Bug#437361: python-policyd-spf: spf policy check fails when RCPT TO entered twice

daniel Sat, 11 Aug 2007 20:57:57 -0700

Package: python-policyd-spf
Version: 0.4-3
Severity: important


I entered the RCPT TO twice as below and it was accepted after the second 
entry. The email is obviously spoofed and SPF knows it.

$ netcat 10.10.10.213 25
220 mail.cacert.org ESMTP mailserver
EHLO  controlledmail.com
250-mail.cacert.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: [EMAIL PROTECTED]
250 2.1.0 Ok
RCPT TO: [EMAIL PROTECTED]
550 5.7.1 <[EMAIL PROTECTED]>: Recipient address rejected: Received-SPF: Fail 
(SPF fail - not authorized) Mail From client-ip=10.10.10.213; 
helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL PROTECTED];
RCPT TO: [EMAIL PROTECTED]
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
this worked
..
250 2.0.0 Ok: queued as 4CDC1232A7


My postfix config includes:
main.cf
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_tls_clientcerts
        reject_unauth_destination
        check_policy_service unix:private/policyd-spf
                                 
master.cf
        policyd-spf  unix  -       n       n       -       0       spawn
        user=nobody argv=/usr/bin/python /usr/bin/policyd-spf 
/etc/python-policyd-spf/policyd-spf.conf


# grep ^[^#] /etc/python-policyd-spf/policyd-spf.conf
debugLevel = 4
defaultSeedOnly = 1
HELO_reject = No_Check
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False


/var/log/mail.log
Aug 12 03:29:32 mail policyd-spf[31138]: Starting
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"request=smtpd_access_policy"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "protocol_state=RCPT"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "protocol_name=ESMTP"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"client_address=10.10.10.213"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"client_name=mail.cacert.org"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"reverse_client_name=mail.cacert.org"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"helo_name=controlledmail.com"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "recipient_count=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "queue_id="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: 
"instance=7996.46be7e92.4a33.0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "size=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "etrn_domain="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_method="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_username="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "sasl_sender="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_subject="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_issuer="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "ccert_fingerprint="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_protocol="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_cipher="
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: "encryption_keysize=0"
Aug 12 03:29:32 mail policyd-spf[31138]: Read line: ""
Aug 12 03:29:32 mail policyd-spf[31138]: Found the end of entry
Aug 12 03:29:32 mail policyd-spf[31138]: Config: {'Mail_From_reject': 'Fail', 
'PermError_reject': 'False', 'HELO_reject': 'No_Check', 'defaultSeedOnly': 1, 
'debugLevel': 4, 'TempError_Defer': 'False'}
Aug 12 03:29:32 mail policyd-spf[31138]: spfcheck: pyspf result: "['fail', 'SPF 
fail - not authorized', 'Mail From']"
Aug 12 03:29:32 mail policyd-spf[31138]: SPF fail - not authorized:Mail From 
client-ip=10.10.10.213; helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL 
PROTECTED];
Aug 12 03:29:32 mail postfix/smtpd[31126]: NOQUEUE: reject: RCPT from 
mail.cacert.org[10.10.10.213]: 550 5.7.1 <[EMAIL PROTECTED]>: Recipient address 
rejected: Received-SPF: Fail (SPF fail - not authorized) Mail From 
client-ip=10.10.10.213; helo=controlledmail.com; [EMAIL PROTECTED]; [EMAIL 
PROTECTED]; ; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP 
helo=<controlledmail.com>


Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"request=smtpd_access_policy"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "protocol_state=RCPT"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "protocol_name=ESMTP"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"client_address=10.10.10.213"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"client_name=mail.cacert.org"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"reverse_client_name=mail.cacert.org"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"helo_name=controlledmail.com"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "[EMAIL PROTECTED]"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "recipient_count=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "queue_id="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: 
"instance=7996.46be7e92.4a33.0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "size=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "etrn_domain="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_method="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_username="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "sasl_sender="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_subject="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_issuer="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "ccert_fingerprint="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_protocol="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_cipher="
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: "encryption_keysize=0"
Aug 12 03:29:36 mail policyd-spf[31138]: Read line: ""
Aug 12 03:29:36 mail policyd-spf[31138]: Found the end of entry
Aug 12 03:29:36 mail policyd-spf[31138]: Config: {'Mail_From_reject': 'Fail', 
'PermError_reject': 'False', 'HELO_reject': 'No_Check', 'defaultSeedOnly': 1, 
'debugLevel': 4, 'TempError_Defer': 'False'}
Aug 12 03:29:36 mail postfix/smtpd[31126]: 4CDC1232A7: 
client=mail.cacert.org[10.10.10.213]
Aug 12 03:29:48 mail postfix/cleanup[31139]: 4CDC1232A7: message-id=<[EMAIL 
PROTECTED]>
Aug 12 03:29:48 mail postfix/qmgr[30221]: 4CDC1232A7: from=<[EMAIL PROTECTED]>, 
size=397, nrcpt=1 (queue active)
Aug 12 03:29:48 mail postfix/local[31140]: warning: database /etc/aliases.db is 
older than source file /etc/aliases
Aug 12 03:29:48 mail postfix/local[31140]: 4CDC1232A7: to=<[EMAIL PROTECTED]>, 
relay=local, delay=26, delays=26/0.01/0/0.06, dsn=2.0.0, status=sent (delivered 
to mailbox)
Aug 12 03:29:48 mail postfix/qmgr[30221]: 4CDC1232A7: removed





-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20-vs2.2.0-gentoo
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages python-policyd-spf depends on:
ii  python                        2.4.4-2    An interactive high-level object-o
ii  python-spf                    2.0.3-2    sender policy framework (SPF) modu
ii  python-support                0.5.6      automated rebuilding support for p

Versions of packages python-policyd-spf recommends:
ii  postfix                       2.3.8-2    A high-performance mail transport 

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#437361: python-policyd-spf: spf policy check fails when RCPT TO entered twice

Reply via email to