-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of James
Couzens
Sent: Friday, November 12, 2004 8:53 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Odd Problem
On Fri, 2004-11-12 at 07:39 -0500, Matt wrote:
So how is SPF supposed to work? Is it supposed to care about the
previous IP that the user used to connect? I've got (and am getting
from this mailing list) the impression that it should not care, since
the mail server is authorized... but here is what I got from
barracude.... any insight?
--------------------------------
Barracuda Support wrote:
Hello Matt,
The sender is from IP 198.69.X.X does not match your SPF
record 63.174.244.0/24
Barracuda is correct.
I already answered this for you, so here it is again:
james(_at_)code3 ~ $ /usr/local/bin/spfqtool_static -d 0 -s
jcouzens(_at_)chilitech(_dot_)net -i 198.69.197.61 -h test
SPF short result: fail
SPF verbose result: policy result: (fail) from rule (-all)
RFC2822 header: Received-SPF: fail (test: domain of
jcouzens(_at_)chilitech(_dot_)net
does not designate 198.69.197.61 as permitted sender)
receiver=test; client_ip=198.69.197.61;
envelope-from=jcouzens(_at_)chilitech(_dot_)net;
This is because his DNS is not published correctly. Upon further
examination you'll see that his PTR record does not match because its
does not validate. It does not validate because the reversely obtained
hostname 'du1-61-as5800-towanda.dial.chilitech.net' (from 198.69.197.61)
does not in turn then resolve forward to '198.69.197.61' and thus misses
the PTR bus and hops on the fail train.
Either *FIX* your PTR record so that the forward matches the reverse,
and vice versa, or simply add either ip4:198.69.197.0/24 or
ip4:198.69.197.61 to your SPF record.
Hoping that helps.
Cheers,
James
--
James Couzens,
Programmer
Except that he doesn't want 198.69.197.61 to pass.
Looking back at the original headers he posted, see below, it seems pretty
clear that the edge MTA was smtp1-ha.chilitech.net (smtp1-ha.chilitech.net
[63.174.244.3]) and that the message should have passed. There's no reason
for 198.69.197.61 or the PTR to even come into it.
Scott Kitterman
undeliverable to gemabooks(_at_)ncx(_dot_)com
Server response to MAIL FROM:
587 pioneer(_at_)chilitech(_dot_)net sender domain does not match SPF records
Original message follows.
Received: from eg1.dns77.com [209.115.132.2] by imail1.dns77.com with
ESMTP
(SMTPD32-8.12) id A342136900F0; Tue, 09 Nov 2004 15:22:58 -0700
X-ASG-Debug-ID: 1100038887-21246-341-0
X-Barracuda-URL: http://209.115.132.2:1927/cgi-bin/mark.cgi
Received: from smtp1-ha.chilitech.net (smtp1-ha.chilitech.net
[63.174.244.3])
by eg1.dns77.com (Spam Firewall) with ESMTP id EB7C5D0CFE94
for <hofr(_at_)gemabooks(_dot_)com>; Tue, 9 Nov 2004 15:21:27 -0700 (MST)
Received: (qmail 31598 invoked by uid 11193); 9 Nov 2004 22:21:20 -0000
Received: from pioneer(_at_)chilitech(_dot_)net by smtp1-ha.chilitech.net by uid
502
with qmail-scanner-1.20
(clamuko: 0.75.1. spamassassin: 2.64. Clear:RC:1(198.69.197.61):.
Processed in 0.279358 secs); 09 Nov 2004 22:21:20 -0000
Received: from unknown (HELO thepurplebeast) ([198.69.197.61])
(envelope-sender <pioneer(_at_)chilitech(_dot_)net>)
by 0 (qmail-ldap-1.03) with SMTP
for <hofr(_at_)gemabooks(_dot_)com>; 9 Nov 2004 22:21:20 -0000
Message-ID: <001001c4c6aa$1eb47760$3dc545c6(_at_)thepurplebeast>
From: "kerry detrick" <pioneer(_at_)chilitech(_dot_)net>
To: <hofr(_at_)gemabooks(_dot_)com>
X-ASG-Orig-Subj: none
Subject: none
Date: Tue, 9 Nov 2004 17:18:59 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000D_01C4C680.33A3C1A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Virus-Scanned: by Barracuda Spam Firewall at dns77.com
X-Barracuda-Spam-Score: 0.06
X-Barracuda-Spam-Status: No, SCORE=0.06 using global scores of
TAG_LEVEL=4.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=8.0 tests=HTML_30_40,
HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 2.64, rules version 2.1.504 Rule
breakdown below pts rule name description
---- ---------------------- -------------------------------------------
0.06 HTML_30_40 BODY: Message is 30% to 40% HTML
0.00 HTML_MESSAGE BODY: HTML included in message
This is a multi-part message in MIME format.
[message truncated]