-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gino Cerullo wrote: > On 1-Sep-06, at 7:18 AM, decoder wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello, >> >> today I saw a strange SPF bug occuring. The original mail header was: >> >> Return-Path: <[EMAIL PROTECTED]> >> Received: from mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200]) >> by wjpserver.cs.uni-sb.de (8.12.11.20060308/8.12.11) with ESMTP id >> k7T8rU6P012050; >> Tue, 29 Aug 2006 10:53:30 +0200 >> Received: from mail-eur1.microsoft.com (mail-eur1.microsoft.com >> [213.199.128.139]) >> by mail.cs.uni-sb.de (8.13.8/2006081400) with ESMTP id >> k7T8rT98004989; >> Tue, 29 Aug 2006 10:53:29 +0200 (CEST) >> Received: from xxxxx.europe.corp.microsoft.com ([65.53.193.xxx]) by >> mail-eur1.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); >> Tue, 29 Aug 2006 09:53:29 +0100 >> >> (Some unrelated privacy details replaced with xxx). >> >> Now what SPF should do is (as far as I understood): >> >> - - Get the mail server that sent this (mail-eur1.microsoft.com) >> - - Check that its IP is in the allowed SPF record of microsoft.com >> >> This check passes as you can see here: >> http://www.dnsstuff.com/tools/spf.ch?server=microsoft.com&ip=213.199.128.139 >> >> >> Now SpamAssassin did something else, it took mail.cs.uni-sb.de as the >> mailserver that sent, and tried to match it against microsoft.com's >> SPF records which produced a SOFTFAIL: >> >> 1.4 SPF_SOFTFAIL Sending host does not match SPF-record >> (softfail) >> [SPF failed: Please see >> http://www.openspf.org/why.html?sender=xxx%40microsoft.com&ip=134.96.254.200&receiver=This%20account%20is%20currently%20not%20available] >> >> 2.4 SPF_HELO_SOFTFAIL HELO-Name does not match SPF-record >> (softfail) >> [SPF failed: Please see >> http://www.openspf.org/why.html?sender=xxx%40microsoft.com&ip=134.96.254.200&receiver=This%20account%20is%20currently%20not%20available] >> >> >> Can someone explain me this failure? > > Spamassassin gave the correct result. It compared the IP address of > the last received server mail.cs.uni-sb.de (mail.cs.uni-sb.de > [134.96.254.200]) against the SPF record for Microsoft and did not > see a match. Result SOFTFAIL > > Why do you think it should compare to mail-eur1.microsoft.com > (mail-eur1.microsoft.com [213.199.128.139]). > > SPF compares the IP address of the last server to handle the message > before it was handed off to a server on your receiving end. If the > message was sent to someone who is using forwarding and forwarded > through mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200]) then > this would explain the SOFTFAIL. Forwarding breaks SPF. This is no real forwarding, but all mail for us gets received by that server first, and this server passes it to us. This is a common structure for a bigger mail setup. The trusted_networks option solved my problems, but it should definetly be included in the wiki somewhere. Maybe we should add a note about trusted_networks being important for SPF in the install manual where SPF installation is explained
Chris > > > -- > Gino Cerullo > > Pixel Point Studios > 21 Chesham Drive > Toronto, ON M3M 1W6 > > 416-247-7740 > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE+C2ZJQIKXnJyDxURAp3eAJ9qvVbNz2OaPygoLghms+3KiPc1SQCgpCpD splrSRz31hg6UjCgJPWVKhY= =Sb9E -----END PGP SIGNATURE-----
