SPF fail with addr is not a string at

Issues related to applications and software problems
Post Reply
User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

SPF fail with addr is not a string at

Post by KernelOops » 2016/12/11 20:40:23

I'm using the script Aetolos as a virtual hosting tool. This enables and configures postfix+spamassassin, with spamassassin doing the SPF checking. Unfortunately, all SPF checks fail with the following errors:

Code: Select all

spamd[9683]: spamd: connection from localhost [::1]:59980 to port 783, fd 6
spamd[9683]: spamd: setuid to sa-milt succeeded
spamd[9683]: spamd: processing message <msgid@mail.gmail.com> for sa-milt:991
spamd[9683]: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.
spamd[9683]: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.
The above is part of postfix's postscreen process passing the incoming email to spamassassin-milter, which in turn passes it on to spamd that performs the SPF lookup. Asking around, it seems other distros do not have this issue.

Any suggestions please?
--
R.I.P. CentOS :cry:
--

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: SPF fail with addr is not a string at

Post by mghe » 2016/12/11 21:04:49

Aetolos generate config files for services, so you should ask in Aetolos about this problem first. It can be problem with predefined config.

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: SPF fail with addr is not a string at

Post by KernelOops » 2016/12/11 22:28:00

Well, apparently its a real bug and it has been marked as CLOSED ERRATA, here: https://bugzilla.redhat.com/show_bug.cgi?id=1200167

There is a custom perl-Socket rpm package which has a patch, so I'll give that a try.

What is interesting, is that this bug was documented about 2 years ago... so this whole time SPF and some other DNS queries have been broken and no one noticed? weird :? :geek:
--
R.I.P. CentOS :cry:
--

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: SPF fail with addr is not a string at

Post by KernelOops » 2016/12/11 22:40:11

I can confirm that the patched rpm from that bugzilla report solved my problem with SPF checking. :D
--
R.I.P. CentOS :cry:
--

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: SPF fail with addr is not a string at

Post by avij » 2016/12/11 22:48:05

You can get that package from CentOS as well with a yum update perl-Socket --enablerepo=cr

Once 7.3.1611 is released you can skip the "enablerepo" part, ie. a plain "yum update" will work.

Code: Select all

$ rpm -qp perl-Socket-2.010-4.el7.x86_64.rpm --changelog

* Thu Mar 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.010-4
- Fix calling getnameinfo on tainted value (bug #1200167)

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: SPF fail with addr is not a string at

Post by KernelOops » 2016/12/12 10:55:36

Thank you avij, it seems like the patch made it to centos 7.3, so that is good news.

What is interesting, is that the python SPF package is also broken, so centos 7.x has always had SPF broken for many years, no matter which of the two packages you used.

Is bug fixing in centos so... non existant? this makes me wonder how other packages are being maintained (or not).
--
R.I.P. CentOS :cry:
--

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: SPF fail with addr is not a string at

Post by avij » 2016/12/12 12:16:51

Reading through the bug report I get the impression that the bug could have been fixed earlier if someone had provided a way to reproduce the bug earlier. If someone who is responsible for fixing bugs can't reproduce the issue, it is fairly difficult to fix.

That said, CentOS ships what Red Hat ships, with the same bugs if any.

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: SPF fail with addr is not a string at

Post by KernelOops » 2016/12/12 17:00:23

How about reporting a bug to EPEL, is it the same situation?

The pypolicyd-spf package requires the python-pydns package and python-pydns has been broken in EPEL for many years.

Considering it took nearly 3 years to fix the perl-Socket package, I am a bit disheartened to open a bug report about python-pydns :|

Maybe in CentOS 8...
--
R.I.P. CentOS :cry:
--

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: SPF fail with addr is not a string at

Post by avij » 2016/12/12 17:41:24

The situation is the same in that EPEL bugs are also reported via bugzilla.redhat.com (against Fedora -> Fedora EPEL) but different in that EPEL packages are primarily community maintained.

I believe you are referring to this bug. Adding yourself to the Cc list may signal the package maintainer that this is a real bug that needs attention, and will also keep you updated of any progress that may happen.

That all said, EPEL is not affiliated with CentOS -- from the CentOS point of view EPEL is just one of the many third party repositories. CentOS 8 would only help in the situation if Red Hat decides to adopt the package from EPEL to RHEL 8 and decides to fix the bug in the process.

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: SPF fail with addr is not a string at

Post by KernelOops » 2016/12/12 18:03:02

Understood avij, thank you for the detailed explanation.

I could just ignore this whole thing and just patch my own live servers and move on, but I'd like to do the right thing and see if I can get the package fixed, so the community will benefit as a whole.
--
R.I.P. CentOS :cry:
--

Post Reply