Your message dated Tue, 14 Aug 2007 19:32:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#437361: fixed in pypolicyd-spf 0.4.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: python-policyd-spf
Version: 0.4-3
Severity: important
I entered the RCPT TO twice as below and it was accepted after the second
entry. The email is obviously spoofed and SPF knows it.
$ netcat 10.10.10.213 25
220 mail.cacert.org ESMTP mailserver
EHLO controlledmail.com
250-mail.cacert.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: [EMAIL PROTECTED]
250 2.1.0 Ok
RCPT TO: [EMAIL PROTECTED]
550 5.7.1 <[EMAIL PROTECTED]>: Recipient address rejected: Received-SPF: Fail
(SPF fail - not authorized) Mail From client-ip=10.10.10.213;
helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL PROTECTED];
RCPT TO: [EMAIL PROTECTED]
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
this worked
..
250 2.0.0 Ok: queued as 4CDC1232A7
My postfix config includes:
main.cf
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_clientcerts
reject_unauth_destination
check_policy_service unix:private/policyd-spf
master.cf
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/python /usr/bin/policyd-spf
/etc/python-policyd-spf/policyd-spf.conf
# grep ^[^#] /etc/python-policyd-spf/policyd-spf.conf
debugLevel = 4
defaultSeedOnly = 1
HELO_reject = No_Check
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
/var/log/mail.log
Aug 12 03:29:32 mail policyd-spf[31138]: Starting
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"request=smtpd_access_policy"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "protocol_state=RCPT"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "protocol_name=ESMTP"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"client_address=10.10.10.213"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"client_name=mail.cacert.org"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"reverse_client_name=mail.cacert.org"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"helo_name=controlledmail.com"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "recipient_count=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "queue_id="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line:
"instance=7996.46be7e92.4a33.0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "size=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "etrn_domain="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_method="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_username="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_sender="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_subject="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_issuer="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_fingerprint="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_protocol="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_cipher="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_keysize=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: ""
Aug 12 03:29:32 mail policyd-spf[31138]: Found the end of entry
Aug 12 03:29:32 mail policyd-spf[31138]: Config: {'Mail_From_reject': 'Fail',
'PermError_reject': 'False', 'HELO_reject': 'No_Check', 'defaultSeedOnly': 1,
'debugLevel': 4, 'TempError_Defer': 'False'}
Aug 12 03:29:32 mail policyd-spf[31138]: spfcheck: pyspf result: "['fail', 'SPF
fail - not authorized', 'Mail From']"
Aug 12 03:29:32 mail policyd-spf[31138]: SPF fail - not authorized:Mail From
client-ip=10.10.10.213; helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL
PROTECTED];
Aug 12 03:29:32 mail postfix/smtpd[31126]: NOQUEUE: reject: RCPT from
mail.cacert.org[10.10.10.213]: 550 5.7.1 <[EMAIL PROTECTED]>: Recipient address
rejected: Received-SPF: Fail (SPF fail - not authorized) Mail From
client-ip=10.10.10.213; helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL
PROTECTED]; ; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=<controlledmail.com>
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"request=smtpd_access_policy"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "protocol_state=RCPT"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "protocol_name=ESMTP"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"client_address=10.10.10.213"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"client_name=mail.cacert.org"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"reverse_client_name=mail.cacert.org"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"helo_name=controlledmail.com"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "recipient_count=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "queue_id="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line:
"instance=7996.46be7e92.4a33.0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "size=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "etrn_domain="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_method="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_username="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_sender="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_subject="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_issuer="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_fingerprint="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_protocol="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_cipher="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_keysize=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: ""
Aug 12 03:29:36 mail policyd-spf[31138]: Found the end of entry
Aug 12 03:29:36 mail policyd-spf[31138]: Config: {'Mail_From_reject': 'Fail',
'PermError_reject': 'False', 'HELO_reject': 'No_Check', 'defaultSeedOnly': 1,
'debugLevel': 4, 'TempError_Defer': 'False'}
Aug 12 03:29:36 mail postfix/smtpd[31126]: 4CDC1232A7:
client=mail.cacert.org[10.10.10.213]
Aug 12 03:29:48 mail postfix/cleanup[31139]: 4CDC1232A7: message-id=<[EMAIL
PROTECTED]>
Aug 12 03:29:48 mail postfix/qmgr[30221]: 4CDC1232A7: from=<[EMAIL PROTECTED]>,
size=397, nrcpt=1 (queue active)
Aug 12 03:29:48 mail postfix/local[31140]: warning: database /etc/aliases.db is
older than source file /etc/aliases
Aug 12 03:29:48 mail postfix/local[31140]: 4CDC1232A7: to=<[EMAIL PROTECTED]>,
relay=local, delay=26, delays=26/0.01/0/0.06, dsn=2.0.0, status=sent (delivered
to mailbox)
Aug 12 03:29:48 mail postfix/qmgr[30221]: 4CDC1232A7: removed
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20-vs2.2.0-gentoo
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages python-policyd-spf depends on:
ii python 2.4.4-2 An interactive high-level object-o
ii python-spf 2.0.3-2 sender policy framework (SPF) modu
ii python-support 0.5.6 automated rebuilding support for p
Versions of packages python-policyd-spf recommends:
ii postfix 2.3.8-2 A high-performance mail transport
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: pypolicyd-spf
Source-Version: 0.4.1-1
We believe that the bug you reported is fixed in the latest version of
pypolicyd-spf, which is due to be installed in the Debian FTP archive:
pypolicyd-spf_0.4.1-1.diff.gz
to pool/main/p/pypolicyd-spf/pypolicyd-spf_0.4.1-1.diff.gz
pypolicyd-spf_0.4.1-1.dsc
to pool/main/p/pypolicyd-spf/pypolicyd-spf_0.4.1-1.dsc
pypolicyd-spf_0.4.1.orig.tar.gz
to pool/main/p/pypolicyd-spf/pypolicyd-spf_0.4.1.orig.tar.gz
python-policyd-spf_0.4.1-1_all.deb
to pool/main/p/pypolicyd-spf/python-policyd-spf_0.4.1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[EMAIL PROTECTED]> (supplier of updated pypolicyd-spf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 13 Aug 2007 11:03:09 -0400
Source: pypolicyd-spf
Binary: python-policyd-spf
Architecture: source all
Version: 0.4.1-1
Distribution: unstable
Urgency: low
Maintainer: Scott Kitterman <[EMAIL PROTECTED]>
Changed-By: Scott Kitterman <[EMAIL PROTECTED]>
Description:
python-policyd-spf - pure-Python Postfix policy daemon for SPF checking
Closes: 434623 437361
Changes:
pypolicyd-spf (0.4.1-1) unstable; urgency=low
.
* Correct multi-recipient reject processing (Closes: #437361)
* Correct typos in README.Debian (Closes: #434623)
* Add debian/watch
Files:
25655c02245325c79813323dd81c272f 680 mail extra pypolicyd-spf_0.4.1-1.dsc
b9a5e243319242484b16a6a8a409c99a 18175 mail extra
pypolicyd-spf_0.4.1.orig.tar.gz
3da6512d2605a205dffc842f8a46511d 2597 mail extra pypolicyd-spf_0.4.1-1.diff.gz
907d877f3005ff16718df208ce8695a6 14830 mail extra
python-policyd-spf_0.4.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGwgDDCV53xXnMZYYRAtz4AKCkwdxhYrH2DQaswDzq7zqI46ItEQCg3PXf
Bnb7POP8zC6MngLP1p/M06M=
=tY71
-----END PGP SIGNATURE-----
--- End Message ---
