gmane.mail.spam.spf.help

Re: Problem with postfix-policyd-spf-perl

On Thu, 17 Jul 2008 11:22:13 -0400 John Adams <johna <at> onevista.com> wrote:
>On Thu July 17 2008, Scott Kitterman wrote:
>> > It's odd it only happens with Tiscali - the problem is we don't receive
>> > enough mail from them that I could sensibly turn on any sort of
>> > debugging because the logs would just fill before anything from them
>> > came in, and 8/10 times it'd be let in anyway.
>>
>> Jul 17 10:18:11 scott-laptop policyd-spf[18084]: Temperror; 
identity=helo;
>> client-ip=212.74.100.54; helo=mk-filter-3-a-4.mail.uk.tiscali.com;
>> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
>> Jul 17 10:18:42 scott-laptop policyd-spf[18084]: Temperror;
>> identity=mailfrom; client-ip=212.74.100.54;
>> helo=mk-filter-3-a-4.mail.uk.tiscali.com;
>> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
>>
>> I do get the reject from the Perl one, but I'm not sure why.  It will
>> defer on Temperror, not reject.
>
>the SPF record for mk-filter-3-a-4.mail.uk.tiscali.com is "v=spf1 a -all"
>the A record for mk-filter-3-a-4.mail.uk.tiscali.com is 212.74.100.42
>You are receiving mail from 212.74.100.54
>SPF seems to working correctly!

Interesting.

I'm away from wifi right now.  I don't think I was getting that.  Would 
someone please check and see if all their DNS servers are serving the same 
record?

(Continue reading)

headers

Steve Yates | 17 Jul 18:27

RE: Problem with postfix-policyd-spf-perl

>> the SPF record for mk-filter-3-a-4.mail.uk.tiscali.com is "v=spf1 a
-all"
>> the A record for mk-filter-3-a-4.mail.uk.tiscali.com is 212.74.100.42
>> You are receiving mail from 212.74.100.54
>> SPF seems to working correctly!
> 
> Interesting.
> 
> I'm away from wifi right now.  I don't think I was getting that.
Would
> someone please check and see if all their DNS servers are serving the
> same record?

	Yes.

;; ANSWER SECTION:
mk-filter-3-a-4.mail.uk.tiscali.com. 3600 IN TXT "v=spf1 a -all"

;; ANSWER SECTION:
mk-filter-3-a-4.mail.uk.tiscali.com. 3600 IN A  212.74.100.42

;; AUTHORITY SECTION:
uk.tiscali.com.         3600    IN      NS      ns0.tiscali.co.uk.
uk.tiscali.com.         3600    IN      NS      ns0.as9105.com.

;; ADDITIONAL SECTION:
ns0.as9105.com.         604800  IN      A       212.139.129.130
ns0.tiscali.co.uk.      604800  IN      A       212.74.114.132

-----

(Continue reading)

headers

Paul Hutchings | 17 Jul 18:41

RE: Problem with postfix-policyd-spf-perl

Can I get an explanation in simple terms please?

Obviously we have an SPF record and I know the basic principle i.e. mail
from @mira.co.uk can only originate from relay.mira.co.uk or a couple of
other hosts) in our case as that's how I have our mail flow configured
for all devices.

Where I'm struggling is that in this case the email is coming from an
@tiscali.co.uk address, and the SPF record for tiscali.co.uk seems to
specify a bunch of /24's of which the MTA that caused the problem (one
of several) seems to be in?

--

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

headers

Steve Yates | 17 Jul 18:48

RE: Problem with postfix-policyd-spf-perl

Paul Hutchings wrote on 7/17/2008 11:41:20 AM:

> Where I'm struggling is that in this case the email is coming from an
> @tiscali.co.uk address, and the SPF record for tiscali.co.uk seems to
> specify a bunch of /24's of which the MTA that caused the problem (one
> of several) seems to be in?

	What John pointed out is that the sending mail server is
apparently telling the world that it's name is
"mk-filter-3-a-4.mail.uk.tiscali.com."  The SPF record for
"mk-filter-3-a-4.mail.uk.tiscali.com" is telling the world that it's IP
is 212.74.100.42, but the message is coming from a different IP,
212.74.100.54.  It is the SPF record for
mk-filter-3-a-4.mail.uk.tiscali.com that is causing the failure, not the
record for tiscali.co.uk.  Therefore the fail result is correct.

----------
> Jul 17 10:18:11 scott-laptop policyd-spf[18084]: Temperror;
identity=helo;
> client-ip=212.74.100.54; helo=mk-filter-3-a-4.mail.uk.tiscali.com;
> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
> Jul 17 10:18:42 scott-laptop policyd-spf[18084]: Temperror;
> identity=mailfrom; client-ip=212.74.100.54;
> helo=mk-filter-3-a-4.mail.uk.tiscali.com;
> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
>
> I do get the reject from the Perl one, but I'm not sure why.  It will
> defer on Temperror, not reject.

