I think we're wandering into the reasons why SPF discussions are usually off-limits on this mailinglist, again.
For further assistance with setting up SPF, and debugging the quirks you'll run into, use the support resources dedicated to the topic, such as the ones listed on the OpenSPF website; http://www.openspf.org/Support -- On 09 Jun 2015, at 06:51, Sebastian Nielsen <sebast...@sebbe.eu> wrote: > I have noticed these failures very often too. > Its a common misconfiguration of servers, when they configure a mail server > to forward right off, instead of encasing the mail in a new > message/rfc822-container that most mail clients do when forwarding. Lazy > server operators. > > Many lazy mail servers, do forward the mail straight off. When a mail SHOULD > be forwarded like this: > > A mail to for example: > From: some...@example.org > To: i...@centesimusannus.org > Subject: Hi there! > Content-Type: text/plain > > Nice mail! > > should be forwarded as: > > From: i...@centesimusannus.org > To: centan...@foundation.va > Subject: Fwd: Hi there! > Content-Type: message/rfc822; boundary="blabla"; > > --blabla > From: some...@example.org > To: i...@centesimusannus.org > Subject: Hi there! > Content-Type: text/plain > > Nice mail! > --blabla-- > > > When a mail is correctly forwarded using a message/rfc822-container, the SPF > will be validated against the outer container, when a mail server performs > strict SPF validation, thus the forwarding server will certify to > foundation.va that it did authenticate its source. > Thus the foundation.va will validate against centesimusannus.org instead of > example.org, while centesimusannus.org will validate against example.org > > Also, its pretty obvious that the forwaring server centesimusannus.org should > NOT use a MAIL FROM of "some...@example.org" when talking to foundation.va. > Would suggest talking to the host of centesimusannus.org (which is apparently > hosted at register.it - server: mail.register.it, according to the MX > records) so I would suggest talking to postmas...@register.it > They have a misconfigured server that forwards mail in a incorrect way. > > -----Ursprungligt meddelande----- From: DTNX Postmaster > Sent: Tuesday, June 09, 2015 6:38 AM > To: Postfix users > Subject: Re: what is the reason for THIS spf failure? > > On 08 Jun 2015, at 20:14, M. Fioretti <mfiore...@nexaima.net> wrote: > >> On 2015-06-08 20:06, M. Fioretti wrote: >>> On 2015-06-08 17:46, DTNX Postmaster wrote: >>>> Have you followed the link in the error message, and read the >>>> explanation? >>> Of course I have. But, with all respect, it have to ask if YOU read my >>> email. >> >> As confirmation of my earlier answer, please note the Received: and >> Receive-SPF headers of the >> rejected message, which do NOT report 81.88.62.172 as source, or spf >> failures... So THEY >> acknowledge I emailed from 213.179.193.33, THEY say SPF-pass, then THEY >> reject because of spf failure??? >> Can I be confused, or what? > > It's quite simple, really. Your mail is being sent via '81.88.62.172'. > Probably as part of a forward from 'i...@centesimusannus.org' to > 'centan...@foundation.va', which is not hosted at the same ISP. > > Therefore, from the perspective of the recipient, your mail is originating > from '81.88.62.172', which isn't included in your SPF record. Your SPF record > dictates that it should be rejected, so they do. > > That's what the error message tells you. > > Mvg, > Joni > > -- > >>>>> The error returned from the remote server is/was: >>>>> 5.7.1 <centan...@foundation.va>: Recipient address rejected: Message >>>>> rejected due to: SPF fail - not authorized. Please see >>>>> http://www.openspf.net/Why?s=mfrom;id=mfiore...@nexaima.net;ip=81.88.62.172;r=centan...@foundation.va >>>>> Message internal id: dqBd1q00R3djv2h01qC4Eb >>>>> The original message is attached below. >>>>> Received: from a.mx.nexaima.net ([213.179.193.33]) >>>>> by scott01.register.it with >>>>> id dqC41q00A0jhxPZ01qC47F; Mon, 08 Jun 2015 16:12:04 +0200 >>>>> X-Rid-domain: i...@centesimusannus.org >>>>> X-Rid-platform: FORWARDLNX >>>>> Received-SPF]: pass >>>>> Received: from nexaima.net (localhost [127.0.0.1]) >>>>> by a.mx.nexaima.net (Postfix) with ESMTP id DD722A4F7EB >>>>> for <i...@centesimusannus.org>; Mon, 8 Jun 2015 17:11:43 +0200 (CEST) >>>>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexaima.net; >>>>> s=nexai; t=1433776303; >>>>> bh=wXnfnlWku4ssPebyWVwlF5zXWqVoALruGiZJbYoBgr4=; >>>>> h=Date:From:To:Subject:Reply-To; >>>>> b=QfkwL5IyvqSv7m4LR1AP7331GJwJTxHohn+uZp4PZtkK2OULNq/aFhOjEYPQFI7NR >>>>> TaaCAIud8kLgJTuf4626dcgKmGTO+fvtaExyDBkhSg2izJxLrKrsHYKnC2dc+ntrna >>>>> nNpjBRDNrhr/SRu+PDSp4jVIe47dNT3SEKH3MbtpjVG4RTSS59OBOMFlShe/dSw3+S >>>>> Ihzx7kueNDIL15ciikal8IMvRmM++8+LAherAHJ1gH5pP9OITiA3Ww9/TfK3Vmyevg >>>>> fLYJDZdhdgUedba53+2g1XZ3Y6R6aONuNvNyEKkSHBp55vliajqVis+McP+RqEvURN >>>>> 7f0ZayA0pVeNQ== >>>>> MIME-Version: 1.0 >>>>> Content-Type: text/plain; charset=UTF-8; >>>>> format=flowed >>>>> Content-Transfer-Encoding: 8bit >>>>> Date: Mon, 08 Jun 2015 17:11:43 +0200 >>>>> From: "M. Fioretti" <mfiore...@nexaima.net> >>>>> To: i...@centesimusannus.org >>>>> Subject: xxxxxxxxxx >>>>> Reply-To: mfiore...@nexaima.net >>>>> Mail-Reply-To: mfiore...@nexaima.net >>>>> Message-ID: <1753c558a9103f6e21a298f6a24d0...@nexaima.net> >>>>> X-Sender: mfiore...@nexaima.net >>>>> User-Agent: Roundcube Webmail/1.0.2 >> >> -- >> http://mfioretti.com >
