From marcel.koopmans at elysium-os.nl Tue Mar 1 06:22:36 2011 From: marcel.koopmans at elysium-os.nl (Marcel Koopmans) Date: Tue, 1 Mar 2011 12:22:36 +0100 Subject: [Pymilter] IPv6 Message-ID: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Hello Everybody, I am tying to find an SPF milter that works with sendmail then does actually work with IPv6. My result so far is that pymilter seems to fail. I use stock Debian 6.0 on AMD64 spfmilter.cfg: internal_connect = 127.0.0.1,172.20.1.0/24,[2001:610:779::]/48 sendmail config: INPUT_MAIL_FILTER(`milter', `S=unix:/var/run/spf-milter-python/spfmiltersock, F=T, T=S:240s;R:240s;E:5m')dnl SPF Record: "v=spf1 +ip4:84.53.110.135/32 +ip6:2001:610:779::/48 -all" This should be "v=spf1 +ip4:84.53.110.135/32 +ip6:2001:610:779::A/128 -all" once I can whitelist my internal computers ( [2001:610:779::]/48 ) mail.log: Mar 1 12:02:37 styx sm-mta[10236]: restarting /usr/sbin/sendmail-mta due to signal Mar 1 12:02:37 styx sm-mta[12565]: starting daemon (8.14.3): SMTP+queueing at 00:10:00 Mar 1 12:02:52 styx spfmilter: pyspffilter: milter claimed not to reply in state 2 but did anyway 4 Mar 1 12:02:52 styx spfmilter: [1] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 12:02:52 styx sm-mta[12580]: STARTTLS=server, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3], version=TLSv1/SSLv3, verify=NOT, cipher=AES128-SHA, bits=128/128 Mar 1 12:02:52 styx spfmilter: [1] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 12:02:52 styx spfmilter: [1] mail from () Mar 1 12:02:52 styx sm-mta[12580]: p21B2qgi012580: Milter: from=, reject=451 4.3.0 Filter failure Mar 1 12:02:52 styx sm-mta[12580]: p21B2qgi012580: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA-v6, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3] Marcel Koopmans Elysium Open Systems Wijdstraat 23 3421AJ Oudewater Tel: 0348-560210 GSM: 06-51174110 email: marcel.koopmans at elysium-os.nl From stuart at bmsi.com Tue Mar 1 11:32:08 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Tue, 1 Mar 2011 11:32:08 -0500 (EST) Subject: [Pymilter] IPv6 In-Reply-To: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Message-ID: On Tue, 1 Mar 2011, Marcel Koopmans wrote: > I am tying to find an SPF milter that works with sendmail then does actually > work with IPv6. > > My result so far is that pymilter seems to fail. > I use stock Debian 6.0 on AMD64 pymilter itself (the module) has been tested pretty well with IP6. > spfmilter.cfg: > > internal_connect = 127.0.0.1,172.20.1.0/24,[2001:610:779::]/48 However, it looks like there is a bug in spfmilter parsing that config. It should be straightforward to testcase and fix. Thanks for the report. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From stuart at bmsi.com Tue Mar 1 11:45:08 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Tue, 1 Mar 2011 11:45:08 -0500 (EST) Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Message-ID: On Tue, 1 Mar 2011, Stuart D. Gathman wrote: > > spfmilter.cfg: > > > > internal_connect = 127.0.0.1,172.20.1.0/24,[2001:610:779::]/48 > > However, it looks like there is a bug in spfmilter parsing that > config. It should be straightforward to testcase and fix. Thanks > for the report. Yep, spfmilter uses Milter.utils.iniplist(), which supports IP4 only. Could you do me a favor and add some logging to the top of the connect method in spfmilter.py before it calls iniplist() so I can get exactly what sendmail passes for a test case. I don't have an IP6 sendmail set up at the moment. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From stuart at bmsi.com Tue Mar 1 15:01:04 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Tue, 1 Mar 2011 15:01:04 -0500 (EST) Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Message-ID: On Tue, 1 Mar 2011, Stuart D. Gathman wrote: > However, it looks like there is a bug in spfmilter parsing that > config. It should be straightforward to testcase and fix. Thanks > for the report. I checked in IP6 support for Milter.utils. spfmilter.py will also need pyspf-2.1 to handle IP6 connections. Scott's been on my case to do a new release of pyspf-2.1 to incorporate changes to pyspf-2.0 since pyspf-2.0.1. