3 Jun 12:27
Re: Newbie-esque SPF deployment questions
From: Alex van den Bogaerdt <alex <at> ergens.op.het.net>
Subject: Re: Newbie-esque SPF deployment questions
Newsgroups: gmane.mail.spam.spf.help
Date: 2005-06-03 10:27:48 GMT
Subject: Re: Newbie-esque SPF deployment questions
Newsgroups: gmane.mail.spam.spf.help
Date: 2005-06-03 10:27:48 GMT
On Thu, Jun 02, 2005 at 08:23:10PM -0700, Jeremy Chadwick wrote: > > If the user is submitting the message, don't run it through SPF (or > > make sure he's allowed, whitelisted, whatever). > > > > If the SpamAssassin is called on the receiving end, the user is > > delivering the message directly from home in stead of via your > > infrastructure. > > > > user -> your infra (incl. SA+SPF) -> remote user (incl. himself) > > user -> your infra (no filter) -> remote user (himself, via SA+SPF) > > > > Maybe you can find out which of these two possibilities is the case. > > Hmm, I'm slightly confused by your later comments, but here's how the > pathing works for what I call "outgoing" mail: > > 1. End-user (65.95.32.147) sends mail using mail client. Client is > configured to use mx1.parodius.com:587 as their SMTP server. > Client is sending mail to foobar <at> someplace.com. > 2. mx1.parodius.com:587 receives connection from 65.95.32.147. This > IP is in the sendmail access_db list, and is permitted to do > relaying (i.e. send mail through us). > 3. mx1.parodius.com accepts the message. > 4. mx1.parodius.com does standard lookups (MX record, A record) on > someplace.com, and attempts to deliver the message to > foobar <at> someplace.com. But before doing this, is it perhaps using SA+SPF ? This would be wrong, as the end user at 65.95.32.147 is not allowed to use the domain in mail from. At this point, you cannot use SPF in your setup yet it looks as if you may be doing it. This would explain the score. > I'm still confused as to why SPF is claiming SOFTFAIL for the scenario > of when the user is sending mail to himself. Because the mail is coming from an unauthorized host. Don't challenge the statement this SPF checker made. Consider it to be true and look for the mistake either in your infrastructure or in your line of reasoning. Remember: computers don't do what you want. They do what you ask them to do which may be something different from what you want. Alex
RSS Feed