When receiving and parsing a mail which has an unqualified envelope-from, pypolicyd-spf generates the following backtrace: Aug 20 15:04:27 aaaaa policyd-spf[18616]: Permerror; identity=helo; client-ip=dd.ddd.dd.ddd; helo=aaaa.aa-aaa.aa; envelope-from=aaaaaa; receiver=aaaaaa.aaaaaaa@aaaaaaaa.aa Aug 20 15:04:27 aaaaa policyd-spf[18616]: Traceback (most recent call last): Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 420, in <module> Aug 20 15:04:27 aaaaa policyd-spf[18616]: instance_dict, configData) Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 343, in spfcheck Aug 20 15:04:27 aaaaa policyd-spf[18616]: mfrom_resultpolicy, local = get_resultcodes(configData, 'mfrom') Aug 20 15:04:27 aaaaa policyd-spf[18616]: File "/usr/bin/policyd-spf", line 122, in get_resultcodes Aug 20 15:04:27 aaaaa policyd-spf[18616]: if spf.domainmatch(reject_domain_list, sender_domain[1]): Aug 20 15:04:27 aaaaa policyd-spf[18616]: IndexError: list index out of range Addresses and IPs have been obfuscated (a for chars, d for digits). Not sure if this problem can be used for DDOS attacks. Feel free to mark as security vulnerability. Reproducible: Always
Please re-test with 0.8.1
