Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

problem sending to some hosts

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


spf at subtropolix

Aug 10, 2007, 7:40 AM

Post #1 of 7 (1997 views)
Permalink
problem sending to some hosts
I've just received mail bounces from two seperate servers. Each message
cites an IP address held by my ISP (sympatico.ca) that is acting as my
outgoing server. I've sent a mail to their postmaster but have heard
nothing back except their autoresponder. I was wondering if anyone here
could take a look at these. Perhaps someone here might recognise what
the problem might be (so i could, in turn, pass it on to them). I'm
wondering how i can use the information in the bounces to further
explore this problem.

The first:

--snip--
This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.

Recipient: <users-subscribe [at] spamassassin>
Reason: SPF forgery: Please see
http://www.openspf.org/why.html?sender=spamassassin%40subtropolix.org&ip=209.226.175.25&receiver=athena.apache.org
--snip--

and the other was this most friendly reply:

--snip--
There are one or more problems with your e-mail server that cause it
to be classified as not well-behaved. Most users at the University of
Minnesota elect to block mail from e-mail servers that are not
well-behaved. To fix the problem server-wide, send this link to your
e-mail or network administrator:

https://www.umn.edu/dirtools/blockcheck?host=209.226.175.93

This will display all the problems associated with the server, as well
as what needs to be done to remedy them.

Thank you!
--snip--

Their blockcheck tool gives two warnings for that IP:

Insecure Server - Blocked - Server is an open relay or proxy, or has
been detected as being infected with a mail virus or trojan.

and

DNS - Warning - Address has multiple PTR records (Okay).

I realise that this one isn't necessarily to do with SPF but i'm
thinking that this is somehow related. Anyone have any thoughts?

brian

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30680998-39c672
Powered by Listbox: http://www.listbox.com


scott at kitterman

Aug 10, 2007, 8:02 AM

Post #2 of 7 (1948 views)
Permalink
Re: problem sending to some hosts [In reply to]
On Friday 10 August 2007 10:40, brian wrote:
> I've just received mail bounces from two seperate servers. Each message
> cites an IP address held by my ISP (sympatico.ca) that is acting as my
> outgoing server. I've sent a mail to their postmaster but have heard
> nothing back except their autoresponder. I was wondering if anyone here
> could take a look at these. Perhaps someone here might recognise what
> the problem might be (so i could, in turn, pass it on to them). I'm
> wondering how i can use the information in the bounces to further
> explore this problem.
>
> The first:
>
> --snip--
> This Message was undeliverable due to the following reason:
>
> Each of the following recipients was rejected by a remote mail server.
> The reasons given by the server are included to help you determine why
> each recipient was rejected.
>
> Recipient: <users-subscribe [at] spamassassin>
> Reason: SPF forgery: Please see
> http://www.openspf.org/why.html?sender=spamassassin%40subtropolix.org&ip=20
>9.226.175.25&receiver=athena.apache.org --snip--

This is correct. Your domain has an SPF record:

subtropolix.org. 43200 IN TXT "v=spf1
ip4:69.55.229.112 -all"

and the IP that they got the message from isn't in that record. To hazard a
guess, you are sending to a mail server external to your ISP on port 25 and
your ISP is doing transparent redirection to their own MTAs on that port or
you are sending through your ISP MTA because that's how your mail client is
set up.

> and the other was this most friendly reply:
>
> --snip--
> There are one or more problems with your e-mail server that cause it
> to be classified as not well-behaved. Most users at the University of
> Minnesota elect to block mail from e-mail servers that are not
> well-behaved. To fix the problem server-wide, send this link to your
> e-mail or network administrator:
>
> https://www.umn.edu/dirtools/blockcheck?host=209.226.175.93
>
> This will display all the problems associated with the server, as well
> as what needs to be done to remedy them.
>
> Thank you!
> --snip--
>
> Their blockcheck tool gives two warnings for that IP:
>
> Insecure Server - Blocked - Server is an open relay or proxy, or has
> been detected as being infected with a mail virus or trojan.
>
> and
>
> DNS - Warning - Address has multiple PTR records (Okay).
>
> I realise that this one isn't necessarily to do with SPF but i'm
> thinking that this is somehow related. Anyone have any thoughts?

This is consistent with the above theory.

First, check you mail client to make sure you aren't set up to send through
your ISP sever.

Second, you need to send to your desired MTA via another port. Port 587 is
the one that's standardized although many Micsrosoft mail clients still have
to use SMTPS on port 465. Transparent redirects on these ports serve no
legitimate anti-spam purpose and (other than the Great Firewall) are
extremely rare. That should solve your problem.

