exit status 1

Apr  8 16:11:40 bulbizarre postfix/smtpd[26779]: warning: premature end-of-input on private/policyd-spf while reading input attribute name

Apr  8 16:11:41 bulbizarre policyd-spf[26824]: Traceback (most recent call last):

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:   File "/usr/bin/policyd-spf-2.7", line 684, in <module>

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:     instance_dict, configData, peruser)

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:   File "/usr/bin/policyd-spf-2.7", line 350, in _spfcheck

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:     skip_check = _spfbypass(data, 'skip_addresses', configData)

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:   File "/usr/bin/policyd-spf-2.7", line 206, in _spfbypass

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:     if _cidrmatch(ip, good_ip, int(cidr_range)):

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:   File "/usr/bin/policyd-spf-2.7", line 53, in _cidrmatch

Apr  8 16:11:41 bulbizarre policyd-spf[26824]:     connectip = spf.inet_pton(connectip)

Apr  8 16:11:41 bulbizarre policyd-spf[26824]: AttributeError: 'module' object has no attribute 'inet_pton'

Apr  8 16:11:41 bulbizarre postfix/spawn[26789]: warning: command /usr/bin/policyd-spf exit status 1

Apr  8 16:11:41 bulbizarre postfix/smtpd[26779]: warning: premature end-of-input on private/policyd-spf while reading input attribute name

Apr  8 16:11:41 bulbizarre postfix/smtpd[26779]: warning: problem talking to server private/policyd-spf: Success

Apr  8 16:11:41 bulbizarre postfix/smtpd[26779]: NOQUEUE: reject: RCPT from cabale.usenet-fr.net[2001:1b78:0:2:d918:5204:0:1]: 451 4.3.5 <alarig@swordarmor.fr>: Recipient address rejected: Server configuration problem; from=<frnog-owner@frnog.org> to=<alarig@swordarmor.fr> proto=ESMTP helo=<cabale.usenet-fr.net>

Apr  8 16:11:41 bulbizarre postfix/smtpd[26779]: disconnect from cabale.usenet-fr.net[2001:1b78:0:2:d918:5204:0:1] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
```

I can’t find the spf.pl file as described in https://wiki.gentoo.org/wiki/Mailfiltering_Gateway#SPF_.28Sender_Policy_Framework.29 and the link to the development version point to a 404.

Here is my configuration, I can’t find where is my error:

```
bulbizarre ~ # cat /etc/postfix/main.cf 

smtpd_recipient_restrictions =

   permit_mynetworks,

   permit_sasl_authenticated,

   reject_non_fqdn_hostname,

   reject_non_fqdn_sender,

   reject_unknown_recipient_domain,

   reject_non_fqdn_recipient,

   reject_unauth_destination,

   reject_unauth_pipelining,

   reject_invalid_hostname,

   reject_unauth_pipelining,

   check_policy_service inet:127.0.0.1:10030,

   check_policy_service unix:private/policyd-spf,

   permit

bulbizarre ~ # cat /etc/postfix/master.cf 

policyd-spf unix -   n   n   -   0   spawn

                   user=nobody argv=/usr/bin/policyd-spf

bulbizarre ~ # cat /etc/python-policyd-spf/policyd-spf.conf

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1

defaultSeedOnly = 1

#HELO_reject = SPF_Not_Pass

HELO_reject = Null

#Mail_From_reject = Fail

Mail_From_reject = False

PermError_reject = False

TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128

Whitelist = 91.224.149.128/32,2a01:6600:8081:8000::1//128
```

Last edited by SwordArMor on Tue Apr 28, 2015 1:44 pm; edited 1 time in total

----------

## Peter Robb

Most likely it received an ipv6 address in the spf reply..

From the ebuild file..

# With >=python-3.3, the built-in ipaddress module handles the parsing

# of IP addresses. If python is built without ipv6 support, then

# ipaddress can't parse ipv6 addresses, and the daemon will crash if it

# sees an ipv6 SPF record. In other words, it's completely broken.

#

# Ideally this would remain optional for python-2.x, but until there's

# an easy way to do that, "maybe annoying" seems a better option than

# "maybe broken."

PYTHON_REQ_USE="ipv6"

So I guess try rebuilding dev-python/ipaddr with the ipv6 use flag on,

USE="ipv6" emerge -av dev-python/ipaddr

and if that's not enuf, rebuild python and the spf packages with ipv6.

It has also been mentioned in several places that in /etc/postfix/master.cf you should add the address of the conf file just after the argv= entry.

----------

## SwordArMor

 *Peter Robb wrote:*   

> 
> 
> So I guess try rebuilding dev-python/ipaddr with the ipv6 use flag on,
> 
> USE="ipv6" emerge -av dev-python/ipaddr
> ...

 

I already have the ipv6 useflag for the whole system.

The dev-python/ipaddr package haven’t any ipv6 useflag but it is built for python 3.3 and not python 3.4.

