From nobody Tue Feb 4 11:13:23 2025 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YnLMW74G9z5mdZF for ; Tue, 04 Feb 2025 11:13:27 +0000 (UTC) (envelope-from SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YnLMV2pl1z3NyP for ; Tue, 04 Feb 2025 11:13:26 +0000 (UTC) (envelope-from SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=rw2 header.b=KhIaZy2I; spf=pass (mx1.freebsd.org: domain of "SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl" designates 194.109.157.24 as permitted sender) smtp.mailfrom="SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl"; dmarc=pass (policy=quarantine) header.from=klop.ws Date: Tue, 4 Feb 2025 12:13:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1738667604; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RgTnV1xs34juT+Q2Nrg0rYaylIL96+ptE+98q/YcqIg=; b=KhIaZy2INb6uJ/Ut6ZYgaCDEMcqFNXr9rNJlFpOmc5s2JgBaAy0k9PytUCWfUyuVziGJ9D QlTuOR4FCuBAPKX6OmUh2MlakrjBxFXXGJcT6735QXEXiSwAoSMDYrgsKhCjukzNu12cN0 d1kSGlBtAr4/mffmAmZEeRcOC9E4lMX7XKSICbl5JaHYjU8jm9Dry1+jJCbHpgPTU6gXB+ vHmLhLebNWwJxE12jvSRatIelgiWBlQRs/1m595TFR2uZ2OoJ6pLRsTorw20ftfpO8Nf3m ooTPjSnLtSbxttNKCYCovSy2MGWnkXGPw+MVZLk08dwPoWhcecaTF9cxZdscjA== From: Ronald Klop To: gessel@blackrosetech.com Cc: ports@FreeBSD.org Message-ID: <1690964969.4802.1738667603901@localhost> In-Reply-To: References: Subject: Re: FreeBSD Port: mail/py-spf-engine py311-pyspf-2.0.14_3 cryptography issue List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports@freebsd.org Sender: owner-freebsd-ports@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_4801_276753959.1738667603705" X-Mailer: Realworks (736.1) Importance: Normal X-Priority: 3 (Normal) X-Spamd-Result: default: False [-3.86 / 15.00]; RBL_SENDERSCORE_REPUT_9(-1.00)[194.109.157.24:from]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-0.76)[-0.758]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl]; R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24]; R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ONCE_RECEIVED(0.10)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[194.109.157.24:from]; FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=dVcS=U3=klop.ws=ronald-lists@realworks.nl]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; HAS_X_PRIO_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_NONE(0.00)[]; MLMMJ_DEST(0.00)[ports@FreeBSD.org]; DKIM_TRACE(0.00)[klop.ws:+] X-Spamd-Bar: --- X-Rspamd-Queue-Id: 4YnLMV2pl1z3NyP ------=_Part_4801_276753959.1738667603705 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Thanks for you work on this and reporting it. Does any of these issues match your case? https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=800076&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=mail%2Fpy-spf-engine&short_desc_type=allwordssubstr I noticed that the port does not have a maintainer. Personally I don't have time to dive into this, but I think it helps other committers if a Bugzilla issue exists with a clear patch attached. Regards, Ronald. Van: David Gessel Datum: donderdag, 30 januari 2025 15:05 Aan: ports@FreeBSD.org Onderwerp: FreeBSD Port: mail/py-spf-engine py311-pyspf-2.0.14_3 cryptography issue > > There seems to be a bug in mail/py-spf-engine that breaks mail delivery if the pkg-message instructions are followed and > > smtpd_recipient_restrictions = > ... > reject_unauth_destination > check_policy_service unix:private/policyd-spf > is added to main.cf. I get the following errors with the check_policy_service unix:private/policyd-spf enabled. > > pyspf-milter[9915]: prepend Authentication-Resultmailservuki; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=209.85.214.181; helo=mail-pl1-f181.google.com; envelope-from=dborg@gmail.com; receiver=) > postfix/smtp-in/smtpd[38681]: warning: missing attribute action in input from private/policyd-spf > postfix/spawn[38795]: warning: command /usr/local/bin/policyd-spf exit status 1 > postfix/smtp-in/smtpd[38681]: warning: missing attribute action in input from private/policyd-spf > postfix/smtp-in/smtpd[38681]: warning: problem talking to server private/policyd-spf: Application error > postfix/smtp-in/smtpd[38681]: NOQUEUE: reject: RCPT from mail-pl1-f181.google.com[209.85.214.181]: 451 4.3.5 : Recipient address rejected: Server configuration problem; from= to= proto=ESMTP helo= > postfix/spawn[38795]: warning: command /usr/local/bin/policyd-spf exit status 1 > If I comment out the policyd-spf smtpd_recipient_restriction, then mail is delivered properly without it. If I patch the file /usr/local/bin/spf.py-3.11 as follows: > > import struct # for pack() and unpack() > import time # for time() > ++ import os > ++ os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = '1' > try: > import urllib.parse as urllibparse # for quote() > and re-enable the smtpd_recipient_restriction, the error is resolved and mail is delivered. > > pyspf-milter[50096]: prepend Authentication-Resultmailservuki; none (SPF check N/A for local connections - client-ip=10.3.0.133; helo=server.domain.com; envelope-from=server@domain.com; receiver=) > postfix/smtp-in/smtpd[612]: 5925D8793: client=server.domain.com[10.3.0.133] > postfix/cleanup[622]: 5925D8793: message-id=<> > pyspf-milter[50096]: Authentication-Resultmailservuki; none (SPF check N/A for local connections - client-ip=10.3.0.133; helo=server.domain.com; envelope-from=server@domain.com; receiver=) > postfix/smtp-in/smtpd[612]: disconnect from server.domain.com[10.3.0.133] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > postfix/qmgr[99347]: 5925D8793: from=, size=694, nrcpt=1 (queue active) > postfix/pipe[637]: 5925D8793: to=, relay=dovecot, delay=0.09, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service) > postfix/qmgr[99347]: 5925D8793: removed > It seems like this might be a useful patch to the port, it isn't clear this impacts other operating systems or even all configurations of FreeBSD, but it has been necessary for me for both FreeBSD 13 and a fresh reinstall with FreeBSD 14.1. > > https://answers.launchpad.net/spf-engine/+question/818909 > > https://forums.freebsd.org/threads/pyspf-milter-service-silently-not-starting.95215/#post-674665 > ------=_Part_4801_276753959.1738667603705 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Thanks for you work on this and reporting it.

Does any of these issues match your case?

https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=800076&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=mail%2Fpy-spf-engine&short_desc_type=allwordssubstr

I noticed that the port does not have a maintainer.

Personally I don't have time to dive into this, but I think it helps other committers if a Bugzilla issue exists with a clear patch attached.

Regards,
Ronald.
 

Van: David Gessel <gessel@blackrosetech.com>
Datum: donderdag, 30 januari 2025 15:05
Aan: ports@FreeBSD.org
Onderwerp: FreeBSD Port: mail/py-spf-engine py311-pyspf-2.0.14_3 cryptography issue

There seems to be a bug in mail/py-spf-engine that breaks mail delivery if the pkg-message instructions are followed and

  smtpd_recipient_restrictions =
            ...
            reject_unauth_destination
            check_policy_service unix:private/policyd-spf

is added to main.cf.  I get the following errors with the check_policy_service unix:private/policyd-spf enabled.

pyspf-milter[9915]: prepend Authentication-Resultmailservuki; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=209.85.214.181; helo=mail-pl1-f181.google.com; envelope-from=dborg@gmail.com; receiver=<UNKNOWN>)
postfix/smtp-in/smtpd[38681]: warning: missing attribute action in input from private/policyd-spf
postfix/spawn[38795]: warning: command /usr/local/bin/policyd-spf exit status 1
postfix/smtp-in/smtpd[38681]: warning: missing attribute action in input from private/policyd-spf
postfix/smtp-in/smtpd[38681]: warning: problem talking to server private/policyd-spf: Application error
postfix/smtp-in/smtpd[38681]: NOQUEUE: reject: RCPT from mail-pl1-f181.google.com[209.85.214.181]: 451 4.3.5 <borg@domain.com>: Recipient address rejected: Server configuration problem; from=<dborg@gmail.com> to=<borg@domain.com> proto=ESMTP helo=<mail-pl1-f181.google.com>
postfix/spawn[38795]: warning: command /usr/local/bin/policyd-spf exit status 1

If I comment out the policyd-spf smtpd_recipient_restriction, then mail is delivered properly without it.  If I patch the file /usr/local/bin/spf.py-3.11 as follows:

import struct  # for pack() and unpack()
import time    # for time()
++ import os
++ os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = '1'
try:
    import urllib.parse as urllibparse # for quote()

and re-enable the smtpd_recipient_restriction, the error is resolved and mail is delivered.  

pyspf-milter[50096]: prepend Authentication-Resultmailservuki; none (SPF check N/A for local connections - client-ip=10.3.0.133; helo=server.domain.com; envelope-from=server@domain.com; receiver=<UNKNOWN>)
postfix/smtp-in/smtpd[612]: 5925D8793: client=server.domain.com[10.3.0.133]
postfix/cleanup[622]: 5925D8793: message-id=<>
pyspf-milter[50096]: Authentication-Resultmailservuki; none (SPF check N/A for local connections - client-ip=10.3.0.133; helo=server.domain.com; envelope-from=server@domain.com; receiver=<UNKNOWN>)
postfix/smtp-in/smtpd[612]: disconnect from server.domain.com[10.3.0.133] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
postfix/qmgr[99347]: 5925D8793: from=<server@domain.com>, size=694, nrcpt=1 (queue active)
postfix/pipe[637]: 5925D8793: to=<borg@domain.com>, relay=dovecot, delay=0.09, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
postfix/qmgr[99347]: 5925D8793: removed

It seems like this might be a useful patch to the port, it isn't clear this impacts other operating systems or even all configurations of FreeBSD, but it has been necessary for me for both FreeBSD 13 and a fresh reinstall with FreeBSD 14.1.

https://answers.launchpad.net/spf-engine/+question/818909

https://forums.freebsd.org/threads/pyspf-milter-service-silently-not-starting.95215/#post-674665


  ------=_Part_4801_276753959.1738667603705--