lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge #2071

Browse Source 
2071: Reduce logging level r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Reduce the logging level associated with TLSA record lookup. I've been running master in prod for a few months now and one of the common messages is:
```
[2021-11-23 08:53:29,884] ERROR in utils: Error while looking up the TLSA record for .fr A DNS label is empty.
[2021-11-23 08:53:30,630] ERROR in utils: Error while looking up the TLSA record for .co.uk A DNS label is empty.
[2021-11-23 08:53:30,636] ERROR in utils: Error while looking up the TLSA record for .uk A DNS label is empty.
[2021-11-23 08:58:16,264] ERROR in utils: Error while looking up the TLSA record for .net A DNS label is empty.
[2021-11-23 08:58:17,059] ERROR in utils: Error while looking up the TLSA record for .com A DNS label is empty.
[2021-11-23 09:04:04,597] ERROR in utils: Error while looking up the TLSA record for .org A DNS label is empty.
```
There is no point in having them at all, so let's mute them.

Another (but that arguably is still worth having):
```
[2021-11-23 12:52:46,231] ERROR in utils: Error while looking up the TLSA record for frenger.com The DNS response does not contain an answer to the question: _25._tcp.frenger.com. IN TLSA
[2021-11-24 08:52:57,794] ERROR in utils: Error while looking up the TLSA record for numericable.fr The DNS response does not contain an answer to the question: _25._tcp.numericable.fr. IN TLSA
[2021-11-24 08:52:58,687] ERROR in utils: Error while looking up the TLSA record for neuf.fr The DNS response does not contain an answer to the question: _25._tcp.neuf.fr. IN TLSA
```
For that one I have reduced the severity it's logged at.

Keep in mind that the default action is "pass": this means that we won't impose "dane-only". There will be a test for MTA-STS and then a fallback to "dane" (where postfix will make its own determination as of what those DNS errors should dictate).

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
master
bors[bot] 3 years ago committed by GitHub
parent 20f00a3699 4fffdd95e9
commit dbbfa44461
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
core/admin/mailu/utils.py
Unescape Escape View File

@ -66,10 +66,10 @@ def has_dane_record(domain, timeout=10):
return app.config['DEFER_ON_TLS_ERROR'] return app.config['DEFER_ON_TLS_ERROR']
except dns.exception.Timeout: except dns.exception.Timeout:
app.logger.warn(f'Timeout while resolving the TLSA record for {domain} ({timeout}s).') app.logger.warn(f'Timeout while resolving the TLSA record for {domain} ({timeout}s).')
except dns.resolver.NXDOMAIN: except (dns.resolver.NXDOMAIN, dns.name.EmptyLabel):
pass # this is expected, not TLSA record is fine pass # this is expected, not TLSA record is fine
except Exception as e: except Exception as e:
app.logger.error(f'Error while looking up the TLSA record for {domain} {e}') app.logger.info(f'Error while looking up the TLSA record for {domain} {e}')
pass pass
# Rate limiter # Rate limiter

Write Preview
Loading…
Cancel
Save