You've specified your policy as "neutral" in your SPF record with "?all".
Try "-all", or "+all" if you're not ready to put some meat on your SPF plate. -- Chris Faehl Hosting Engineering Systems Manager, RightNow Technologies -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of fakessh Sent: Monday, August 24, 2009 10:32 AM To: Bind users; Bind users Subject: I have a question concerning the spf I use bind, and I have a configuration that seems normal to me on my server Here fakessh.eu. IN MX 10 fakessh.eu. fakessh.eu. IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" problem is when I'm trying to configure my mail server via check-a...@verifier.port25.com and check-au...@verifier.port25.com spf field is marked as neutral, also follows senderid as neutral how to have the SPF OK, knowing that neutral is not really an answer I have enclosed a return from this location check-au...@verifier.port25.com This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <verifier-feedb...@port25.com>. Thank you for using the verifier, The Port25 Solutions, Inc. team ========================================================== Summary of Results ========================================================== SPF check: neutral DomainKeys check: pass DKIM check: pass Sender-ID check: neutral SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: r13151.ovh.net Source IP: 94.23.60.214 mail-from: fake...@fakessh.eu ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: neutral (SPF-Result: Neutral) ID(s) verified: smtp.mail=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: pass ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: fake...@fakessh.eu) ID(s) verified: header.d=fakessh.eu Canonicalized Headers: From:'20'"fake...@fakessh.eu"'20'<fake...@fakessh.eu>'0D''0A' To:'20'check-a...@verifier.port25.com,'0D''0A' '20'check-au...@verifier.port25.com'0D''0A' Date:'20'Mon,'20'24'20'Aug'20'2009'20'18:17:05'20'+0200'0D''0A' MIME-Version:'20'1.0'0D''0A' Content-Type:'20'text/plain;'0D''0A' '20''20'charset="us-ascii"'0D''0A' Content-Transfer-Encoding:'20'7bit'0D''0A' Message-Id:'20'<200908241817.06403.fake...@fakessh.eu>'0D''0A' DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple;'20'd=fakessh.eu;'20'h=from:to:date'0D''0A' '09':mime-version:content-type:content-transfer-encoding:message-id;'0D''0A' '09''20's=mail;'20'bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;'20'b= Canonicalized Body: '0D''0A' DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: neutral (SPF-Result: Neutral) ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 ---------------------------------------------------------- SpamAssassin check details: ---------------------------------------------------------- SpamAssassin v3.2.5 (2008-06-10) Result: ham (2.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO 1.8 MISSING_SUBJECT Missing Subject: header 1.4 EMPTY_MESSAGE Message appears to have no textual parts and no Subject: text -0.8 AWL AWL: From: address is in the auto white-list ========================================================== Explanation of the possible results (adapted from draft-kucherawy-sender-auth-header-04.txt): ========================================================== "pass" the message passed the authentication test. "fail" the message failed the authentication test. "softfail" the message failed the authentication test, and the authentication method has either an explicit or implicit policy which doesn't require successful authentication of all messages from that domain. "neutral" the authentication method completed without errors, but was unable to reach either a positive or a negative result about the message. "temperror" a temporary (recoverable) error occurred attempting to authenticate the sender; either the process couldn't be completed locally, or there was a temporary failure retrieving data required for the authentication. A later retry may produce a more final result. "permerror" a permanent (unrecoverable) error occurred attempting to authenticate the sender; either the process couldn't be completed locally, or there was a permanent failure retrieving data required for the authentication. ========================================================== Original Email ========================================================== Return-Path: <fake...@fakessh.eu> Received: from r13151.ovh.net (94.23.60.214) by verifier.port25.com (PowerMTA(TM) v3.6a1) id hiatp40hse82 for <check-a...@verifier.port25.com>; Mon, 24 Aug 2009 12:10:50 -0400 (envelope-from <fake...@fakessh.eu>) Authentication-Results: verifier.port25.com smtp.mail=fake...@fakessh.eu; mfrom=neutral (SPF-Result: Neutral); Authentication-Results: verifier.port25.com header.from=fake...@fakessh.eu; domainkeys=pass; Authentication-Results: verifier.port25.com header.d=fakessh.eu; dkim=pass (matches From: fake...@fakessh.eu); Authentication-Results: verifier.port25.com header.from=fake...@fakessh.eu; pra=neutral (SPF-Result: Neutral); Received: from localhost (localhost.localdomain [127.0.0.1]) by r13151.ovh.net (Postfix) with ESMTP id 0F93D9972; Mon, 24 Aug 2009 18:17:34 +0200 (CEST) X-Virus-Scanned: amavisd-new at r13151.ovh.net Received: from r13151.ovh.net ([127.0.0.1]) by localhost (r13151.ovh.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GHwyD7PGOlaP; Mon, 24 Aug 2009 18:17:33 +0200 (CEST) Received: from r13151.ovh.net (localhost.localdomain [127.0.0.1]) by r13151.ovh.net (Postfix) with ESMTP id 0A89B1825D; Mon, 24 Aug 2009 18:17:33 +0200 (CEST) Authentication-Results: r13151.ovh.net; sender-id=neutral header.from=fake...@fakessh.eu; spf=neutral smtp.mfrom=fake...@fakessh.eu DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=fakessh.eu; h=from:to:date :mime-version:content-type:content-transfer-encoding:message-id; s=mail; bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=; b=A9vyWnRnZqLhwe0rp+a4 QTYXHHjwALuLRS0lMddk9TJsE0QRO2QaTV/fS162hnEIt571OsSshPE5aUCHNPvu E724T5qLnghIdt/JMmXdy/jVd/kl+wnXAAxvlecGEMXrl2YmyFgTzgMy0W5BirqQ q2DB0shhXBPv9Fz8S9boxQc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=fakessh.eu; h=from:to:date :mime-version:content-type:content-transfer-encoding:message-id; q=dns; s=mail; b=lqmEzfU8bkaBQJGlbgUw/IpFE3U1hZoirFnEXXKJhBjmED w9fFq1swTkvZ7mxeOjteajJk+85o04mOGqdQv9Ae6NrVvKmOsGmnZgvmjtM5MxFQ Qc7bvznxxYXJbfLuFUeoD10Gqq317UXzCYQ6h5cwSODa1GwMNeelNkRRf3FfA= Received: from your-ab6cd29f8e (ABayonne-257-1-80-29.w92-136.abo.wanadoo.fr [92.136.247.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: fake...@r13151.ovh.net) by r13151.ovh.net (Postfix) with ESMTPSA id 966BD9972; Mon, 24 Aug 2009 18:17:32 +0200 (CEST) Authentication-Results: r13151.ovh.net; sender-id=neutral header.from=fake...@fakessh.eu; auth=pass (LOGIN); spf=neutral smtp.mfrom=fake...@fakessh.eu From: "fake...@fakessh.eu" <fake...@fakessh.eu> To: check-a...@verifier.port25.com, check-au...@verifier.port25.com Date: Mon, 24 Aug 2009 18:17:05 +0200 User-Agent: KMail/1.9.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200908241817.06403.fake...@fakessh.eu> _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