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From marcel.koopmans at elysium-os.nl Tue Mar 1 15:12:36 2011 From: marcel.koopmans at elysium-os.nl (Marcel Koopmans) Date: Tue, 1 Mar 2011 21:12:36 +0100 Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Message-ID: Hello Stuart, So far it works... changed file: /usr/share/pyshared/Milter/utils.py In Debian 6.0 I find the link : /usr/lib/python2.6/dist-packages/Milter/utils.py -> ../../../../share/pyshared/Milter/utils.py The logging: Mar 1 21:06:59 styx sendmail[21111]: /etc/mail/aliases: 5 aliases, longest 10 bytes, 76 bytes total Mar 1 21:07:00 styx sm-mta[18735]: restarting /usr/sbin/sendmail-mta due to signal Mar 1 21:07:00 styx sm-mta[21145]: starting daemon (8.14.3): SMTP+queueing at 00:10:00 Mar 1 21:07:19 styx spfmilter: [1] connect from [IPv6:2001:610:779:0:223:6cff:fe9a:9cf3] at ('2001:610:779:0:223:6cff:fe9a:9cf3', 62606, 0, 0) EXTERNAL Mar 1 21:07:19 styx spfmilter: [1] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 21:07:19 styx sm-mta[21163]: STARTTLS=server, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3], version=TLSv1/SSLv3, verify=NOT, cipher=AES128-SHA, bits=128/128 Mar 1 21:07:19 styx spfmilter: [1] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 21:07:19 styx spfmilter: [1] mail from () Mar 1 21:07:19 styx spfmilter: [1] Received-SPF: Pass (styx.home.elysium-os.nl: domain of elysium-os.nl designates 2001:610:779:0:223:6cff:fe9a:9cf3 as permitted sender) client-ip=2001:610:779:0:223:6cff:fe9a:9cf3; envelope-from="marcel.koopmans at elysium-os.nl"; helo="[IPv6:2001:610:779::223:6cff:fe9a:9cf3]"; receiver=styx.home.elysium-os.nl; mechanism="+ip6:2001:610:779::/48"; identity=mailfrom Mar 1 21:07:19 styx sm-mta[21163]: p21K7JQG021163: from=, size=525, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA-v6, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3] Mar 1 21:07:19 styx sm-mta[21163]: p21K7JQG021163: Milter insert (0): header: Received-SPF: Pass (styx.home.elysium-os.nl: domain of elysium-os.nl designates 2001:610:779:0:223:6cff:fe9a:9cf3 as permitted sender) client-ip=2001:610:779:0:223:6cff:fe9a:9cf3; envelope-from="marcel.koopmans at elysium-os.nl"; helo="[IPv6:2001:610:779::223:6cff:fe9a:9cf3]"; receiver=styx.home.elysium-os.nl; mechanism="+ip6:2001:610:779::/48"; identity=mailfrom Mar 1 21:07:19 styx sm-mta[21163]: p21K7JQG021163: Milter add: header: X-Virus-Scanned: clamav-milter 0.96.5 at styx Mar 1 21:07:19 styx sm-mta[21163]: p21K7JQG021163: Milter add: header: X-Virus-Status: Clean Mar 1 21:07:19 styx sm-mta[21165]: p21K7JQG021163: to=, ctladdr= (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31304, dsn=2.0.0, stat=Sent Next step, change my spf record and see if I get it to work with the "internal_connect" setting. kind regards, Marcel On 1 Mar 2011, at 21:01, Stuart D. Gathman wrote: > On Tue, 1 Mar 2011, Stuart D. Gathman wrote: > >> However, it looks like there is a bug in spfmilter parsing that >> config. It should be straightforward to testcase and fix. Thanks >> for the report. > > I checked in IP6 support for Milter.utils. spfmilter.py will also > need pyspf-2.1 to handle IP6 connections. Scott's been on my case to > do a new release of pyspf-2.1 to incorporate changes to pyspf-2.0 > since pyspf-2.0.1. > > -- > Stuart D. Gathman > Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 > "Confutatis maledictis, flammis acribus addictis" - background song for > a Microsoft sponsored "Where do you want to go from here?" commercial. Marcel Koopmans Elysium Open Systems Wijdstraat 23 3421AJ Oudewater Tel: 0348-560210 GSM: 06-51174110 email: marcel.koopmans at elysium-os.nl From stuart at bmsi.com Tue Mar 1 15:21:16 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Tue, 1 Mar 2011 15:21:16 -0500 (EST) Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl> Message-ID: On Tue, 1 Mar 2011, Stuart D. Gathman wrote: > On Tue, 1 Mar 2011, Stuart D. Gathman wrote: > > > However, it looks like there is a bug in spfmilter parsing that > > config. It should be straightforward to testcase and fix. Thanks > > for the report. > > I checked in IP6 support for Milter.utils. spfmilter.py will also > need pyspf-2.1 to handle IP6 connections. Scott's been on my case to > do a new release of pyspf-2.1 to incorporate changes to pyspf-2.0 > since pyspf-2.0.1. Actually, pyspf-2.0.5 has full IP6 support. pyspf-2.1 just moves some of the pure python code (needed only when python not compiled with IP6 support) to other modules. We still need 2.1, however. It adds support for dnspython among other things. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From stuart at bmsi.com Tue Mar 1 15:22:57 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Tue, 1 Mar 2011 15:22:57 -0500 (EST) Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl>

Message-ID: Your syntax in internal_connect needs to leave out the [] for the IP6 address. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From marcel.koopmans at elysium-os.nl Tue Mar 1 15:35:40 2011 From: marcel.koopmans at elysium-os.nl (Marcel Koopmans) Date: Tue, 1 Mar 2011 21:35:40 +0100 Subject: [Pymilter] IPv6 In-Reply-To: References: <199BBE39-F0F3-47E1-924C-A0F61CD1A57F@elysium-os.nl>

