From andy.kannberg at gmail.com Thu Jan 8 07:47:30 2015 From: andy.kannberg at gmail.com (Andy Kannberg) Date: Thu, 8 Jan 2015 13:47:30 +0100 Subject: [Pymilter] New to list - got some questions Message-ID: Hi, I got some questions concerning pymilter. I want to use it with Postfix to be able to filter out the usage of certain mail aliases. More specific, if alias a en alias b are used together in a mail, the mail should not be delivered, but send to a moderator adres. Since the examples I found on the net are pretty sparse, and I am not a mail wizard, soms comprehensive examples or maybe even hints and help would be welcome. cheers, Andy -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at bmsi.com Thu Jan 8 12:42:17 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Thu, 8 Jan 2015 12:42:17 -0500 (EST) Subject: [Pymilter] New to list - got some questions In-Reply-To: References: Message-ID: On Jan 8, Andy Kannberg transmitted in part: > I got some questions concerning pymilter. I want to use it with Postfix to > be able to filter out the usage of certain mail aliases. More specific, if > alias a en alias b are used together in a mail, the mail should not be > delivered, but send to a moderator adres. > Since the examples I found on the net are pretty sparse, and I am not a mail > wizard, soms comprehensive examples or maybe even hints and help would be > welcome.? What do you mean by "aliases used together in a mail"? There is only exactly one MAIL FROM. There is only one header From: in an RFC compliant email. Are you talking about recipients? From arnaud at pnzone.net Sat Jan 10 14:52:32 2015 From: arnaud at pnzone.net (Arnaud de Prelle) Date: Sat, 10 Jan 2015 20:52:32 +0100 Subject: [Pymilter] Unknown mechanism found Message-ID: Dear list members, I'm using the pymilter since a few months without any trouble. Today, my server is refusing emails coming from SFR (@sfr.fr) because their SPF record triggers a "permanent Error": 33840 Jan 10 18:41:17 icecube spfmilter: [27508] hello from smtp25.services.sfr.fr 33841 Jan 10 18:41:18 icecube sm-mta[6885]: STARTTLS=server, relay=smtp25.services.sfr.fr [93.17.128.118], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES256-SHA, bits=256/256 33842 Jan 10 18:41:18 icecube spfmilter: [27508] hello from smtp25.services.sfr.fr 33843 Jan 10 18:41:18 icecube spfmilter: [27508] mail from ('SIZE=25822', 'BODY=8BITMIME') 33844 Jan 10 18:41:18 icecube spfmilter: [27508] REJECT: SPF permerror 550 SPF Permanent Error: Unknown mechanism found 33845 Jan 10 18:41:18 icecube sm-mta[6885]: t0AHfHNM006885: Milter: from=, reject=550-5.5.2 SPF Permanent Error: Unknown mechanism found\r\n550-5.5.2 There is a fatal syntax error in the SPF record for sfr.fr\r\n550 5.5.2 We cannot accept mail from sfr.fr until this is corrected. 33846 Jan 10 18:41:18 icecube sm-mta[6885]: t0AHfHNM006885: from=, size=25822, class=0, nrcpts=0, bodytype=8BITMIME, proto=ESMTP, daemon=MTA-v4, relay=smtp25.services.sfr.fr [93.17.128.118] SPF Record: "v=spf1 ip4:93.17.128.0/24 ip4:160.92.187.254 ip4:160.92.187.251 ip4:160.92.187.226 include:spf.mandrillapp.com ?all " I did check their records against two SPF validators but I'm not sure whether their record is correct or not. One reports that the record is not correct : http://www.kitterman.com/spf/validate.html Results - PermError SPF Permanent Error: Unknown mechanism found Another one says it's all OK : http://mxtoolbox.com/domain/sfr.fr/?source=findmonitors At first sight this record looks correct except that it contains a trailing space at the end of the record. Is this against the RFC ? Specifications of my setup : root at icecube:~# uname -a Linux icecube.pnzone.net 3.16-3-amd64 #1 SMP Debian 3.16.5-1 (2014-10-10) x86_64 GNU/Linux root at icecube:~# cat /etc/issue.net Debian GNU/Linux 8 root at icecube:~# dpkg -l | grep spf-milter-python ii spf-milter-python 