the SPF record for mk-filter-3-a-4.mail.uk.tiscali.com is "v=spf1 a

(Continue reading)

headers

Scott Kitterman | 17 Jul 18:57

RE: Problem with postfix-policyd-spf-perl

On Thu, 17 Jul 2008 11:48:21 -0500 "Steve Yates" <steve <at> teamITS.com> wrote:
>Paul Hutchings wrote on 7/17/2008 11:41:20 AM:
>
>> Where I'm struggling is that in this case the email is coming from an
>> @tiscali.co.uk address, and the SPF record for tiscali.co.uk seems to
>> specify a bunch of /24's of which the MTA that caused the problem (one
>> of several) seems to be in?
>
>	What John pointed out is that the sending mail server is
>apparently telling the world that it's name is
>"mk-filter-3-a-4.mail.uk.tiscali.com."  The SPF record for
>"mk-filter-3-a-4.mail.uk.tiscali.com" is telling the world that it's IP
>is 212.74.100.42, but the message is coming from a different IP,
>212.74.100.54.  It is the SPF record for
>mk-filter-3-a-4.mail.uk.tiscali.com that is causing the failure, not the
>record for tiscali.co.uk.  Therefore the fail result is correct.
>
>----------
>> Jul 17 10:18:11 scott-laptop policyd-spf[18084]: Temperror;
>identity=helo;
>> client-ip=212.74.100.54; helo=mk-filter-3-a-4.mail.uk.tiscali.com;
>> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
>> Jul 17 10:18:42 scott-laptop policyd-spf[18084]: Temperror;
>> identity=mailfrom; client-ip=212.74.100.54;
>> helo=mk-filter-3-a-4.mail.uk.tiscali.com;
>> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk
>>
>> I do get the reject from the Perl one, but I'm not sure why.  It will
>> defer on Temperror, not reject.
>

(Continue reading)

headers

Paul Hutchings | 17 Jul 19:04

RE: Problem with postfix-policyd-spf-perl

Thanks that makes sense - what confused me though is that I thought SPF
only worked at a domain level i.e. why is it looking up an SPF (TXT)
record for an individual host?

-----Original Message-----
From: Steve Yates [mailto:steve <at> teamITS.com] 
Sent: 17 July 2008 17:48
To: spf-help <at> v2.listbox.com
Subject: RE: [spf-help] Problem with postfix-policyd-spf-perl

Paul Hutchings wrote on 7/17/2008 11:41:20 AM:

> Where I'm struggling is that in this case the email is coming from an
> @tiscali.co.uk address, and the SPF record for tiscali.co.uk seems to
> specify a bunch of /24's of which the MTA that caused the problem (one
> of several) seems to be in?

	What John pointed out is that the sending mail server is
apparently telling the world that it's name is
"mk-filter-3-a-4.mail.uk.tiscali.com."  The SPF record for
"mk-filter-3-a-4.mail.uk.tiscali.com" is telling the world that it's IP
is 212.74.100.42, but the message is coming from a different IP,
212.74.100.54.  It is the SPF record for
mk-filter-3-a-4.mail.uk.tiscali.com that is causing the failure, not the
record for tiscali.co.uk.  Therefore the fail result is correct.

----------
> Jul 17 10:18:11 scott-laptop policyd-spf[18084]: Temperror;
identity=helo;
> client-ip=212.74.100.54; helo=mk-filter-3-a-4.mail.uk.tiscali.com;

(Continue reading)

headers

Steve Yates | 17 Jul 19:19

RE: Problem with postfix-policyd-spf-perl

Paul Hutchings wrote on 7/17/2008 12:04:39 PM:

> Thanks that makes sense - what confused me though is that I thought
SPF
> only worked at a domain level i.e. why is it looking up an SPF (TXT)
> record for an individual host?

http://www.openspf.org/FAQ/Examples

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

 - Steve Yates
 - ITS, Inc.
 - "Have you ever tried going mad without power?  It's boring. No one
listens to you!" - Russ Cargill

~ Taglines by Taglinator - www.srtware.com ~

headers

Paul Hutchings | 17 Jul 19:31

RE: Problem with postfix-policyd-spf-perl

Perfect and my bad for not reading the FAQ - thanks very much and nice
to know it's not me but the huge ISP at fault 

Thanks again!

-----Original Message-----
From: Steve Yates [mailto:steve <at> teamITS.com] 
Sent: 17 July 2008 18:20
To: spf-help <at> v2.listbox.com
Subject: RE: [spf-help] Problem with postfix-policyd-spf-perl

Paul Hutchings wrote on 7/17/2008 12:04:39 PM:

> Thanks that makes sense - what confused me though is that I thought
SPF
> only worked at a domain level i.e. why is it looking up an SPF (TXT)
> record for an individual host?

http://www.openspf.org/FAQ/Examples

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

 - Steve Yates
 - ITS, Inc.
 - "Have you ever tried going mad without power?  It's boring. No one
listens to you!" - Russ Cargill

~ Taglines by Taglinator - www.srtware.com ~

(Continue reading)

headers

Scott Kitterman | 18 Jul 07:20

Re: Problem with postfix-policyd-spf-perl

One final note:

This was hard to troubleshoot because, by default, the policy server doesn't 
log if it's acting based on Mail From or HELO results.  I've fixed that and 
released a new version (2.006).  It has no other changes, so there's no 
urgent need to upgrade.

Scott K