From stuart at gathman.org Fri Nov 10 18:15:51 2017 From: stuart at gathman.org (Stuart Gathman) Date: Fri, 10 Nov 2017 18:15:51 -0500 Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> Message-ID: <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> On 11/10/2017 05:11 PM, David Friedlander wrote: > > OK, i have been able to get pysrs working properly with sendmail > SOCKETMAP support (a couple of weeks ago, actually).? However, it does > not work for me with milter. (I keep getting timeouts from sendmail.) > Is there a compelling reason why I should prefer milter if I have a > functioning setup with socketmap, security or otherwise? The pysrs socketmap just adds the SRS encoding to outgoing localparts.? Now you want to do the reverse for RCPT TO on incoming emails.? MAIL FROM <> where the RCPT TO does not have SRS should be rejected.? Invalid SRS should be rejected.? By "milter", do you mean my all singing, all dancing, hopeless feature creep bms milter?? I just got that working on EL7 with pysrs, and updated github on Nov 8 (rpms at https://gathman.org/linux/el7).? I was thinking we need srsmilter, just like we now have spfmilter and dkim-milter - for when you just want to do that one thing.? It is almost certainly possible to do the reverse SRS logic in sendmail cf also (it *is* turing complete), using the same socketmap to do the reversals (or leaving the RCPT TO unchanged) - but it would be easier for me to just write that srsmilter. It is *almost* possible to do the forward SRS in milter instead of sendmail cf using the CHGFROM milter API.? However, milters cannot fully handle the case of multiple recipients with different SRS policies (some recipients are not RFC compliant and barf on perfectly valid localpart chars) - you cannot CHGFROM independently for each recipient, as it can only be called from the eom() callback.? That is why the forward map is done via sendmail cf with a socketmap. From david.p.friedlander at nasa.gov Mon Nov 13 10:28:27 2017 From: david.p.friedlander at nasa.gov (David Friedlander) Date: Mon, 13 Nov 2017 10:28:27 -0500 Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> Message-ID: Good morning, and thanks so much for your message on Friday. On 11/10/17 6:15 PM, Stuart Gathman wrote: > On 11/10/2017 05:11 PM, David Friedlander wrote: >> OK, i have been able to get pysrs working properly with sendmail >> SOCKETMAP support (a couple of weeks ago, actually).? However, it does >> not work for me with milter. (I keep getting timeouts from sendmail.) >> Is there a compelling reason why I should prefer milter if I have a >> functioning setup with socketmap, security or otherwise? What works for me: http://bmsi.com/python/pysrs.html What was not working for me was the combination of sendmail: mc file: INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pysrs.sock') and running "pysrs.py" as the other end of the socket. Now, in preparing to write back to you this morning, I was trying to hunt down where I saw it documented to run pysrs.py as the milter script, but could not lay my hands on it.? Does that mean I am wrong/misunderstood something?? I have been running pysrs.py as a non-root user (from /etc/init.d) so that sendmail would have something to talk to.? Should I have been running srsmilter.py instead? Overall, do I understand you correctly that I should be running _both_ the milter and the socketmap instantiations, because they do different things (outgoing vs incoming)? Thanks for your help and your patience! David > The pysrs socketmap just adds the SRS encoding to outgoing localparts. > Now you want to do the reverse for RCPT TO on incoming emails.? MAIL > FROM <> where the RCPT TO does not have SRS should be rejected.? Invalid > SRS should be rejected. > > By "milter", do you mean my all singing, all dancing, hopeless feature > creep bms milter?? I just got that working on EL7 with pysrs, and > updated github on Nov 8 (rpms at https://gathman.org/linux/el7).? I was > thinking we need srsmilter, just like we now have spfmilter and > dkim-milter - for when you just want to do that one thing. > > It is almost certainly possible to do the reverse SRS logic in sendmail > cf also (it *is* turing complete), using the same socketmap to do the > reversals (or leaving the RCPT TO unchanged) - but