0.8.18-2 all RFC 4408 compliant SPF Milter for Sendmail and Postfix root at icecube:~# dpkg -l | grep ii\ \ python\ ii python 2.7.8-2 amd64 interactive high-level object-oriented language (default version) root at icecube:~# dpkg -l | grep sendmail\ \ ii sendmail 8.14.4-8 all powerful, efficient, and scalable Mail Transport Agent (metapackage) root at icecube:~# grep -v '#' /etc/spf-milter-python/spfmilter.cfg | grep -v "^;" | grep -v "^$" [milter] socketname = /var/run/spf-milter-python/spfmiltersock name = pyspffilter internal_connect = 127.0.0.1,192.168.0.0/16,10.0.0.0/8 untrapped_exception = CONTINUE [spf] access_file = /etc/mail/access.db root at icecube:~# grep spf /etc/mail/sendmail.mc INPUT_MAIL_FILTER(`spfmilter',`S=local:/var/run/spf-milter-python/spfmiltersock, T=S:8m;R:8m') Best Regards, Arnaud. From stuart at bmsi.com Mon Jan 12 16:55:10 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Mon, 12 Jan 2015 16:55:10 -0500 (EST) Subject: [Pymilter] Unknown mechanism found In-Reply-To: References: Message-ID: On Jan 10, Arnaud de Prelle transmitted in part: > At first sight this record looks correct except that it contains a trailing space at the end of the record. > Is this against the RFC ? Good question. I'll check the spec to see if trailing space is allowed, and add a test case either way. In any case, it is a silly thing for the publisher to do. From stuart at bmsi.com Mon Jan 12 17:01:42 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Mon, 12 Jan 2015 17:01:42 -0500 (EST) Subject: [Pymilter] Unknown mechanism found In-Reply-To: References: Message-ID: > At first sight this record looks correct except that it contains a trailing space at the end of the record. In the meantime, add an exception to your access file. E.g. SPF-PermError:sfr.fr OK From stuart at bmsi.com Mon Jan 12 17:12:35 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Mon, 12 Jan 2015 17:12:35 -0500 (EST) Subject: [Pymilter] Unknown mechanism found In-Reply-To: References: Message-ID: On Jan 12, Stuart D Gathman transmitted in part: > On Jan 10, Arnaud de Prelle transmitted in part: > >> At first sight this record looks correct except that it contains a >> trailing space at the end of the record. >> Is this against the RFC ? > > Good question. I'll check the spec to see if trailing space is allowed, > and add a test case either way. In any case, it is a silly thing for > the publisher to do. The top level syntax is: terms = *( 1*SP ( directive / modifier ) ) So yes, a trailing space is illegal, and sfr.fr should get a PermError. My in house system would also ban them because they do not accept mail to postmaster... (I'll probably add trimming the trailing space to the heuristics applied by pymilter to get a "best guess" result by guessing what publishers probably meant.) If everyone agrees, I'll add a test case to the test suite to ensure compliant implementations give the PermError. From stuart at bmsi.com Mon Jan 12 23:43:49 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Mon, 12 Jan 2015 23:43:49 -0500 (EST) Subject: [Pymilter] Unknown mechanism found In-Reply-To: References: Message-ID: On Jan 12, Stuart D Gathman transmitted in part: > On Jan 12, Stuart D Gathman transmitted in part: > >> On Jan 10, Arnaud de Prelle transmitted in part: >> >> > At first sight this record looks correct except that it contains a >> > trailing space at the end of the record. >> > Is this against the RFC ? >> >> Good question. I'll check the spec to see if trailing space is allowed, >> and add a test case either way. In any case, it is a silly thing for >> the publisher to do. > > The top level syntax is: > terms = *( 1*SP ( directive / modifier ) ) > > So yes, a trailing space is illegal, and sfr.fr should get a PermError. > My in house system would also ban them because they do not accept mail > to postmaster... > > (I'll probably add