17 Jul 18:57
RE: Problem with postfix-policyd-spf-perl
From: Scott Kitterman <scott <at> kitterman.com>
Subject: RE: Problem with postfix-policyd-spf-perl
Newsgroups: gmane.mail.spam.spf.help
Date: 2008-07-17 16:57:18 GMT
Subject: RE: Problem with postfix-policyd-spf-perl
Newsgroups: gmane.mail.spam.spf.help
Date: 2008-07-17 16:57:18 GMT
On Thu, 17 Jul 2008 11:48:21 -0500 "Steve Yates" <steve <at> teamITS.com> wrote: >Paul Hutchings wrote on 7/17/2008 11:41:20 AM: > >> Where I'm struggling is that in this case the email is coming from an >> @tiscali.co.uk address, and the SPF record for tiscali.co.uk seems to >> specify a bunch of /24's of which the MTA that caused the problem (one >> of several) seems to be in? > > What John pointed out is that the sending mail server is >apparently telling the world that it's name is >"mk-filter-3-a-4.mail.uk.tiscali.com." The SPF record for >"mk-filter-3-a-4.mail.uk.tiscali.com" is telling the world that it's IP >is 212.74.100.42, but the message is coming from a different IP, >212.74.100.54. It is the SPF record for >mk-filter-3-a-4.mail.uk.tiscali.com that is causing the failure, not the >record for tiscali.co.uk. Therefore the fail result is correct. > >---------- >> Jul 17 10:18:11 scott-laptop policyd-spf[18084]: Temperror; >identity=helo; >> client-ip=212.74.100.54; helo=mk-filter-3-a-4.mail.uk.tiscali.com; >> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk >> Jul 17 10:18:42 scott-laptop policyd-spf[18084]: Temperror; >> identity=mailfrom; client-ip=212.74.100.54; >> helo=mk-filter-3-a-4.mail.uk.tiscali.com; >> envelope-from=test <at> tiscali.co.uk; receiver=test <at> mira.co.uk >> >> I do get the reject from the Perl one, but I'm not sure why. It will >> defer on Temperror, not reject. > >the SPF record for mk-filter-3-a-4.mail.uk.tiscali.com is "v=spf1 a >-all" >the A record for mk-filter-3-a-4.mail.uk.tiscali.com is 212.74.100.42 >You are receiving mail from 212.74.100.54 >SPF seems to working correctly! >---------- I took a quick look at the logs when I was testing earlier and the Python policy server was registering Temperror for both Mail From and HELO, while the Perl one, correctly, rejected due to HELO Fail. 1. Tiscali's HELO record for that server is wrong and it'd be good if someone would tell them. 2. I need to figure out why the Python DNS library couldn't get a response. Thanks, Scott K
RSS Feed