Third, I'd complain. I think it's wrong for an ISP to arbitrarily reroute
traffic. In this case a more proper approach would, in my opinion, be to
block port 25 outbound entirely so that users would know they were sending
through the ISP mail server.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30684173-576d5f
Powered by Listbox: http://www.listbox.com


michael at breton

Aug 10, 2007, 8:13 AM

Post #3 of 7 (1947 views)
Permalink
Re: problem sending to some hosts [In reply to]
>----- Original Message -----
>From: brian To: spf-help [at] v2 Sent: Friday, August 10, 2007 10:40
>AM
>Subject: [spf-help] problem sending to some hosts
>
--snip--
>Recipient: <users-subscribe [at] spamassassin>
>Reason: SPF forgery: Please see
>http://www.openspf.org/why.html?sender=spamassassin%40subtropolix.org&ip=209.226.175.25&receiver=athena.apache.org
--snip--

Well, it appears that your SPF record looks like this:

v=spf1 ip4:69.55.229.112 -all

...and since that 209.226.175.25 address is not listed, the "-all" takes
effect.

Since you say that IP address belongs to your provider, I took a look at
their SPF record, and found this:

v=spf1 ip4:142.182.48.192/27 ip4:206.172.20.49 ip4:206.47.72.90
ip4:206.47.60.90 ip4:206.47.199.0/24 ip4:209.226.175.0/24 ip4:67.69.240.0/24
include:hotmail.com ?all

...because they have an SPF record, you could use the "include:" mechanism
to add it to your own SPF record. If you did that, your SPF record would
look like this:

v=spf1 ip4:69.55.229.112 include:sypatico.ca -all

Keep in mind that in using the Sympatico SPF record within your record, you
are allowing email sent from any Sympatico.ca server and all of the servers
that send hotmail.com emails to send using your domain name, and they would
receive an SPF pass.

Also, in using the sympatico.ca SPF record, keep in mind that there would be
quite a few queries for receiving mail servers to go through before they
would know your whole SPF record:

(1) query for your SPF record
(1) query for the sympatico.ca record
(1) query for the hotmail.com record
(4) queries for the (4) includes in the hotmail.com record

This is a total of (7) queries that receiving servers have to go through
each time they receive a message from your domain, at least when it comes
from an unauthorized location, like from a spammer. (Does the SPF
specification require full expansion of the record before processing, or
only as needed? I don't know)

Those 7 queries is well within the SPF specification, but it is just
something to think about.

Michael Breton

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30687134-6191a5
Powered by Listbox: http://www.listbox.com


wendy.honeycutt at sonicfog

Aug 10, 2007, 8:27 AM

Post #4 of 7 (1945 views)
Permalink
RE: problem sending to some hosts [In reply to]
> -----Original Message-----
> From: Scott Kitterman [mailto:scott [at] kitterman]
> Sent: Friday, August 10, 2007 11:02 AM
> To: spf-help [at] v2
> Subject: Re: [spf-help] problem sending to some hosts
>
> guess, you are sending to a mail server external to your ISP on port 25 and
> your ISP is doing transparent redirection to their own MTAs on that port or
> you are sending through your ISP MTA because that's how your mail client is
> set up.
>

> This is consistent with the above theory.
>
> First, check you mail client to make sure you aren't set up to send through
> your ISP sever.
>
> Second, you need to send to your desired MTA via another port. Port 587 is
> the one that's standardized although many Micsrosoft mail clients still have
> to use SMTPS on port 465. Transparent redirects on these ports serve no
> legitimate anti-spam purpose and (other than the Great Firewall) are
> extremely rare. That should solve your problem.
>
> Third, I'd complain. I think it's wrong for an ISP to arbitrarily reroute
> traffic. In this case a more proper approach would, in my opinion, be to
> block port 25 outbound entirely so that users would know they were sending
> through the ISP mail server.
>
> Scott K


On a side note to what Scott has just told you please be advised that your Sender ID
policy("v=spf2.0/pra ip4:69.55.229.112 ?all") is not in correct format and therefore serves no
useful purpose. This should be fixed or removed from your DNS zone.

See: http://www.openspf.org/SPF_vs_Sender_ID

Sincerely,
Wendy Honeycutt
SonicFog Inc.

