spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

agupimail: examples of various return codes

2004-09-09 20:11:39
from [Meng Weng Wong] [Permanent Link] 
On Thu, Sep 09, 2004 at 10:37:51PM -0400, Meng Weng Wong wrote:
| I spent some time today implementing a Unified SPF postfix
| policy daemon.  It follows the AGUPI model described at
| http://spf.pobox.com/aspen/email-future-1.png
| 
| I have it currently set to reject, by default, all mail that
| doesn't pass both authentication and policy tests.
| 

when I send mail from my personal box, newbabe.mengwong.com,
which is not whitelisted by any of the reputation services I
know,

    20040909-23:05:07 mengwong(_at_)newbabe:~% echo test | testmx 
-mx=dumbo.pobox.com -subject='where is this going' 
-from=mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com 
-to=mengwong(_at_)spf(_dot_)pobox(_dot_)com -port=25 -helo=newbabe.mengwong.com

    <<< 220 dumbo.pobox.com ESMTP Postfix
    >>> EHLO newbabe.mengwong.com
    <<< 250-dumbo.pobox.com
    <<< 250-PIPELINING
    <<< 250-SIZE 10240000
    <<< 250-VRFY
    <<< 250-ETRN
    <<< 250 8BITMIME
    >>> MAIL FROM:<mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com>
    <<< 250 Ok
    >>> RCPT TO:<mengwong(_at_)spf(_dot_)pobox(_dot_)com>
    <<< 554 <mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com>: Sender address 
rejected: Sorry, agupimail requires that your message be sent through an 
authenticated channel, and that the sender be recognized by the receiving 
system.

Internally, syslog shows:

   : Attribute: client_address=209.2.32.36
   : Attribute: client_name=newbabe.mengwong.com
   : Attribute: extra_arg=
   : Attribute: helo_name=newbabe.mengwong.com
   : Attribute: instance=00513e.00414119f6.000000
   : Attribute: protocol_name=ESMTP
   : Attribute: protocol_state=RCPT
   : Attribute: queue_id=
   : Attribute: recipient=mengwong(_at_)spf(_dot_)pobox(_dot_)com
   : Attribute: request=smtpd_access_policy
   : Attribute: sender=mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com
   : Attribute: size=0
    testing: stripped sender=mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com, 
stripped rcpt=mengwong(_at_)spf(_dot_)pobox(_dot_)com
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rating.cloudmark.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.wl.trusted-forwarder.org...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.dnswl.mailzone.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.bulk.rhs.mailpolice.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rhsbl.ahbl.org...
    agupimail policy_status for ptr identity newbabe.mengwong.com returned 
UNKNOWN: no result from the karma system.
    agupimail now going to look for auth_status...
   : : ptr_status: testing newbabe.mengwong.com
    pass: spf/PTR smtp_comment=Please see 
http://spf.pobox.com/why.html?sender=newbabe.mengwong.com&ip=209.2.32.36&receiver=dumbo.pobox.com:
 newbabe.mengwong.com A 209.2.32.36, header_comment=dumbo.pobox.com: domain of 
newbabe.mengwong.com designates 209.2.32.36 as permitted sender
    agupimail auth_result for ptr identity newbabe.mengwong.com is PASS
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rating.cloudmark.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.wl.trusted-forwarder.org...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.dnswl.mailzone.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.bulk.rhs.mailpolice.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rhsbl.ahbl.org...
    agupimail policy_status for helo identity newbabe.mengwong.com returned 
UNKNOWN: no result from the karma system.
    agupimail now going to look for auth_status...
    pass: spf/HELO smtp_comment=Please see 
http://spf.pobox.com/why.html?sender=newbabe.mengwong.com&ip=209.2.32.36&receiver=dumbo.pobox.com:
 newbabe.mengwong.com A 209.2.32.36, header_comment=dumbo.pobox.com: domain of 
newbabe.mengwong.com designates 209.2.32.36 as permitted sender
    agupimail auth_result for helo identity newbabe.mengwong.com is PASS
    karma_query(sender:mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com): 
querying newbabe.mengwong.com.rating.cloudmark.com...
    karma_query(sender:mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com): 
querying newbabe.mengwong.com.wl.trusted-forwarder.org...
    karma_query(sender:mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com): 
querying newbabe.mengwong.com.dnswl.mailzone.com...
    karma_query(sender:mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com): 
querying newbabe.mengwong.com.bulk.rhs.mailpolice.com...
    karma_query(sender:mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com): 
querying newbabe.mengwong.com.rhsbl.ahbl.org...
    agupimail policy_status for sender identity 
mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com returned UNKNOWN: no result from 
the karma system.
    agupimail now going to look for auth_status...
    pass: spf/MAILFROM smtp_comment=Please see 
http://spf.pobox.com/why.html?sender=mengwong%40newbabe.mengwong.com&ip=209.2.32.36&receiver=dumbo.pobox.com:
 newbabe.mengwong.com A 209.2.32.36, header_comment=dumbo.pobox.com: domain of 
mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com designates 209.2.32.36 as 
permitted sender
    agupimail auth_result for sender identity 
mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com is PASS
    agupimail overall: decided action=REJECT Sorry, agupimail requires that 
your message be sent through an authenticated channel, and that the sender be 
recognized by the receiving system.
    postfix/smtpd[20798]: NOQUEUE: reject: RCPT from 
newbabe.mengwong.com[209.2.32.36]: 554 
<mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com>: Sender address rejected: 
Sorry, agupimail requires that your message be sent through an authenticated 
channel, and that the sender be recognized by the receiving system.; 
from=<mengwong(_at_)newbabe(_dot_)mengwong(_dot_)com> 
to=<mengwong(_at_)spf(_dot_)pobox(_dot_)com> proto=ESMTP 
helo=<newbabe.mengwong.com>