it would be easier > for me to just write that srsmilter. > > It is *almost* possible to do the forward SRS in milter instead of > sendmail cf using the CHGFROM milter API.? However, milters cannot fully > handle the case of multiple recipients with different SRS policies (some > recipients are not RFC compliant and barf on perfectly valid localpart > chars) - you cannot CHGFROM independently for each recipient, as it can > only be called from the eom() callback.? That is why the forward map is > done via sendmail cf with a socketmap. > From stuart at gathman.org Mon Nov 13 11:29:24 2017 From: stuart at gathman.org (Stuart Gathman) Date: Mon, 13 Nov 2017 11:29:24 -0500 Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> Message-ID: <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> On 11/13/2017 10:28 AM, David Friedlander wrote: > What was not working for me was the combination of sendmail: > > mc file: > INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pysrs.sock') > and running "pysrs.py" as the other end of the socket. That's because pysrs.py is a socketmap daemon, *not* a milter.? That explains your timeout. > > Overall, do I understand you correctly that I should be running _both_ > the milter and the socketmap instantiations, because they do different > things (outgoing vs incoming)? Yes, they both do different things. Currently, the milter package (https://github.com/sdgathman/milter) provides bms.py, the all singing all dancing do lots of authentication things milter - and that is my only implementation of rejecting incoming DSNs that lack an SRS signature.? You should be able to use it leaving the other features disabled.? It (rejecting DNS sans SRS) could be done via sendmail-cf and the socketmap, but I am not good enough with the cf language. I'll attempt to whip out an srsmilter.py that only does incoming SRS - and let you try it out. From david.p.friedlander at nasa.gov Mon Nov 13 14:19:04 2017 From: david.p.friedlander at nasa.gov (David Friedlander) Date: Mon, 13 Nov 2017 14:19:04 -0500 Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> Message-ID: On 11/13/17 11:29 AM, Stuart Gathman wrote: > On 11/13/2017 10:28 AM, David Friedlander wrote: >> What was not working for me was the combination of sendmail: >> >> mc file: >> INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pysrs.sock') >> and running "pysrs.py" as the other end of the socket. > That's because pysrs.py is a socketmap daemon, *not* a milter.? That > explains your timeout. Yes, that would do it. :-) >> Overall, do I understand you correctly that I should be running _both_ >> the milter and the socketmap instantiations, because they do different >> things (outgoing vs incoming)? > Yes, they both do different things. > > Currently, the milter package (https://github.com/sdgathman/milter) > provides bms.py, the all singing all dancing do lots of authentication > things milter - and that is my only implementation of rejecting incoming > DSNs that lack an SRS signature.? You should be able to use it leaving > the other features disabled.? It (rejecting DNS sans SRS) could be done > via sendmail-cf and the socketmap, but I am not good enough with the cf > language. > > I'll attempt to whip out an srsmilter.py that only does incoming SRS - > and let you try it out. What is the srsmilter.py included with the pysrs distribution? : -rwxrwxr-x. 1 902 101 8471 Apr 26? 2011 /usr/local/pysrs-1.0/srsmilter.py On your page ??? http://bmsi.com/python/pysrs.html you have the line ??? HACK(`pysrs',`/var/run/milter/pysrs')dnl If (as per your above comments) this is a socketmap and not a genuine milter, may I respectfully suggest that defining the socket in /var/run/milter/ is quite confusing? So, if I run both the socketmap pysrs and some sort of SRS milter (bms.py or srsmilter.py), I would naturally need to define them on different sockets to avoid clashes, correct? Thanks again, David From stuart at gathman.org Mon Nov 13 16:34:26 2017 From: stuart at gathman.org (Stuart D. Gathman) Date: Mon, 13 Nov 2017 16:34:26 -0500 (EST) Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> Message-ID: On Mon, 13 Nov 2017, David Friedlander wrote: >> I'll attempt to whip out an srsmilter.py that only does incoming SRS - >> and let you try it out. > What is the