Menu

#45 PermError due to invalid IP address not caught

v0.8
open
nobody
None
5
2016-04-26
2016-04-23
Scott Kitterman
No

This was filed on Launchpad against my SPF policy server, but I think it's rather a pyspf issue.

Bug description:
We're seeing the following from one domain:

Traceback (most recent call last):
File "/usr/lib/python-exec/python3.4/policyd-spf", line 700, in <module>
instance_dict, configData, peruser)
File "/usr/lib/python-exec/python3.4/policyd-spf", line 524, in _spfcheck
res = spf.check2(ip, sender, helo, querytime=configData.get('Lookup_Time'))
File "/usr/lib64/python3.4/site-packages/spf.py", line 297, in check2
receiver=receiver,timeout=timeout,verbose=verbose,querytime=querytime).check()
File "/usr/lib64/python3.4/site-packages/spf.py", line 547, in check
rc = self.check1(spf, self.d, 0)
File "/usr/lib64/python3.4/site-packages/spf.py", line 586, in check1
return self.check0(spf, recursion)
File "/usr/lib64/python3.4/site-packages/spf.py", line 906, in check0
if self.cidrmatch([arg], cidrlength): break
File "/usr/lib64/python3.4/site-packages/spf.py", line 1348, in cidrmatch
for netwrk in [ipaddress.ip_network(ip) for ip in ipaddrs]:
File "/usr/lib64/python3.4/site-packages/spf.py", line 1348, in <listcomp>
for netwrk in [ipaddress.ip_network(ip) for ip in ipaddrs]:
File "/usr/lib64/python3.4/ipaddress.py", line 84, in ip_network
address)
ValueError: '208.117.60.150\n' does not appear to be an IPv4 or IPv6 network

This comes from nfp.com, who have a busted SPF record:

$ dig +short nfp.com txt | grep spf
"v=spf1 ip4:66.194.186.0/24 ip4:208.66.204.0/22 ip4:208.85.51.54 ip4:50.31.32.156 ip4:208.117.60.150\010 
ip4:204.155.62.0/24 ip4:192.26.131.0/24 include:spf-000a5001.pphosted.com include:_netblocks.mimecast.com 
include:hr360spf.smtp.com  include:include:as" "pmx.pardot.com include:FirmSPF2.nfp.com -all"

Notice the "ip4:208.117.60.150\010" with an escaped newline at the end
for god-knows-why.

Discussion

Log in to post a comment.