spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Possible SPF machine-domain loophole???

2004-02-26 18:55:55
from [Mark] [Permanent Link] 
----- Original Message ----- 
From: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, February 26, 2004 6:35 PM
Subject: Re: [spf-discuss] Re: Possible SPF machine-domain loophole???



Yesterday (Feb 25),  we got 6 transactions which exploited the SPF
loophole. Here is a summary of the transaction logs:



Client IP: 206.66.146.23 (unknown)
13:23:51 C: EHLO santronics.com
13:23:51 C: MAIL FROM: <reynoldcgin(_at_)altavista(_dot_)com>
13:23:51 C: RCPT TO: <andrea(_dot_)santos(_at_)santronics(_dot_)com>


Again, bull. Your configuration is broken. Or you do not know how to
interpret the results of an SPF lookup. The above query clearly produces a
"fail" (see below). I ask that you please cease and desist this nonsense.

Sincerely,

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx


|         altavista.com new: ipv4=206.66.146.23,
sender(_at_)¿=?ÒTÕF?ôööF? vΩ̡R, helo=santronics.com
|        reynoldcgin altavista.com localpart is reynoldcgin
|        reynoldcgin altavista.com   DirectiveSet->new(): doing TXT query on
altavista.com
|        reynoldcgin altavista.com   myquery: doing TXT query on
altavista.com
|        reynoldcgin altavista.com   DirectiveSet->new(): TXT query on
altavista.com returned error=, last_dns_error=NOERROR
|        reynoldcgin altavista.com   DirectiveSet->new(): SPF policy:
+exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com -all
|        reynoldcgin altavista.com   lookup:   TXT
+exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com -all
|        reynoldcgin altavista.com   lookup:   TXT prefix=+, lhs=exists,
rhs=CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com
|        reynoldcgin altavista.com   lookup:   TXT prefix=-, lhs=all, rhs=
|        reynoldcgin altavista.com   lookup:  mec
mechanisms=+exists(CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com) -all()
|        reynoldcgin altavista.com   evaluate_mechanism:
+exists(CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com) for
domain=altavista.com
|        reynoldcgin altavista.com   macro_substitute_item: i: field=i,
num=, reverse=, delim=., newval=206.66.146.23
|        reynoldcgin altavista.com   macro_substitute_item: s: field=s,
num=, reverse=, delim=., newval(_at_)¿=?ÒTÕF?ôööF? vΩ̡R
|        reynoldcgin altavista.com   macro_substitute_item: h: field=h,
num=, reverse=, delim=., newval=santronics.com
|        reynoldcgin altavista.com   macro_substitute:
CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com ->
CL(_dot_)206(_dot_)66(_dot_)146(_dot_)23(_dot_)FR(_dot_)reynoldcgin(_at_)altavista(_dot_)com(_dot_)HE(_dot_)santronics(_dot_)com(_dot_)null(_dot_)spf(_dot_)alt
avista.com
|        reynoldcgin altavista.com   mechanism exists: looking up
CL(_dot_)206(_dot_)66(_dot_)146(_dot_)23(_dot_)FR(_dot_)reynoldcgin(_at_)altavista(_dot_)com(_dot_)HE(_dot_)santronics(_dot_)com(_dot_)null(_dot_)spf(_dot_)alt
avista.com
|        reynoldcgin altavista.com   myquery: doing A query on
CL(_dot_)206(_dot_)66(_dot_)146(_dot_)23(_dot_)FR(_dot_)reynoldcgin(_at_)altavista(_dot_)com(_dot_)HE(_dot_)santronics(_dot_)com(_dot_)null(_dot_)spf(_dot_)alt
avista.com
|        reynoldcgin altavista.com   myquery:
CL(_dot_)206(_dot_)66(_dot_)146(_dot_)23(_dot_)FR(_dot_)reynoldcgin(_at_)altavista(_dot_)com(_dot_)HE(_dot_)santronics(_dot_)com(_dot_)null(_dot_)spf(_dot_)alt
avista.com A failed: NXDOMAIN.
|        reynoldcgin altavista.com   evaluate_mechanism:
+exists(CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com) returned
|        reynoldcgin altavista.com   evaluate_mechanism: -all() for
domain=altavista.com
|        reynoldcgin altavista.com   evaluate_mechanism: -all() returned hit
default
|        reynoldcgin altavista.com   saving result fail to cache point and
returning.
|        reynoldcgin altavista.com   macro_substitute_item: S: field=S,
num=, reverse=, delim=., newval=reynoldcgin%40altavista.com
|        reynoldcgin altavista.com   macro_substitute_item: I: field=I,
num=, reverse=, delim=., newval=206.66.146.23
|        reynoldcgin altavista.com   macro_substitute_item: xR: field=xR,
num=, reverse=, delim=., newval=asarian-host.net
|        reynoldcgin altavista.com   macro_substitute: Please see
http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{xR} -> Please
see
http://spf.pobox.com/why.html?sender=reynoldcgin%40altavista.com&ip=206.66.146.23&receiver=asarian-host.net

Final: "fail".
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Possible SPF machine-domain loophole???, Kelson Vibber
Next by Date:  Re: Possible SPF machine-domain loophole???, Hector Santos
Previous by Thread:  Re: Re: Possible SPF machine-domain loophole???, Hector Santos
Next by Thread:  Re: Re: Possible SPF machine-domain loophole???, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]