Skip to content

Exception in DMARC check

Hi,

We discovered a message was shunted with the following error:

16/Nov/2023:22:03:30 (26) ACCEPT: <FD52D4D6-8861-431F-B535-7B976AF563E4@domain.tld>
16/Nov/2023:22:03:31 (29) Uncaught runner exception: list index out of range
16/Nov/2023:22:03:31 (29) Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/mailman/core/runner.py", line 179, in _one_iteration
    self._process_one_file(msg, msgdata)
  File "/usr/lib/python3.11/site-packages/mailman/core/runner.py", line 272, in _process_one_file
    keepqueued = self._dispose(mlist, msg, msgdata)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mailman/runners/pipeline.py", line 37, in _dispose
    process(mlist, msg, msgdata, pipeline)
  File "/usr/lib/python3.11/site-packages/mailman/core/pipelines.py", line 53, in process
    handler.process(mlist, msg, msgdata)
  File "/usr/lib/python3.11/site-packages/mailman/handlers/validate_authenticity.py", line 125, in process
    authenticate(msg, msgdata)
  File "/usr/lib/python3.11/site-packages/mailman/utilities/retry.py", line 44, in f_retry
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mailman/handlers/validate_authenticity.py", line 93, in authenticate
    auth_result = authenticate_message(
                  ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/__init__.py", line 396, in authenticate_message
    dmarc_result = check_dmarc(msg, spf_result, dkim_result, dnsfunc=dnsfunc, psddmarc=psddmarc)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/__init__.py", line 344, in check_dmarc
    result, result_comment, from_domain, policy = dmarc_per_from(from_domain, spf_result, dkim_result, dnsfunc, psddmarc)
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/__init__.py", line 91, in dmarc_per_from
    record, orgdomain = receiver_record(from_domain)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/dmarc_lookup.py", line 117, in receiver_record
    retval = lookup_receiver_record(hostSansDmarc, dnsfunc)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/dmarc_lookup.py", line 92, in lookup_receiver_record
    tags = answer_to_dict(str(result))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/dmarc_lookup.py", line 42, in answer_to_dict
    retval = {t[0].strip().lower(): t[1].strip().lower() for t in rawTags}
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/authheaders/dmarc_lookup.py", line 42, in <dictcomp>
    retval = {t[0].strip().lower(): t[1].strip().lower() for t in rawTags}
                                    ~^^^
IndexError: list index out of range
16/Nov/2023:22:03:31 (29) SHUNTING: 1700172211.0404482+bbf26055e8b483bc7eec78ce061efc5357040e7d

It looks like the DMARC DNS record caused the exception, but if checking with online tools the record is reported valid.

I will send the shunted message to @msapiro privately.