srsmilter.py included with the pysrs distribution? : I'd forgotten about that. That is the attempt to do outgoing SRS using the CHGFROM milter api. The milter api semantics don't handle multiple recipients with CHGFROM very well (any change affects all recipients). > If (as per your above comments) this is a socketmap and not a genuine milter, > may I respectfully suggest that defining the socket in /var/run/milter/ is > quite confusing? It's generally run with a milter. It's only a socketmap because milter semantics don't handle multiple recipients well. > So, if I run both the socketmap pysrs and some sort of SRS milter (bms.py or > srsmilter.py), I would naturally need to define them on different sockets to > avoid clashes, correct? Yes -- Stuart D. Gathman "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From stuart at gathman.org Mon Nov 13 16:45:29 2017 From: stuart at gathman.org (Stuart D. Gathman) Date: Mon, 13 Nov 2017 16:45:29 -0500 (EST) Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> Message-ID: On Mon, 13 Nov 2017, Stuart D. Gathman wrote: > On Mon, 13 Nov 2017, David Friedlander wrote: >> What is the srsmilter.py included with the pysrs distribution? : > > I'd forgotten about that. That is the attempt to do outgoing SRS using > the CHGFROM milter api. The milter api semantics don't handle multiple > recipients with CHGFROM very well (any change affects all recipients). I'm looking it over, and srsmilter is very close, if not already there, to what you need. Let me test it on a small system. All we need to do is disable doing srs on outgoing connections (letting cf+socketmap do that). I think that happens just by not defining any srs domains! I'll change it to use the same config as pysrs.py and update the sample config. It should even work for outgoing srs if you don't care about working around broken recipients. -- Stuart D. Gathman "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From stuart at gathman.org Mon Nov 13 22:21:39 2017 From: stuart at gathman.org (Stuart D. Gathman) Date: Mon, 13 Nov 2017 22:21:39 -0500 (EST) Subject: [Pymilter] SRS documentation on sendmail: broken links In-Reply-To: References: <3148be89-af2a-8758-a5eb-772250336c16@nasa.gov> <5fa57cba-2eba-1d52-07e8-c330c9529028@gathman.org> <6b6579be-d4e4-0b52-72d5-c92f19404844@nasa.gov> <7a435d14-7304-2771-8757-d5aaa7d746a9@gathman.org> <0f0f066d-bc19-2b3d-9e13-0fd7eca7c07e@gathman.org> Message-ID: On Mon, 13 Nov 2017, Stuart D. Gathman wrote: > On Mon, 13 Nov 2017, Stuart D. Gathman wrote: > >> On Mon, 13 Nov 2017, David Friedlander wrote: >>> What is the srsmilter.py included with the pysrs distribution? : > > I'm looking it over, and srsmilter is very close, if not already there, > to what you need. Let me test it on a small system. All we need to do > is disable doing srs on outgoing connections (letting cf+socketmap do > that). I think that happens just by not defining any srs domains! > > I'll change it to use the same config as pysrs.py and update the sample > config. It should even work for outgoing srs if you don't care about > working around broken recipients. I tweaked srsmilter, made calling chgfrom a config option (so you can do everything with the milter if you want), created a systemd service for srsmilter, added test cases that exercise basic operation of srsmilter, built rpms for EL7 and am running srsmilter with pysrs on a small mail system - seems to work. I tagged pysrs-1.0.3 and pushed to github. Give it a try and let me know how it goes. If you don't have rpm, I'll have to update instructions. -- Stuart D. Gathman "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From nagy.attila at gmail.com Mon Nov 20 07:24:22 2017 From: nagy.attila at gmail.com (Attila Nagy) Date: Mon, 20 Nov 2017 13:24:22 +0100 Subject: [Pymilter] pymilter dies on IPv6 addresses Message-ID: Hi, Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 address. An easy way to reproduce this is to add: smtpd_authorized_xclient_hosts = 127.0.0.0/8 to postfix main.cf and then do the following: $ nc localhost 25 220 localhost ESMTP Postfix XCLIENT ADDR=IPV6:::1 pymilter dies with: Segmentation fault (core dumped) postfix logs this: warning: milter unix:/tmp/milter.sock: can't read SMFIC_CONNECT reply packet header: No error: 0 gdb says: #0 strlen (str=0xffffffffdf3f9d40