Message-ID: <40F06E33-8005-475C-8B95-C140036163E0@elysium-os.nl> Hello Stuart, I have changed my spf record and the configuration to not user brackets around the IPv6 address and it works! spf record: "v=spf1 +ip4:84.53.110.135/32 +ip6:2001:610:779::A/128 -all" Mar 1 21:31:41 styx spfmilter: [10] connect from [IPv6:2001:610:779:0:223:6cff:fe9a:9cf3] at ('2001:610:779:0:223:6cff:fe9a:9cf3', 62650, 0, 0) INTERNAL Mar 1 21:31:41 styx spfmilter: [10] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 21:31:41 styx sm-mta[21477]: STARTTLS=server, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3], version=TLSv1/SSLv3, verify=NOT, cipher=AES128-SHA, bits=128/128 Mar 1 21:31:41 styx spfmilter: [10] hello from [IPv6:2001:610:779::223:6cff:fe9a:9cf3] Mar 1 21:31:41 styx spfmilter: [10] mail from () Mar 1 21:31:41 styx sm-mta[21477]: p21KVf0Z021477: from=, size=525, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA-v6, relay=[IPv6:2001:610:779:0:223:6cff:fe9a:9cf3] Mar 1 21:31:41 styx sm-mta[21477]: p21KVf0Z021477: Milter add: header: X-Virus-Scanned: clamav-milter 0.96.5 at styx Mar 1 21:31:41 styx sm-mta[21477]: p21KVf0Z021477: Milter add: header: X-Virus-Status: Clean Mar 1 21:31:41 styx sm-mta[21479]: p21KVf0Z021477: to=, ctladdr= (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30942, dsn=2.0.0, stat=Sent Thank you so much for quickly fixing this. kind regards, Marcel On 1 Mar 2011, at 21:22, Stuart D. Gathman wrote: > Your syntax in internal_connect needs to leave out the [] for the IP6 address. > > -- > Stuart D. Gathman > Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 > "Confutatis maledictis, flammis acribus addictis" - background song for > a Microsoft sponsored "Where do you want to go from here?" commercial. Marcel Koopmans Elysium Open Systems Wijdstraat 23 3421AJ Oudewater Tel: 0348-560210 GSM: 06-51174110 email: marcel.koopmans at elysium-os.nl From leo at strike.wu.ac.at Mon Mar 28 09:56:01 2011 From: leo at strike.wu.ac.at (Alexander 'Leo' Bergolth) Date: Mon, 28 Mar 2011 15:56:01 +0200 Subject: [Pymilter] SRS for Postfix Message-ID: <4D909371.7030505@strike.wu.ac.at> Hi! I am desperately looking for a way to implement SRS with postfix. Currently, my best candidate was pysrs using a milter approach but looking at the current CVS, there seems to be a problem with multiple recipients... http://pymilter.cvs.sourceforge.net/viewvc/pymilter/pysrs/srsmilter.py?revision=1.2&view=markup -------------------- 8< -------------------- The logical problem is that a milter gets to change MFROM only once for multiple recipients. When there is a conflict between recipients, we either have to punt (all SRS or all no-SRS) or resubmit some of the recipients to "split" the message. -------------------- 8< -------------------- Is there any progress on this issue? (I wouldn't mind using an all SRS or all no-SRS policy if resubmitting a mail via milter is a big problem...) Does anyone know of another way to add SRS support to postfix? (Maybe an SMTP based content filter?) Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria From stuart at bmsi.com Mon Mar 28 12:01:58 2011 From: stuart at bmsi.com (Stuart D. Gathman) Date: Mon, 28 Mar 2011 12:01:58 -0400 (EDT) Subject: [Pymilter] SRS for Postfix In-Reply-To: <4D909371.7030505@strike.wu.ac.at> References: <4D909371.7030505@strike.wu.ac.at> Message-ID: On Mon, 28 Mar 2011, Alexander 'Leo' Bergolth wrote: > http://pymilter.cvs.sourceforge.net/viewvc/pymilter/pysrs/srsmilter.py?revision=1.2&view=markup > -------------------- 8< -------------------- > The logical problem is that a milter gets to change MFROM only once for > multiple recipients. When there is a conflict between recipients, we > either have to punt (all SRS or all no-SRS) or resubmit some of the > recipients to "split" the message. > -------------------- 8< -------------------- > > Is there any progress on this issue? > (I wouldn't mind using an all SRS or all no-SRS policy if resubmitting a > mail via milter is a big problem...) No progress yet, but it's good to know there are takers for "punt". > Does anyone know of another way to add SRS support to postfix? (Maybe an > SMTP based content filter?) Yes, an smtp proxy is a general way to add SRS support to any mailer, and python offers smtpd.SMTPServer to make this easy. -- Stuart D. Gathman Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flammis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial.