search

ValiMail / authentication-headers

library for the generation of email authentication headers
Other
16 stars 4 forks source link

IndexError: list index out of range when checking dmarc for certain dmarc records. #27

Closed msapiro closed 9 months ago

msapiro commented 10 months ago

This is similar to #26, but in this case the invalid DMARC record is v=DMARC1;p=none;pct=100;rua=mailto:postmaster@somenet.org;mailto:postmaster@somenet.org;ri=3600;fo=1;. This record is invalid because it contains a field missing the tag= portion, i.e., ;mailto:postmaster@somenet.org should be something like ;ruf=mailto:postmaster@somenet.org but ruf= is missing.

This results in

Dec 22 04:54:28 2023 (28) Traceback (most recent call last):
   File "/usr/lib/python3.10/site-packages/mailman/core/runner.py", line 179, in _one_iteration
   self._process_one_file(msg, msgdata)
File "/usr/lib/python3.10/site-packages/mailman/core/runner.py", line 272, in _process_one_file
   keepqueued = self._dispose(mlist, msg, msgdata)
File "/usr/lib/python3.10/site-packages/mailman/runners/pipeline.py", line 37, in _dispose process(mlist, msg, msgdata, pipeline)
File "/usr/lib/python3.10/site-packages/mailman/core/pipelines.py", line 53, in process
   handler.process(mlist, msg, msgdata)
File "/usr/lib/python3.10/site-packages/mailman/handlers/validate_authenticity.py", line 125, in process
   authenticate(msg, msgdata)
File "/usr/lib/python3.10/site-packages/mailman/utilities/retry.py", line 44, in f_retry
   return f(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/mailman/handlers/validate_authenticity.py", line 93, in authenticate
   auth_result = authenticate_message(
File "/usr/lib/python3.10/site-packages/authheaders/__init__.py", line 395, in authenticate_message
   dmarc_result = check_dmarc(msg, spf_result, dkim_result, dnsfunc=dnsfunc, psddmarc=psddmarc)
File "/usr/lib/python3.10/site-packages/authheaders/__init__.py", line 343, in check_dmarc
   result, result_comment, from_domain, policy = dmarc_per_from(from_domain, spf_result, dkim_result, dnsfunc, psddmarc)
File "/usr/lib/python3.10/site-packages/authheaders/__init__.py", line 90, in dmarc_per_from
   record, orgdomain = receiver_record(from_domain)
File "/usr/lib/python3.10/site-packages/authheaders/dmarc_lookup.py", line 117, in receiver_record
   retval = lookup_receiver_record(hostSansDmarc, dnsfunc)
File "/usr/lib/python3.10/site-packages/authheaders/dmarc_lookup.py", line 92, in lookup_receiver_record
   tags = answer_to_dict(str(result))
File "/usr/lib/python3.10/site-packages/authheaders/dmarc_lookup.py", line 42, in answer_to_dict
   retval = {t[0].strip().lower(): t[1].strip().lower() for t in rawTags}
File "/usr/lib/python3.10/site-packages/authheaders/dmarc_lookup.py", line 42, in <dictcomp>
   retval = {t[0].strip().lower(): t[1].strip().lower() for t in rawTags}
IndexError: list index out of range
kitterma commented 9 months ago

Thanks. By my reading of RFC 7489, this is invalid, so I think we'll need to raise some kind of error.

kitterma commented 9 months ago

Fixed in 0.16.0.