) at /usr/src/lib/libc/string/strlen.c:100 -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Mon Nov 20 11:54:37 2017 From: stuart at gathman.org (Stuart Gathman) Date: Mon, 20 Nov 2017 11:54:37 -0500 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: Message-ID: <0d3ac5c4-c5d8-94bd-1d82-854492f6984c@gathman.org> This seems to be a postfix problem, as it does not happen with sendmail - indeed on my servers most mail traffic is IPv6.?? EL7 has postfix 2.10, do you know if it has the problem?? I'll try in a bit.? What version of pymilter?? Possibly, postfix passes the args to the connect callback slightly differently than sendmail, and there may be a work around we could do in pymilter. Your traceback needs to include a function within miltermodule.c to be useful.? It is unlikely that strlen is the problem. On 11/20/2017 07:24 AM, Attila Nagy wrote: > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 > address. > An easy way to reproduce this is to add: > smtpd_authorized_xclient_hosts = 127.0.0.0/8 > to postfix main.cf > and then do the following: > $ nc localhost 25 > 220 localhost ESMTP Postfix > XCLIENT ADDR=IPV6:::1 > > pymilter dies with: > Segmentation fault (core dumped) > > postfix logs this: > warning: milter unix:/tmp/milter.sock: can't read SMFIC_CONNECT reply > packet header: No error: 0 > > gdb says: > #0? strlen (str=0xffffffffdf3f9d40
bounds>) > ??? at /usr/src/lib/libc/string/strlen.c:100 -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Tue Nov 21 00:02:03 2017 From: stuart at gathman.org (Stuart Gathman) Date: Tue, 21 Nov 2017 00:02:03 -0500 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: Message-ID: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> On 11/20/2017 07:24 AM, Attila Nagy wrote: > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 > address. What python milter are you running? From nagy.attila at gmail.com Tue Nov 21 02:54:16 2017 From: nagy.attila at gmail.com (Attila Nagy) Date: Tue, 21 Nov 2017 08:54:16 +0100 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> References: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> Message-ID: 1.0 (installed with pip) On 21 November 2017 at 06:02, Stuart Gathman wrote: > On 11/20/2017 07:24 AM, Attila Nagy wrote: > > > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 > > address. > What python milter are you running? > _______________________________________________ > Pymilter mailing list > Pymilter at gathman.org > https://gathman.org/mailman/listinfo/pymilter > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nagy.attila at gmail.com Tue Nov 21 02:56:28 2017 From: nagy.attila at gmail.com (Attila Nagy) Date: Tue, 21 Nov 2017 08:56:28 +0100 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: <0d3ac5c4-c5d8-94bd-1d82-854492f6984c@gathman.org> References: <0d3ac5c4-c5d8-94bd-1d82-854492f6984c@gathman.org> Message-ID: Sorry, this is the full backtrace which gdb gives: (gdb) bt #0 strlen (str=0xffffffffdf3f9d40
) at /usr/src/lib/libc/string/strlen.c:100 #1 0x0000000800ae2ae7 in PyString_FromString () from /usr/local/lib/libpython2.7.so.1 #2 0x0000000805a760a7 in milter_wrap_connect () from /usr/local/lib/python2.7/site-packages/milter.so #3 0x0000000805c82c7b in mi_sendok () from /usr/local/lib/libmilter.so.6 #4 0x0000000805c81bc5 in mi_engine () from /usr/local/lib/libmilter.so.6 #5 0x0000000805c84d11 in mi_start_session () from /usr/local/lib/libmilter.so.6 #6 0x000000080082ac35 in thread_start (curthread=0x801d9d800) at /usr/src/lib/libthr/thread/thr_create.c:289 #7 0x0000000000000000 in ?? () On 20 November 2017 at 17:54, Stuart Gathman wrote: > This seems to be a postfix problem, as it does not happen with sendmail - > indeed on my servers most mail traffic is IPv6. EL7 has postfix 2.10, do > you know if it has the problem? I'll try in a bit. What version of > pymilter? > > Possibly, postfix passes the args to the connect callback slightly > differently than sendmail, and there may be a work around we could do in > pymilter. > > Your traceback needs to include a function within miltermodule.c to be > useful. It is unlikely that strlen is the problem. > > On 11/20/2017 07:24 AM, Attila Nagy wrote: > > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 > address. > An easy way to reproduce this is to add: > smtpd_authorized_xclient_hosts = 127.0.0.0/8 > to postfix main.cf > and then do the following: > $ nc localhost 25 > 220 localhost ESMTP Postfix > XCLIENT ADDR=IPV6:::1 > > pymilter dies with: > Segmentation fault (core dumped) > > postfix logs this: > warning: milter unix:/tmp/milter.sock: can't read SMFIC_CONNECT reply > packet header: No error: 0 > > gdb says: > #0 strlen (str=0xffffffffdf3f9d40
