spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: SPF Implementation issues

2007-12-06 14:18:31
One of the sites is godaddy's hosting service:

I get the following interaction:

nc 64.202.166.12 25
220 pre-smtp31-01.prod.mesa1.secureserver.net ESMTP
help
214-qmail home page: http://pobox.com/~djb/qmail.html
214 qmail-ldap patch home page: http://www.nrg4u.com
MAIL FROM: <philip(_at_)gladstonefamily(_dot_)net>
554 refused mailfrom because of SPF policy
quit
221 pre-smtp31-01.prod.mesa1.secureserver.net Goodbye.

This implies it must be some sort of SPF patch into qmail. The actual
record that it tries to lookup is:

140.177.205.131.hilip.user.spf.gladstonefamily.net

The other site is

 nc 212.53.64.82 25
220 coumta55.netbenefit.co.uk ESMTP ready at Thu, 06 Dec 2007 21:05:30 +0000
HELP
214-Commands supported:
214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
MAIL FROM: <philip(_at_)gladstonefamily(_dot_)net>
250 OK
RCPT TO: <test(_at_)easily(_dot_)co(_dot_)uk>
451 140.177.205.131 - You have been greylisted, please try later
quit
221 coumta55.netbenefit.co.uk closing connection

Unfortunately, I have now been caught by some greylisting process.
However, the original error message was

212.53.64.82 does not like recipient.
Remote host said: 550 "Mail from gladstonefamily.net is denied from host
140.177.205.131 SPF"

I.e. these two systems are two different MTAs (as far as I can tell). I
just tried again and the greylisting timeout let me in, and that system
does not appear to be doing SPF checks at all.

Philip

Julian Mehnle wrote:
Philip Gladstone wrote:
Can I get a test case added to the SPF test suite that deals with the
problematic situation in my SPF record.

In particular I have the following piece:

     -exists:%{i}.%{l1r-}.user.%{d}

In practice the %{l1r-} causes problems for some implementations -- I
can see from my DNS logs that they map a local part of 'philip' into
'hilip'. This is wrong.  [This piece of SPF is actually quite effective
at eliminating spammers who guess incorrect userids in my domain]

This bug exists at at least two distinct sites (both of which are mail
forwarding sites handling personal domains) so I suspect that there is
a common implementation with this as a defect.

We can add a test case to the test suite easily, however trying to 
identify the MTA software running on those broken sites may of more 
immediate use.  Maybe we can guess the SPF implementations used by them 
and try to get them fixed directly?

What MTAs are they running?  Does their SMTP signature (e.g. the welcome 
message) give any hints?

Julian.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?&;
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=73326015-82a612
Powered by Listbox: http://www.listbox.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature