Logwatch / Discussion / Open Discussion: Unmatched policyd-spf messages

Unmatched policyd-spf messages

Created: 2018-08-14

Updated: 2019-01-21

I run a VERY small mail server (only about 10 users) and I have 194 unmatched messages from policyd-spf listed in the Unmatched Entries section of the postfix part of this morning's logwatch report. These messages started to appear after I upgraded my server from Ubuntu 16.04.5 to 18.04.1. Interestingly, this is an old bug (at least in RedHat) from about 1.5 years ago: https://bugzilla.redhat.com/show_bug.cgi?id=1419274

For reference, here are examples of each of the different "types" of messages I found in the list (with the IP, users and domains sanitized):

**Unmatched Entries**
  1   Aug 13 10:32:46 mail policyd-spf[44597]: prepend Received-SPF: None (mailfrom) identity=mailfrom; client-ip=xxx.xx.xxx.xxx; helo=mail.example.com; envelope-from=user@example.com; receiver=<UNKNOWN>
  1   Aug 13 07:29:02 mail policyd-spf[15608]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=xx.xxx.xxx.xxx; helo=mail.example.com; envelope-from=user@example.com; receiver=<UNKNOWN>
  1   Aug 13 15:02:03 mail policyd-spf[21933]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=xxx.xx.xx.xxx; helo=mail.example.com; envelope-from=user@example.com; receiver=<UNKNOWN>
  1   Aug 13 04:40:36 mail policyd-spf[54627]: 550 5.7.23 Message rejected due to: domain owner discourages use of this host. Please see http://www.openspf.net/Why?s=helo;id=correctemails.com;ip=xxx.xxx.xxx.xx;r=<U NKNOWN>
  1   Aug 13 15:58:43 mail policyd-spf[31131]: prepend Received-SPF: Pass (helo) identity=helo; client-ip=xxx.xx.xx.xx; helo=mail.example.com; envelope-from=user@example.com; receiver=<UNKNOWN>

I'm wondering why this "broke" in the Ubuntu upgrade when the message format changed more than 18 months earlier.

Derek Chen-Becker - 2018-12-02

I'm seeing the same thing. I took a stab at fixing it in https://sourceforge.net/u/d-rock/logwatch/ci/7a3eec5734b522db7b897e3404f55e3899701f01/. Does that fix it for you?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bjorn - 2018-12-23

Would it be simpler to use the perl non-capture operator (?:) ? The patch with respect to the repository's copy would be the attached file. I don't have the means to test it, though.

postfix.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Derek Chen-Becker - 2019-01-20

Thanks, I forgot about non-capturing groups. I tested and that works.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Derek Chen-Becker - 2019-01-20

New commit: https://sourceforge.net/u/d-rock/logwatch/ci/b33dc4364d091ca69112d3cdcce6c0bccefc929c/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bjorn - 2019-01-21

Thanks; it has been rolled into the repository.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Unmatched policyd-spf messages

Forums

Help

Unmatched policyd-spf messages

Unmatched policyd-spf messages

Forums

Help

Unmatched policyd-spf messages document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

Unmatched policyd-spf messages