mirror of
https://github.com/Mailu/Mailu.git
synced 2024-12-12 10:45:38 +02:00
Merge #2071
2071: Reduce logging level r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? Reduce the logging level associated with TLSA record lookup. I've been running master in prod for a few months now and one of the common messages is: ``` [2021-11-23 08:53:29,884] ERROR in utils: Error while looking up the TLSA record for .fr A DNS label is empty. [2021-11-23 08:53:30,630] ERROR in utils: Error while looking up the TLSA record for .co.uk A DNS label is empty. [2021-11-23 08:53:30,636] ERROR in utils: Error while looking up the TLSA record for .uk A DNS label is empty. [2021-11-23 08:58:16,264] ERROR in utils: Error while looking up the TLSA record for .net A DNS label is empty. [2021-11-23 08:58:17,059] ERROR in utils: Error while looking up the TLSA record for .com A DNS label is empty. [2021-11-23 09:04:04,597] ERROR in utils: Error while looking up the TLSA record for .org A DNS label is empty. ``` There is no point in having them at all, so let's mute them. Another (but that arguably is still worth having): ``` [2021-11-23 12:52:46,231] ERROR in utils: Error while looking up the TLSA record for frenger.com The DNS response does not contain an answer to the question: _25._tcp.frenger.com. IN TLSA [2021-11-24 08:52:57,794] ERROR in utils: Error while looking up the TLSA record for numericable.fr The DNS response does not contain an answer to the question: _25._tcp.numericable.fr. IN TLSA [2021-11-24 08:52:58,687] ERROR in utils: Error while looking up the TLSA record for neuf.fr The DNS response does not contain an answer to the question: _25._tcp.neuf.fr. IN TLSA ``` For that one I have reduced the severity it's logged at. Keep in mind that the default action is "pass": this means that we won't impose "dane-only". There will be a test for MTA-STS and then a fallback to "dane" (where postfix will make its own determination as of what those DNS errors should dictate). Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
commit
dbbfa44461
@ -66,10 +66,10 @@ def has_dane_record(domain, timeout=10):
|
||||
return app.config['DEFER_ON_TLS_ERROR']
|
||||
except dns.exception.Timeout:
|
||||
app.logger.warn(f'Timeout while resolving the TLSA record for {domain} ({timeout}s).')
|
||||
except dns.resolver.NXDOMAIN:
|
||||
except (dns.resolver.NXDOMAIN, dns.name.EmptyLabel):
|
||||
pass # this is expected, not TLSA record is fine
|
||||
except Exception as e:
|
||||
app.logger.error(f'Error while looking up the TLSA record for {domain} {e}')
|
||||
app.logger.info(f'Error while looking up the TLSA record for {domain} {e}')
|
||||
pass
|
||||
|
||||
# Rate limiter
|
||||
|
Loading…
Reference in New Issue
Block a user