trimming the trailing space to the heuristics applied by > pymilter to get a "best guess" result by guessing > what publishers probably meant.) > > If everyone agrees, I'll add a test case to the test suite to ensure > compliant implementations give the PermError. Actually, the *really* top level syntax is in 4.5/2: record = version terms *SP So, trailing spaces *are* allowed. So upgrade to the latest released version of pyspf (2.0.11), and pyspf will allow trailing spaces. I've updated the test case to reference 4.5/2 of the spec and make sure trailing spaces *are* allowed. :-} From arnaud at pnzone.net Tue Jan 13 03:48:44 2015 From: arnaud at pnzone.net (Arnaud de Prelle) Date: Tue, 13 Jan 2015 09:48:44 +0100 Subject: [Pymilter] Unknown mechanism found In-Reply-To: References: Message-ID: On 2015-01-13 05:43, Stuart D Gathman wrote: > > Actually, the *really* top level syntax is in 4.5/2: > > record = version terms *SP > > So, trailing spaces *are* allowed. > > So upgrade to the latest released version of pyspf (2.0.11), and pyspf > will > allow trailing spaces. I've updated the test case to reference 4.5/2 > of > the spec and make sure trailing spaces *are* allowed. :-} Hi Stuart, Great ! I'll mangle my configuration as per your advice (SPF-PermError) until the new version gets pushed to Debian. Best Regards, Arnaud. From arnaud at pnzone.net Thu Jan 15 09:48:57 2015 From: arnaud at pnzone.net (Arnaud de Prelle) Date: Thu, 15 Jan 2015 15:48:57 +0100 Subject: [Pymilter] Unknown mechanism found (bis) Message-ID: <4f8b3262bfa4862ef2ff91684d9b6faf@pnzone.net> Dear list member, Another Permanent Error just popped up for an email coming from the domain @vyncke.org : Jan 15 14:22:38 icecube sm-mta[16147]: t0FDMc8T016147: Milter: from=, reject=550-5.5.2 SPF Permanent Error: Unknown mechanism found\r\n550-5.5.2 There is a fatal syntax error in the SPF record for vyncke.org\r\n550 5.5.2 We cannot accept mail from vyncke.org until this is corrected. Jan 15 14:22:38 icecube sm-mta[16147]: t0FDMc8T016147: from=, size=3019, class=0, nrcpts=0, proto=ESMTP, daemon=MTA-v6, relay=ks.vyncke.org [IPv6:2001:41d0:8:e1a2::1] Record : "v=spf1 ip4:139.165.0.0/16 ip4:87.98.177.174/32 ip4:91.121.200.122/32 ip4:178.32.222.162/32 ip4:217.70.178.0/24 ip6:2001:6a8:2d80::/48 ip6:2001:41D0:1:D17a::/64 ip6:2001:6f8:1468::/48 ip6:2a02:2788:20::/48 ip6:2001:41d0:8:e1a2::/64 include:edpnet.be -all" This time, both kitterman's validator and mxtoolbox's validator report it as correct : http://www.kitterman.com/spf/validate.html "SPF record passed validation test with pySPF (Python SPF library)!" http://mxtoolbox.com/domain/vyncke.org/?source=findmonitors This record contains consecutive space characters (2 times) & ip6 ranges. Same setup as the one reported in my previous report this week: http://spidey.bmsi.com/pipermail/pymilter/2015-January/000380.html Is it linked to the previous issue or is it linked to IPv6 entries ? Best Regards, Arnaud. From stuart at bmsi.com Fri Jan 16 18:01:11 2015 From: stuart at bmsi.com (Stuart D Gathman) Date: Fri, 16 Jan 2015 18:01:11 -0500 (EST) Subject: [Pymilter] Unknown mechanism found (bis) In-Reply-To: <4f8b3262bfa4862ef2ff91684d9b6faf@pnzone.net> References: <4f8b3262bfa4862ef2ff91684d9b6faf@pnzone.net> Message-ID: On Jan 15, Arnaud de Prelle transmitted in part: > This record contains consecutive space characters (2 times) & ip6 ranges. > > Same setup as the one reported in my previous report this week: > http://spidey.bmsi.com/pipermail/pymilter/2015-January/000380.html > Is it linked to the previous issue or is it linked to IPv6 entries ? It is the consecutive spaces. You need to update to pyspf-2.0.11. There is only one file, spf.py, so updating manually should be trivial if debian is not going to include it anytime soon. The /32 on the IP4 mechanisms is legal, but a waste of chars (as is the doubled spaces).