Re: Other forwarders
2004-01-13 21:30:27
According to my DNS logs:
2004-01-13 21:21:53.257745500 query 32976: (spf.gladstonefamily.net, IN,
TXT)
2004-01-13 21:21:53.402834500 query 57420:
(207(_dot_)8(_dot_)214(_dot_)5(_dot_)philip-spf(_at_)gladstonefamily(_dot_)net(_dot_)spf(_dot_)gladstonefamily(_dot_)net, IN, A)
2004-01-13 21:21:53.720103500 query 47123:
(1074046913.gladstonefamily.net.100/86400.rate.spf.gladstonefamily.net,
IN, A)
2004-01-13 22:13:04.199944500 query 35279: (spf.gladstonefamily.net, IN,
TXT)
2004-01-13 22:13:04.341776500 query 6617:
(208(_dot_)58(_dot_)1(_dot_)195(_dot_)philip-spf(_at_)gladstonefamily(_dot_)net(_dot_)spf(_dot_)gladstonefamily(_dot_)net, IN, A)
2004-01-13 22:13:04.543470500 query 53597:
(208.58.1.195.gladstonefamily.net.100/86400.rate.spf.gladstonefamily.net,
IN, A)
These can be read as first, somebody gets my spf record, then they do
the exists check so I can see who the message was received from and from
whom. Finally, the rate entry is my final method before the -all, and
allows all emails (below 100 per day). I changed the argument to the
final 'exists' this afternoon -- I changed a %t to a %i. Note that
208.58.1.195 is portent.listbox.com
Note that the sender of this message is philip-spf(_at_)gladstonefamily(_dot_)net
(an address that I never send from, but is my subscription address at
listbox for the spf mailing lists)
I have no idea what is happening! Curiously enough, this shows the
difficulty in debugging SPF problems. In this case, it'd be nice to have
the IP address of the other MTA. All I know is that the DNS request came
from scratchy.meini.org
Philip
Meng Weng Wong wrote:
On Tue, Jan 13, 2004 at 10:12:53PM -0500, Philip Gladstone wrote:
| Also, at 21:21:53 EST this evening, apex.listbox.com tried to send
| forged mail from me. Hmm.
Are you sure your eyes aren't fooling you on that apex case?
That was this message:
Return-Path: <owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
X-Original-To: mengwong(_at_)dumbo(_dot_)pobox(_dot_)com
Delivered-To: mengwong(_at_)dumbo(_dot_)pobox(_dot_)com
Received: from apex.listbox.com (apex.listbox.com [207.8.214.5])
by dumbo.pobox.com (Postfix) with ESMTP id F08D94CD
for <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>; Tue, 13 Jan 2004
21:21:44 -0500 (EST)
Received: by apex.listbox.com (Postfix, from userid 440)
id 8CE3AAD; Tue, 13 Jan 2004 21:21:35 -0500 (EST)
Received: by apex.listbox.com (Postfix, from userid 440)
id 6C0F4A8; Tue, 13 Jan 2004 21:21:35 -0500 (EST)
Received: from smtp02.mrf.mail.rcn.net (smtp02.mrf.mail.rcn.net
[207.172.4.61])
by apex.listbox.com (Postfix) with ESMTP id B4BA5A8
for <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>; Tue, 13 Jan 2004
21:21:33 -0500 (EST)
Received: from 209-6-17-217.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com
([209.6.17.217] helo=gladstonefamily.net)
by smtp02.mrf.mail.rcn.net with esmtp (Exim 3.35 #4)
id 1Agaez-00019e-00
for spf-discuss(_at_)v2(_dot_)listbox(_dot_)com; Tue, 13 Jan 2004
21:21:33 -0500
Message-ID: <4004A7AC(_dot_)6060406(_at_)gladstonefamily(_dot_)net>
Date: Tue, 13 Jan 2004 21:21:32 -0500
From: Philip Gladstone <philip-spf(_at_)gladstonefamily(_dot_)net>
These are the syslogs: (incoming)
20040113-22:16:52 root(_at_)flatbox:/export/shared/logs/syslog# grep
B4BA5A8: listbox/current/mail.info.21
Jan 13 21:21:33 apex/apex postfix/smtpd[11759]: B4BA5A8:
client=smtp02.mrf.mail.rcn.net[207.172.4.61]
Jan 13 21:21:33 apex/apex postfix/cleanup[26965]: B4BA5A8:
message-id=<4004A7AC(_dot_)6060406(_at_)gladstonefamily(_dot_)net>
Jan 13 21:21:33 apex/apex postfix/nqmgr[25113]: B4BA5A8:
from=<philip(_at_)gladstonefamily(_dot_)net>, size=7441, nrcpt=1 (queue active)
Jan 13 21:21:34 apex/apex postfix/pipe[27028]: B4BA5A8:
to=<spf-discuss(_at_)v2(_dot_)listbox(_dot_)com(_dot_)resend>,
orig_to=<spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>, relay=resend, delay=1,
status=sent (v2.listbox.com.resend)
Jan 13 21:21:34 apex/apex postfix/nqmgr[25113]: B4BA5A8: removed
(outgoing)
20040113-22:17:22 root(_at_)flatbox:/export/shared/logs/syslog# grep
8CE3AAD: listbox/current/mail.info.21
Jan 13 21:21:35 apex/apex postfix/pickup[23319]: 8CE3AAD: uid=440
from=<owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Jan 13 21:21:43 apex/apex postfix/cleanup[26965]: 8CE3AAD:
message-id=<4004A7AC(_dot_)6060406(_at_)gladstonefamily(_dot_)net>
Jan 13 21:21:43 apex/apex postfix/nqmgr[25113]: 8CE3AAD:
from=<owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>, size=8581, nrcpt=357
(queue active)
Jan 13 21:21:44 apex/apex postfix/smtp[27084]: 8CE3AAD:
to=<hypermail(_at_)archives(_dot_)listbox(_dot_)com>,
orig_to=<spf-discuss-B7dvP5mc3PhRGQeadRKaSy0nUIchNttG(_at_)public(_dot_)gmane(_dot_)org>,
relay=dream.listbox.com[207.8.214.6], delay=9, status=sent (250 Ok: queued as 506AD234003)
Jan 13 21:21:44 apex/apex postfix/smtp[27084]: 8CE3AAD:
to=<listbox+save+all-posts(_at_)archives(_dot_)listbox(_dot_)com>,
orig_to=<spf-discuss-B7dvP5mc3PhRGQeadRKaSy0nUIchNttG(_at_)public(_dot_)gmane(_dot_)org>,
relay=dream.listbox.com[207.8.214.6], delay=9, status=sent (250 Ok: queued as 506AD234003)
Jan 13 21:21:47 apex/apex postfix/smtp[27100]: 8CE3AAD:
to=<philip-spf(_at_)gladstonefamily(_dot_)net>,
orig_to=<spf-discuss(_at_)v2(_dot_)listbox(_dot_)com(_dot_)explode>,
relay=charon.gladstonefamily.net[209.6.17.217], delay=12, status=sent (250 Queued!
<4004A7AC(_dot_)6060406(_at_)gladstonefamily(_dot_)net>)
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
|
|