spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd Problem

2004-11-12 07:04:58
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of James 
Couzens
Sent: Friday, November 12, 2004 8:53 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Odd Problem


On Fri, 2004-11-12 at 07:39 -0500, Matt wrote:


So how is SPF supposed to work?  Is it supposed to care about the
previous IP that the user used to connect?   I've got (and am getting
from this mailing list) the impression that it should not care, since
the mail server is authorized... but here is what I got from
barracude....  any insight?


--------------------------------



Barracuda Support wrote:


Hello Matt,

The sender is from IP  198.69.X.X   does not match your SPF

record 63.174.244.0/24

Barracuda is correct.

I already answered this for you, so here it is again:

james(_at_)code3 ~ $ /usr/local/bin/spfqtool_static -d 0 -s
jcouzens(_at_)chilitech(_dot_)net -i 198.69.197.61 -h test

SPF short result:   fail
SPF verbose result: policy result: (fail) from rule (-all)

RFC2822 header:     Received-SPF: fail (test: domain of
jcouzens(_at_)chilitech(_dot_)net
                   does not designate 198.69.197.61 as permitted sender)
                   receiver=test; client_ip=198.69.197.61;
                   envelope-from=jcouzens(_at_)chilitech(_dot_)net;

This is because his DNS is not published correctly.  Upon further
examination you'll see that his PTR record does not match because its
does not validate.  It does not validate because the reversely obtained
hostname 'du1-61-as5800-towanda.dial.chilitech.net' (from 198.69.197.61)
does not in turn then resolve forward to '198.69.197.61' and thus misses
the PTR bus and hops on the fail train.

Either *FIX* your PTR record so that the forward matches the reverse,
and vice versa, or simply add either ip4:198.69.197.0/24 or
ip4:198.69.197.61 to your SPF record.

Hoping that helps.

Cheers,

James

--
James Couzens,
Programmer


Except that he doesn't want 198.69.197.61 to pass.

Looking back at the original headers he posted, see below, it seems pretty
clear that the edge MTA was smtp1-ha.chilitech.net (smtp1-ha.chilitech.net
[63.174.244.3]) and that the message should have passed.  There's no reason
for 198.69.197.61 or the PTR to even come into it.

Scott Kitterman


undeliverable to gemabooks(_at_)ncx(_dot_)com

Server response to MAIL FROM:
587 pioneer(_at_)chilitech(_dot_)net sender domain does not match SPF records



Original message follows.

Received: from eg1.dns77.com [209.115.132.2] by imail1.dns77.com with


ESMTP


  (SMTPD32-8.12) id A342136900F0; Tue, 09 Nov 2004 15:22:58 -0700
X-ASG-Debug-ID: 1100038887-21246-341-0
X-Barracuda-URL: http://209.115.132.2:1927/cgi-bin/mark.cgi
Received: from smtp1-ha.chilitech.net (smtp1-ha.chilitech.net


[63.174.244.3])


by eg1.dns77.com (Spam Firewall) with ESMTP id EB7C5D0CFE94
for <hofr(_at_)gemabooks(_dot_)com>; Tue,  9 Nov 2004 15:21:27 -0700 (MST)
Received: (qmail 31598 invoked by uid 11193); 9 Nov 2004 22:21:20 -0000


Received: from pioneer(_at_)chilitech(_dot_)net by smtp1-ha.chilitech.net by uid
502
with qmail-scanner-1.20


 (clamuko: 0.75.1. spamassassin: 2.64.  Clear:RC:1(198.69.197.61):.


Processed in 0.279358 secs); 09 Nov 2004 22:21:20 -0000


Received: from unknown (HELO thepurplebeast) ([198.69.197.61])
          (envelope-sender <pioneer(_at_)chilitech(_dot_)net>)
          by 0 (qmail-ldap-1.03) with SMTP
          for <hofr(_at_)gemabooks(_dot_)com>; 9 Nov 2004 22:21:20 -0000
Message-ID: <001001c4c6aa$1eb47760$3dc545c6(_at_)thepurplebeast>
From: "kerry detrick" <pioneer(_at_)chilitech(_dot_)net>
To: <hofr(_at_)gemabooks(_dot_)com>
X-ASG-Orig-Subj: none
Subject: none
Date: Tue, 9 Nov 2004 17:18:59 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000D_01C4C680.33A3C1A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Virus-Scanned: by Barracuda Spam Firewall at dns77.com
X-Barracuda-Spam-Score: 0.06
X-Barracuda-Spam-Status: No, SCORE=0.06 using global scores of


TAG_LEVEL=4.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=8.0 tests=HTML_30_40,
HTML_MESSAGE


X-Barracuda-Spam-Report: Code version 2.64, rules version 2.1.504 Rule


breakdown below pts        rule name                      description
---- ---------------------- -------------------------------------------
0.06 HTML_30_40             BODY: Message is 30% to 40% HTML


0.00 HTML_MESSAGE           BODY: HTML included in message

This is a multi-part message in MIME format.

[message truncated]
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Odd Problem, Matt
Next by Date:  RE: Odd Problem, Scott Kitterman
Previous by Thread:  Re: Odd Problem, Greg Connor
Next by Thread:  RE: Odd Problem, James Couzens
Indexes:  [Date] [Thread] [Top] [All Lists]