when i forge mail from a domain which appears in bulk.rhs.mailpolice.com,

    <<< 220 dumbo.pobox.com ESMTP Postfix
    >>> EHLO newbabe.mengwong.com
    <<< 250-dumbo.pobox.com
    <<< 250-PIPELINING
    <<< 250-SIZE 10240000
    <<< 250-VRFY
    <<< 250-ETRN
    <<< 250 8BITMIME
    >>> MAIL FROM:<mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com>
    <<< 250 Ok
    >>> RCPT TO:<mengwong(_at_)spf(_dot_)pobox(_dot_)com>
    <<< 554 <mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com>: Sender 
address rejected: agupimail observed policy failure for sender: 
mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com found in 
bulk.rhs.mailpolice.com

The corresponding excerpt from syslog:

     Attribute: client_address=209.2.32.36
     Attribute: client_name=newbabe.mengwong.com
     Attribute: extra_arg=
     Attribute: helo_name=newbabe.mengwong.com
     Attribute: instance=00513e.00414119e1.000000
     Attribute: protocol_name=ESMTP
     Attribute: protocol_state=RCPT
     Attribute: queue_id=
     Attribute: recipient=mengwong(_at_)spf(_dot_)pobox(_dot_)com
     Attribute: request=smtpd_access_policy
     Attribute: sender=mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com
     Attribute: size=0
    testing: stripped 
sender=mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com, stripped 
rcpt=mengwong(_at_)spf(_dot_)pobox(_dot_)com
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rating.cloudmark.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.wl.trusted-forwarder.org...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.dnswl.mailzone.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.bulk.rhs.mailpolice.com...
    karma_query(ptr:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rhsbl.ahbl.org...
    agupimail policy_status for ptr identity newbabe.mengwong.com returned 
UNKNOWN: no result from the karma system.
    agupimail now going to look for auth_status...
     : ptr_status: testing newbabe.mengwong.com
    pass: spf/PTR smtp_comment=Please see 
http://spf.pobox.com/why.html?sender=newbabe.mengwong.com&ip=209.2.32.36&receiver=dumbo.pobox.com:
 newbabe.mengwong.com A 209.2.32.36, header_comment=dumbo.pobox.com: domain of 
newbabe.mengwong.com designates 209.2.32.36 as permitted sender
    agupimail auth_result for ptr identity newbabe.mengwong.com is PASS
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rating.cloudmark.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.wl.trusted-forwarder.org...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.dnswl.mailzone.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.bulk.rhs.mailpolice.com...
    karma_query(helo:newbabe.mengwong.com): querying 
newbabe.mengwong.com.rhsbl.ahbl.org...
    agupimail policy_status for helo identity newbabe.mengwong.com returned 
UNKNOWN: no result from the karma system.
    agupimail now going to look for auth_status...
    pass: spf/HELO smtp_comment=Please see 
http://spf.pobox.com/why.html?sender=newbabe.mengwong.com&ip=209.2.32.36&receiver=dumbo.pobox.com:
 newbabe.mengwong.com A 209.2.32.36, header_comment=dumbo.pobox.com: domain of 
newbabe.mengwong.com designates 209.2.32.36 as permitted sender
    agupimail auth_result for helo identity newbabe.mengwong.com is PASS
    karma_query(sender:mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com): 
querying mail.optin-broadcast.com.rating.cloudmark.com...
    karma_query(sender:mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com): 
querying mail.optin-broadcast.com.wl.trusted-forwarder.org...
    karma_query(sender:mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com): 
querying mail.optin-broadcast.com.dnswl.mailzone.com...
    karma_query(sender:mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com): 
querying mail.optin-broadcast.com.bulk.rhs.mailpolice.com...
    agupimail policy_status for sender identity 
mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com returned FAIL: 
mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com found in 
bulk.rhs.mailpolice.com
    agupimail now going to look for auth_status...
    agupimail auth_result for sender identity 
mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com is unchecked
    agupimail overall: decided action=REJECT agupimail observed policy failure 
for sender: mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com found in 
bulk.rhs.mailpolice.com

    postfix/smtpd[20798]: NOQUEUE: reject: RCPT from 
newbabe.mengwong.com[209.2.32.36]: 554 
<mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com>: Sender address rejected: 
agupimail observed policy failure for sender: 
mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com found in 
bulk.rhs.mailpolice.com; 
from=<mengwong(_at_)mail(_dot_)optin-broadcast(_dot_)com> 
to=<mengwong(_at_)spf(_dot_)pobox(_dot_)com> proto=ESMTP 
helo=<newbabe.mengwong.com>

A short list of RHSBLs can be found at
http://www.sdsc.edu/~jeff/spam/cbc.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Unified SPF policy daemon and constructing a personal whitelist: bugfix, Meng Weng Wong
Next by Date:  Re: Unified SPF policy daemon and constructing a personal whitelist, Meng Weng Wong
Previous by Thread:  Re: Unified SPF policy daemon and constructing a personal whitelist: bugfix, Meng Weng Wong
Next by Thread:  Re: Unified SPF policy daemon and constructing a personal whitelist, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]