prashanthd at cdac
May 26, 2009, 6:15 AM
Post #1 of 2
(1003 views)
Permalink
|
|
SPF softfail being reported as SPF none?
|
|
Hello all,
We are using smf-spf v 2.0.2 with libspf2-1.2.9 on our mailserver. While
going through the spf logs, I came across this entry:
May 25 15:36:16 mailsplitter smf-spf[13080]: SPF none: 86.150.6.51,
host86-150-6-51.range86-150.btcentralplus.com, bthomehub.home,
<euba [at] zurich>
This is the corresponding entry that I found in the maillog:
May 25 15:36:30 mailsplitter sendmail[16504]: n4PA62Eq016504: Milter add:
header: Received-SPF: None (mx1.cdac.in: domain of euba [at] zurich\n\tdoes
not designate permitted sender hosts)\n\treceiver=mx1.cdac.in;
client-ip=86.150.6.51;\n\tenvelope-from=<euba [at] zurich>;
helo=bthomehub.home;
However, I looked up the spf record for zurich.ibm.com. It is:
"v=spf1 +mx +ip4:195.176.20.0/24 include:de.ibm.com include:uk.ibm.com
include:us.ibm.com include:br.ibm.com include:au.ibm.com ~all"
I then used the spf checking tool available here:
http://www.kitterman.com/spf/validate.html?
and got these results for the same host and spf policy:
Mail sent from: 86.150.6.51
Mail from (Sender): euba [at] zurich
Mail checked using this SPF policy: v=spf1 +mx +ip4:195.176.20.0/24
include:de.ibm.com include:uk.ibm.com include:us.ibm.com include:br.ibm.com
include:au.ibm.com ~all
Results - softfail domain owner discourages use of this host
When I ran the spfquery tool provided with libspf2, I got these results:
# ./spfquery -ip=86.150.6.51 -sender=euba [at] zurich
StartError
Context: Failed to query MAIL-FROM
ErrorCode: (18) Mechanisms used too many DNS lookups
EndError
permerror
spfquery: error in processing during lookup of domain of zurich.ibm.com:
Mechanisms used too many DNS lookups
Received-SPF: permerror (spfquery: error in processing during lookup of
domain of zurich.ibm.com: Mechanisms used too many DNS lookups)
client-ip=86.150.6.51; envelope-from=euba [at] zurich;
Is the SPF record belonging to zurich.ibm.com really screwed or is it an
issue with libspf2? If it really is exceeding the max number of DNS
lookups, shouldn't the tool on kitterman.com say so too? Since the link to
the tool on kitterman.com is provided on the page of openspf.org itself,
if the results are incorrect, it could be misleading to a lot of
users, many of them absolutely new to spf.
Any help/clarifications on this will be very appreciated.
Thanks and Regards,
Prashanth Chengi
National PARAM SuperComputing Facility
System Administration and Networking Group
C-DAC Pune
--
He who fights with monsters might take care,
lest he thereby become a monster.
-Friedrich Nietzsche
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
