CentOS

I'm using the script Aetolos as a virtual hosting tool. This enables and configures postfix+spamassassin, with spamassassin doing the SPF checking. Unfortunately, all SPF checks fail with the following errors:
The above is part of postfix's postscreen process passing the incoming email to spamassassin-milter, which in turn passes it on to spamd that performs the SPF lookup. Asking around, it seems other distros do not have this issue.

Any suggestions please?

Aetolos generate config files for services, so you should ask in Aetolos about this problem first. It can be problem with predefined config.

Well, apparently its a real bug and it has been marked as CLOSED ERRATA, here: https://bugzilla.redhat.com/show_bug.cgi?id=1200167

There is a custom perl-Socket rpm package which has a patch, so I'll give that a try.

What is interesting, is that this bug was documented about 2 years ago... so this whole time SPF and some other DNS queries have been broken and no one noticed? weird

I can confirm that the patched rpm from that bugzilla report solved my problem with SPF checking.

You can get that package from CentOS as well with a yum update perl-Socket --enablerepo=cr

Once 7.3.1611 is released you can skip the "enablerepo" part, ie. a plain "yum update" will work.

Thank you avij, it seems like the patch made it to centos 7.3, so that is good news.

What is interesting, is that the python SPF package is also broken, so centos 7.x has always had SPF broken for many years, no matter which of the two packages you used.

Is bug fixing in centos so... non existant? this makes me wonder how other packages are being maintained (or not).

Reading through the bug report I get the impression that the bug could have been fixed earlier if someone had provided a way to reproduce the bug earlier. If someone who is responsible for fixing bugs can't reproduce the issue, it is fairly difficult to fix.

That said, CentOS ships what Red Hat ships, with the same bugs if any.

How about reporting a bug to EPEL, is it the same situation?

The pypolicyd-spf package requires the python-pydns package and python-pydns has been broken in EPEL for many years.

Considering it took nearly 3 years to fix the perl-Socket package, I am a bit disheartened to open a bug report about python-pydns

Maybe in CentOS 8...

The situation is the same in that EPEL bugs are also reported via bugzilla.redhat.com (against Fedora -> Fedora EPEL) but different in that EPEL packages are primarily community maintained.

I believe you are referring to this bug. Adding yourself to the Cc list may signal the package maintainer that this is a real bug that needs attention, and will also keep you updated of any progress that may happen.

That all said, EPEL is not affiliated with CentOS -- from the CentOS point of view EPEL is just one of the many third party repositories. CentOS 8 would only help in the situation if Red Hat decides to adopt the package from EPEL to RHEL 8 and decides to fix the bug in the process.

Understood avij, thank you for the detailed explanation.

I could just ignore this whole thing and just patch my own live servers and move on, but I'd like to do the right thing and see if I can get the package fixed, so the community will benefit as a whole.