bounds>) > at /usr/src/lib/libc/string/strlen.c:100 > > > _______________________________________________ > Pymilter mailing list > Pymilter at gathman.org > https://gathman.org/mailman/listinfo/pymilter > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Tue Nov 21 12:30:51 2017 From: stuart at gathman.org (Stuart Gathman) Date: Tue, 21 Nov 2017 12:30:51 -0500 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> Message-ID: On 11/21/2017 02:54 AM, Attila Nagy wrote: > 1.0 (installed with pip) > > On 21 November 2017 at 06:02, Stuart Gathman > wrote: > > On 11/20/2017 07:24 AM, Attila Nagy wrote: > > > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 > > address. > What python milter are you running? > What I mean't was, pymilter is a library.? To use with postfix or sendmail, you use a milter written in python that uses the library.? What actually milter are you using?? sample.py ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Tue Nov 21 12:41:59 2017 From: stuart at gathman.org (Stuart Gathman) Date: Tue, 21 Nov 2017 12:41:59 -0500 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: <0d3ac5c4-c5d8-94bd-1d82-854492f6984c@gathman.org> Message-ID: <220e31d6-924a-a5e2-624a-d7cb14b18693@gathman.org> On 11/21/2017 02:56 AM, Attila Nagy wrote: > Sorry, this is the full backtrace which gdb gives: > (gdb) bt > #0? strlen (str=0xffffffffdf3f9d40
bounds>) > ??? at /usr/src/lib/libc/string/strlen.c:100 > #1? 0x0000000800ae2ae7 in PyString_FromString () > ?? from /usr/local/lib/libpython2.7.so.1 > #2? 0x0000000805a760a7 in milter_wrap_connect () > ?? from /usr/local/lib/python2.7/site-packages/milter.so So, it looks like postfix/libmilter is passing some garbage for hostname.? Here is the API: ? http://pythonhosted.org/pymilter/milter_api/xxfi_connect.html I'm not sure how we can detect that to work around it.? Possibly the libmilter you are using is the problem.? Are you using libmilter from postfix?? Or from sendmail??? Try using libmilter from sendmail.? It should still work with postfix. From c at roessner.co Wed Nov 22 06:10:16 2017 From: c at roessner.co (=?utf-8?B?Q2hyaXN0aWFuIFLDtsOfbmVy?=) Date: Wed, 22 Nov 2017 12:10:16 +0100 Subject: [Pymilter] Is Pymilter 1.0.2 python 3 ready? Message-ID: Hi, subject is already my question :) I am planning on a new milter project and would love to use Py-3.4 instead of Py-2.7. Does it already work? Thanks very much Christian -- R??ner-Network-Solutions Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner-network-solutions.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3032 bytes Desc: not available URL: From nagy.attila at gmail.com Wed Nov 22 06:21:21 2017 From: nagy.attila at gmail.com (Attila Nagy) Date: Wed, 22 Nov 2017 12:21:21 +0100 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> Message-ID: Oh, pymilter is linked against libmilter 8.15.2: https://www.freshports.org/mail/libmilter/ On 21 November 2017 at 18:30, Stuart Gathman wrote: > On 11/21/2017 02:54 AM, Attila Nagy wrote: > > 1.0 (installed with pip) > > On 21 November 2017 at 06:02, Stuart Gathman wrote: > >> On 11/20/2017 07:24 AM, Attila Nagy wrote: >> >> > Pymilter segfaults when I try to connect to postfix (3.2) from an IPv6 >> > address. >> What python milter are you running? > > What I mean't was, pymilter is a library. To use with postfix or > sendmail, you use a milter written in python that uses the library. What > actually milter are you using? sample.py ? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Wed Nov 22 09:13:35 2017 From: stuart at gathman.org (Stuart D. Gathman) Date: Wed, 22 Nov 2017 09:13:35 -0500 (EST) Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> Message-ID: On Wed, 22 Nov 2017, Attila Nagy wrote: > Oh, pymilter is linked against libmilter 8.15.2: > https://www.freshports.org/mail/libmilter/ Ah, you are using BSD. I see in my FAQ that BSD unix domain sockets are incompatible with libmilter. You have to use an internet domain socket. The FAQ says that OpenBSD claims to have fixed this, but it is worth a shot to switch to an inet socket. -- Stuart D. Gathman "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. From nagy.attila at gmail.com Wed Nov 22 09:17:03 2017 From: nagy.attila at gmail.com (Attila Nagy) Date: Wed, 22 Nov 2017 15:17:03 +0100 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: References: <40ff0707-bb92-f54c-772a-e92aa64635a1@gathman.org> Message-ID: WTF. It would be great to see what is this. Do you have any other info maybe? Thanks. On 22 November 2017 at 15:13, Stuart D. Gathman wrote: > On Wed, 22 Nov 2017, Attila Nagy wrote: > > Oh, pymilter is linked against libmilter 8.15.2: >> https://www.freshports.org/mail/libmilter/ >> > > Ah, you are using BSD. I see in my FAQ that BSD unix domain sockets > are incompatible with libmilter. You have to use an internet domain > socket. The FAQ says that OpenBSD claims to have fixed this, but > it is worth a shot to switch to an inet socket. > > -- > Stuart D. Gathman > "Confutatis maledictis, flamis acribus addictis" - background song for > a Microsoft sponsored "Where do you want to go from here?" commercial. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at gathman.org Wed Nov 22 09:19:16 2017 From: stuart at gathman.org (Stuart Gathman) Date: Wed, 22 Nov 2017 09:19:16 -0500 Subject: [Pymilter] Is Pymilter 1.0.2 python 3 ready? In-Reply-To: References: Message-ID: <91a5ed8a-9973-c57f-9e31-c978058a7f5e@gathman.org> On 11/22/2017 06:10 AM, Christian R??ner wrote: > Hi, > > subject is already my question :) > > I am planning on a new milter project and would love to use Py-3.4 instead of Py-2.7. Does it already work? > > Thanks very much > > Christian It works for test cases and in test environments.? I do not have it running with python3 on any production servers yet.? Use with caution.? I still have a few subprojects that need python3 work before I can deploy in production, e.g. pydspam. Packaging note:? The build process needs to apply milter.patch to convert miltermodule.c to python3 conventions.? I like having a single source for both python versions. From stuart at gathman.org Wed Nov 22 09:52:45 2017 From: stuart at gathman.org (Stuart Gathman) Date: Wed, 22 Nov 2017 09:52:45 -0500 Subject: [Pymilter] pymilter dies on IPv6 addresses In-Reply-To: <220e31d6-924a-a5e2-624a-d7cb14b18693@gathman.org> References: <0d3ac5c4-c5d8-94bd-1d82-854492f6984c@gathman.org> <220e31d6-924a-a5e2-624a-d7cb14b18693@gathman.org> Message-ID: So, it is strange that the backtrace doesn't show Py_BuildValue.? The call to Py_BuildValue is varargs, which can cause portability problems.? The call for IP6 connections has two additional arguments - both long: flowinfo and scope_id.? Generally, C compilers push the last args first, so if there was some problem with the two extra args, it would not affect parsing the preceding ones.? But there could be something different on BSD where a cast is needed on flowinfo and scope_id to prevent shifting offsets of earlier args. I don't give this a high likelihood, because the address of hostname in the backtrace looks like a reasonable stack address.? Does BSD put the stack near the end of the virtual address space like that? case AF_INET6: { struct sockaddr_in6 *sa = (struct sockaddr_in6 *)hostaddr; PyObject *ip6addr_obj = makeip6addr(sa); long scope_id = 0; #ifdef HAVE_IPV6_RFC2553 scope_id = ntohl(sa->sin6_scope_id); #endif arglist = Py_BuildValue("(Osh(Oiii))", c, hostname, hostaddr->sa_family, ip6addr_obj, ntohs(sa->sin6_port), ntohl(sa->sin6_flowinfo), scope_id); Py_DECREF(ip6addr_obj); } break; On 11/21/2017 12:41 PM, Stuart Gathman wrote: > On 11/21/2017 02:56 AM, Attila Nagy wrote: >> Sorry, this is the full backtrace which gdb gives: >> (gdb) bt >> #0? strlen (str=0xffffffffdf3f9d40
> bounds>) >> ??? at /usr/src/lib/libc/string/strlen.c:100 >> #1? 0x0000000800ae2ae7 in PyString_FromString () >> ?? from /usr/local/lib/libpython2.7.so.1 >> #2? 0x0000000805a760a7 in milter_wrap_connect () >> ?? from /usr/local/lib/python2.7/site-packages/milter.so > So, it looks like postfix/libmilter is passing some garbage for > hostname.? Here is the API: > > ? http://pythonhosted.org/pymilter/milter_api/xxfi_connect.html >