3 Jun 09:55
Re: Newbie-esque SPF deployment questions
From: Jeremy Chadwick <spf <at> jdc.parodius.com>
Subject: Re: Newbie-esque SPF deployment questions
Newsgroups: gmane.mail.spam.spf.help
Date: 2005-06-03 07:55:37 GMT
Subject: Re: Newbie-esque SPF deployment questions
Newsgroups: gmane.mail.spam.spf.help
Date: 2005-06-03 07:55:37 GMT
On Thu, Jun 02, 2005 at 11:38:54PM -0500, Steve Yates wrote: > > >> 0.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) > > >> [SPF failed: Please see http://spf.pobox.com/why.html?sender=username%40parodius.com&ip=65.95.32.147&receiver=pentarou.parodius.com] > > > > This confuses me greatly, as pentarou.parodius.com == 64.62.145.226, > > which has nothing to do with our SMTP setup. > > Did you go to that URL? Yes, and the content made no sense; pentarou.parodius.com has nothing to do with our SMTP setup. > "pentarou.parodius.com rejected a message claiming to be from username <at> parodius.com. > > pentarou.parodius.com saw a message coming from the IP address 65.95.32.147 which is Toronto-HSE-ppp3714352.sympatico.ca; the sender claimed to be username <at> parodius.com" > > It looks like the sending server attempted delivery to your .226 > address. Which is incorrect, since sendmail isn't bound to .226: bash-2.03$ telnet pentarou.parodius.com smtp Trying 64.62.145.226... ^C bash-2.03$ telnet pentarou.parodius.com 587 Trying 64.62.145.226... ^C bash-2.03$ telnet mx1.parodius.com smtp Trying 64.62.145.229... Connected to mx1.parodius.com. Escape character is '^]'. 220 mx1.parodius.com ESMTP Sendmail 8.13.3/8.13.3; Fri, 3 Jun 2005 00:53:28 -0700 (PDT) {...} bash-2.03$ telnet mx1.parodius.com 587 Trying 64.62.145.229... Connected to mx1.parodius.com. Escape character is '^]'. 220 mx1.parodius.com ESMTP Sendmail 8.13.3/8.13.3; Fri, 3 Jun 2005 00:53:31 -0700 (PDT) {...} Instead, I think SpamAssassin is using gethostname() blindly, since the actual machine name (i.e. result from `hostname`) is pentarou.parodius.com. I'm going to try binding spamd+spamc to mx1.parodius.com (and apply appropriate IP filters) to see if that solves the problem. Otherwise, this looks to be a fairly large oversight when it comes to machines which use IP aliases for individual services... -- -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. |
RSS Feed