Bladeren bron

make sure SPF exception does not stop reply-phase

Son NK 5 jaren geleden
bovenliggende
commit
0add756654
1 gewijzigde bestanden met toevoegingen van 16 en 10 verwijderingen
  1. 16 10
      email_handler.py

+ 16 - 10
email_handler.py

@@ -475,19 +475,25 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
     mailb: Mailbox = Mailbox.get_by(email=mailbox_email)
     if ENFORCE_SPF and mailb.force_spf:
         if msg[_IP_HEADER]:
-            r = spf.check2(i=msg[_IP_HEADER], s=envelope.mail_from.lower(), h=None)
-            # TODO: Handle temperr case (e.g. dns timeout)
-            # only an absolute pass, or no SPF policy at all is 'valid'
-            if r[0] not in ["pass", "none"]:
+            try:
+                r = spf.check2(i=msg[_IP_HEADER], s=envelope.mail_from.lower(), h=None)
+            except Exception:
                 LOG.error(
-                    "SPF fail for mailbox %s, reason %s, failed IP %s",
-                    mailbox_email,
-                    r[0],
-                    msg[_IP_HEADER],
+                    "SPF error, mailbox %s, ip %s", mailbox_email, msg[_IP_HEADER]
                 )
-                return False, "451 SL E11"
+            else:
+                # TODO: Handle temperr case (e.g. dns timeout)
+                # only an absolute pass, or no SPF policy at all is 'valid'
+                if r[0] not in ["pass", "none"]:
+                    LOG.error(
+                        "SPF fail for mailbox %s, reason %s, failed IP %s",
+                        mailbox_email,
+                        r[0],
+                        msg[_IP_HEADER],
+                    )
+                    return False, "451 SL E11"
         else:
-            LOG.d(
+            LOG.warning(
                 "Could not find %s header %s -> %s", _IP_HEADER, mailbox_email, address,
             )