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30692278-d6d570
Powered by Listbox: http://www.listbox.com


steve at teamITS

Aug 10, 2007, 9:15 AM

Post #5 of 7 (1944 views)
Permalink
RE: problem sending to some hosts [In reply to]
Michael Breton wrote on 8/10/2007 10:13:41 AM:

> ...because they have an SPF record, you could use the "include:"
mechanism
> to add it to your own SPF record. If you did that, your SPF record
would
> look like this:
>
> v=spf1 ip4:69.55.229.112 include:sypatico.ca -all
>
> Keep in mind that in using the Sympatico SPF record within your
record,
> you are allowing email sent from any Sympatico.ca server and all of
the
> servers that send hotmail.com emails to send using your domain name,
and
> they would receive an SPF pass.

One can alleviate this somewhat by adding a "?":

v=spf1 ip4:69.55.229.112 ?include:sypatico.ca -all

...which says to treat all those servers as Neutral ("?") not Pass or
Fail.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I tried to drown my troubles, but they can swim.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30721735-63c551
Powered by Listbox: http://www.listbox.com


spf at subtropolix

Aug 10, 2007, 10:08 AM

Post #6 of 7 (1929 views)
Permalink
Re: problem sending to some hosts [In reply to]
Thanks, everyone, for the quick responses. I guess my n00bness is
showing because i had completely the wrong idea about what was going
on. Or, i think i did.

Michael Breton wrote:
> ...because they have an SPF record, you could use the "include:"
> mechanism to add it to your own SPF record. If you did that, your
> SPF record would look like this:
>
> v=spf1 ip4:69.55.229.112 include:sypatico.ca -all
>
> Keep in mind that in using the Sympatico SPF record within your
> record, you are allowing email sent from any Sympatico.ca server and
> all of the servers that send hotmail.com emails to send using your
> domain name, and they would receive an SPF pass.

I am using sympatico's server for outgoing mail. So, i could remove the
problem entirely by using my own MTA as the outgoing server. I'd wanted
to avoid using it for outgoing but maybe it'd be best.

I had run into a similar problem a few months ago. I also host the
domain for a client and, after getting SPF records set up, we found that
it introduced another problem for them. The ISP for their office is
videotron.ca and when someone responded to a mail sent to their office
they received a bounce. I queried this list and came up with the
following solution for *their* SPF record:

quebec-elan.org IN TXT v=spf1 ip4:69.55.229.112
include:videotron.ca -all
quebec-elan.org IN TXT spf2.0/pra ip4:69.55.229.112
include:videotron.ca -all

That seemed to fix the problem. But, in light of the above, i'm
wondering if i've done something stupid.


Steve Yates wrote:
> One can alleviate this somewhat by adding a "?":
>
> v=spf1 ip4:69.55.229.112 ?include:sypatico.ca -all
>
> ...which says to treat all those servers as Neutral ("?") not Pass or
> Fail.

So, i'm wondering if i should change the one for quebec-elan.org to the
same format.

SonicFog wrote:
> On a side note to what Scott has just told you please be advised that
> your Sender ID policy("v=spf2.0/pra ip4:69.55.229.112 ?all") is not
> in correct format and therefore serves no useful purpose. This should
> be fixed or removed from your DNS zone.
>
> See: http://www.openspf.org/SPF_vs_Sender_ID

Ugh! Yeah, i've been on this carnival ride before. FWIW, Scott K. sent
this reply about SPF2.0 some time ago:

> If you bother with a SenderID record, publish spf2.0/pra. No one looks at the
> SPF2.0 mailfrom scope AFAIK. They can live side by side in separate TXT
> records.

Maybe i misunderstood, then. What would be the correct format?

My apologies if i seem thick. I'd be the first to admit i'm no mail
guru. My setup is simply for my domain plus the one client only. I've
been able to get Postfix & Cyrus IMAP up and running without acting as
an open relay and everything has been running quite smoothly. But this
SPF stuff has me vexed. I certainly like the concept but i still haven't
been able to grok it completely.

brian

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=30733979-a564a2
Powered by Listbox: http://www.listbox.com


steve at teamITS

Aug 12, 2007, 9:14 PM

Post #7 of 7 (1936 views)
Permalink
RE: problem sending to some hosts [In reply to]
brian wrote on 8/10/2007 12:08:18 PM:

> SonicFog wrote:
>> On a side note to what Scott has just told you please be advised that
>> your Sender ID policy("v=spf2.0/pra ip4:69.55.229.112 ?all") is not
>> in correct format and therefore serves no useful purpose. This
should
>> be fixed or removed from your DNS zone.

> Maybe i misunderstood, then. What would be the correct format?

I believe you need to remove the "v=" from the front.

- Steve Yates
- "I'll top the cake with sugar," she said icily.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31222842-0684d1
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.