I have noticed these failures very often too.Its a common misconfiguration of servers, when they configure a mail server to forward right off, instead of encasing the mail in a new message/rfc822-container that most mail clients do when forwarding. Lazy server operators.
Many lazy mail servers, do forward the mail straight off. When a mail SHOULD be forwarded like this:
A mail to for example: From: some...@example.org To: i...@centesimusannus.org Subject: Hi there! Content-Type: text/plain Nice mail! should be forwarded as: From: i...@centesimusannus.org To: centan...@foundation.va Subject: Fwd: Hi there! Content-Type: message/rfc822; boundary="blabla"; --blabla From: some...@example.org To: i...@centesimusannus.org Subject: Hi there! Content-Type: text/plain Nice mail! --blabla--When a mail is correctly forwarded using a message/rfc822-container, the SPF will be validated against the outer container, when a mail server performs strict SPF validation, thus the forwarding server will certify to foundation.va that it did authenticate its source. Thus the foundation.va will validate against centesimusannus.org instead of example.org, while centesimusannus.org will validate against example.org
Also, its pretty obvious that the forwaring server centesimusannus.org should NOT use a MAIL FROM of "some...@example.org" when talking to foundation.va. Would suggest talking to the host of centesimusannus.org (which is apparently hosted at register.it - server: mail.register.it, according to the MX records) so I would suggest talking to postmas...@register.it
They have a misconfigured server that forwards mail in a incorrect way.-----Ursprungligt meddelande----- From: DTNX Postmaster
Sent: Tuesday, June 09, 2015 6:38 AM To: Postfix users Subject: Re: what is the reason for THIS spf failure? On 08 Jun 2015, at 20:14, M. Fioretti <mfiore...@nexaima.net> wrote:
On 2015-06-08 20:06, M. Fioretti wrote:On 2015-06-08 17:46, DTNX Postmaster wrote:Of course I have. But, with all respect, it have to ask if YOU read my email.Have you followed the link in the error message, and read the explanation?As confirmation of my earlier answer, please note the Received: and Receive-SPF headers of the rejected message, which do NOT report 81.88.62.172 as source, or spf failures... So THEY acknowledge I emailed from 213.179.193.33, THEY say SPF-pass, then THEY reject because of spf failure???Can I be confused, or what?
It's quite simple, really. Your mail is being sent via '81.88.62.172'. Probably as part of a forward from 'i...@centesimusannus.org' to 'centan...@foundation.va', which is not hosted at the same ISP.
Therefore, from the perspective of the recipient, your mail is originating from '81.88.62.172', which isn't included in your SPF record. Your SPF record dictates that it should be rejected, so they do.
That's what the error message tells you. Mvg, Joni --
The error returned from the remote server is/was:5.7.1 <centan...@foundation.va>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=mfiore...@nexaima.net;ip=81.88.62.172;r=centan...@foundation.vaMessage internal id: dqBd1q00R3djv2h01qC4Eb The original message is attached below. Received: from a.mx.nexaima.net ([213.179.193.33]) by scott01.register.it with id dqC41q00A0jhxPZ01qC47F; Mon, 08 Jun 2015 16:12:04 +0200 X-Rid-domain: i...@centesimusannus.org X-Rid-platform: FORWARDLNX Received-SPF]: pass Received: from nexaima.net (localhost [127.0.0.1]) by a.mx.nexaima.net (Postfix) with ESMTP id DD722A4F7EB for <i...@centesimusannus.org>; Mon, 8 Jun 2015 17:11:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexaima.net; s=nexai; t=1433776303; bh=wXnfnlWku4ssPebyWVwlF5zXWqVoALruGiZJbYoBgr4=; h=Date:From:To:Subject:Reply-To; b=QfkwL5IyvqSv7m4LR1AP7331GJwJTxHohn+uZp4PZtkK2OULNq/aFhOjEYPQFI7NR TaaCAIud8kLgJTuf4626dcgKmGTO+fvtaExyDBkhSg2izJxLrKrsHYKnC2dc+ntrna nNpjBRDNrhr/SRu+PDSp4jVIe47dNT3SEKH3MbtpjVG4RTSS59OBOMFlShe/dSw3+S Ihzx7kueNDIL15ciikal8IMvRmM++8+LAherAHJ1gH5pP9OITiA3Ww9/TfK3Vmyevg fLYJDZdhdgUedba53+2g1XZ3Y6R6aONuNvNyEKkSHBp55vliajqVis+McP+RqEvURN 7f0ZayA0pVeNQ== MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Mon, 08 Jun 2015 17:11:43 +0200 From: "M. Fioretti" <mfiore...@nexaima.net> To: i...@centesimusannus.org Subject: xxxxxxxxxx Reply-To: mfiore...@nexaima.net Mail-Reply-To: mfiore...@nexaima.net Message-ID: <1753c558a9103f6e21a298f6a24d0...@nexaima.net> X-Sender: mfiore...@nexaima.net User-Agent: Roundcube Webmail/1.0.2-- http://mfioretti.com
smime.p7s
Description: S/MIME Cryptographic Signature