```
$ equery uses dev-python/ipaddr

[ Legend : U - final flag setting for installation]

[        : I - package is installed with flag     ]

[ Colors : set, unset                             ]

 * Found these USE flags for dev-python/ipaddr-2.1.11:

 U I

 + + python_targets_python2_7 : Build with Python 2.7

 + + python_targets_python3_3 : Build with Python 3.3

 - - python_targets_python3_4 : Build with Python 3.4

```

----------

## Peter Robb

Python 3.3 has the ipaddr module builtin.. If your error says the attribute 'inet_pton' doesn't exist, either it compiled badly or dev-python/ipaddr conflicts somehow.

Check to see dev-python/ipaddr didn't clobber an existing file.

equery files dev-python/ipaddr

Then remove it.

I had this same problem but chose to use the perl based spf instead of recompiling with ipv6.

I don't have the python spf installed so I can't check files etc..

----------

## SwordArMor

I don’t think that there is a conflict on a file between two packages

```
alarig@bulbizarre ~ $ equery files dev-python/ipaddr

 * Searching for ipaddr in dev-python ...

 * Contents of dev-python/ipaddr-2.1.11:

/usr

/usr/lib64

/usr/lib64/python2.7

/usr/lib64/python2.7/site-packages

/usr/lib64/python2.7/site-packages/ipaddr-2.1.11-py2.7.egg-info

/usr/lib64/python2.7/site-packages/ipaddr.py

/usr/lib64/python2.7/site-packages/ipaddr.pyc

/usr/lib64/python2.7/site-packages/ipaddr.pyo

/usr/lib64/python3.3

/usr/lib64/python3.3/site-packages

/usr/lib64/python3.3/site-packages/__pycache__

/usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyc

/usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyo

/usr/lib64/python3.3/site-packages/ipaddr-2.1.11-py3.3.egg-info

/usr/lib64/python3.3/site-packages/ipaddr.py

/usr/share

/usr/share/doc

/usr/share/doc/ipaddr-2.1.11

/usr/share/doc/ipaddr-2.1.11/README.bz2

/usr/share/doc/ipaddr-2.1.11/RELEASENOTES.bz2

alarig@bulbizarre ~ $ for file in $(equery -C files dev-python/ipaddr | grep site-packages/); do equery belongs $file; done

 * Searching for /usr/lib64/python2.7/site-packages/ipaddr-2.1.11-py2.7.egg-info ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python2.7/site-packages/ipaddr-2.1.11-py2.7.egg-info)

 * Searching for /usr/lib64/python2.7/site-packages/ipaddr.py ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python2.7/site-packages/ipaddr.py)

 * Searching for /usr/lib64/python2.7/site-packages/ipaddr.pyc ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python2.7/site-packages/ipaddr.pyc)

 * Searching for /usr/lib64/python2.7/site-packages/ipaddr.pyo ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python2.7/site-packages/ipaddr.pyo)

 * Searching for /usr/lib64/python3.3/site-packages/__pycache__ ... 

dev-lang/python-3.3.5-r1 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/configobj-5.0.5 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/ipaddr-2.1.11 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/pyspf-2.0.10 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/setuptools-12.0.1 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/six-1.8.0 (/usr/lib64/python3.3/site-packages/__pycache__)

dev-python/virtualenv-1.11.6 (/usr/lib64/python3.3/site-packages/__pycache__)

mail-filter/pypolicyd-spf-1.3.1 (/usr/lib64/python3.3/site-packages/__pycache__)

net-analyzer/speedtest-cli-0.2.4 (/usr/lib64/python3.3/site-packages/__pycache__)

 * Searching for /usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyc ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyc)

 * Searching for /usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyo ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python3.3/site-packages/__pycache__/ipaddr.cpython-33.pyo)

 * Searching for /usr/lib64/python3.3/site-packages/ipaddr-2.1.11-py3.3.egg-info ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python3.3/site-packages/ipaddr-2.1.11-py3.3.egg-info)

 * Searching for /usr/lib64/python3.3/site-packages/ipaddr.py ... 

dev-python/ipaddr-2.1.11 (/usr/lib64/python3.3/site-packages/ipaddr.py)

```

I installed the version 1.3.1 of mail-filter/pypolicyd-spf (the stable is 1.1) and I don’t meet this issue, so I think that there is a bug in the version 1.1.

Thanks for your help  :Smile: 

----------

