hostmaster at xenterra
Dec 23, 2005, 7:31 PM
>> From: Robert Muchnick [mailto:hostmaster [at] xenterra]
RE: Weird problem with srs-socketmapd.0.32rc3.pl
[In reply to]
>> Now I'm getting the old SPF broken forward problem on mail sent to the
>> forwarding address on "tampa": '[sending domain] does not designate ["-
>> tampa" IP address] as permitted sender'.
> Hello Robert,
> What exactly is not working?
It appears that rewriting is not happening on the mail server which forwards
the mail. Here's the exact scenario for my tests.
I send mail using my email address above directly from a machine here with
hostname "ns1.xenterra.net". The mail TO is "sales [at] metaflash-direct" and
the server names there are ns01.metaflash-direct.com and
mail.metaflash-direct.com. Alias in the srs-socketmapd.conf file has been tried
as both "mail.metaflash-direct.com" (a valid DNS entry) and
The target "sales [at] metaflash-direct" is forwarded in virtusertable to local
account "director". That local account is aliased in aliases to email address
"hostmaster [at] xenterra" (since I want to receive sales emails for
Here is an entry from the maillog at metaflash-direct.com receiving mail from
my hostmaster [at] xenterra account:
Dec 22 19:04:33 ns01 sm-mta: jBN04RxW009334:
from=<SRS0=R0DfQdaT=2U=xenterra.net=hostmaster [at] xenterra>, size=1025,
class=0, nrcpts=1, msgid=<Pine.LNX.4.62.0512221703570.3619 [at] ns1>,
proto=ESMTP, daemon=MTA, relay=root [at] ns1 [126.96.36.199]
Dec 22 19:04:39 ns01 sm-mta: jBN04RxW009334: to=hostmaster [at] xenterra,
delay=00:00:06, xdelay=00:00:06, mailer=esmtp, pri=31244,
relay=mail.xenterra.net. [188.8.131.52], dsn=5.7.1, stat=User unknown
Dec 22 19:04:39 ns01 sm-mta: jBN04RxW009334: jBN04dxW009337: DSN: User
Dec 22 19:04:45 ns01 sm-mta: jBN04dxW009337:
to=<SRS0=R0DfQdaT=2U=xenterra.net=hostmaster [at] xenterra>, delay=00:00:06,
xdelay=00:00:06, mailer=esmtp, pri=32268, relay=smtp.xenterra.net.
[184.108.40.206], dsn=2.0.0, stat=Sent (jBN04dQp016904 Message accepted for
The last entry is the mailer daemon failure notice.
Here's the pertinent part of the bounce message from Mailer Daemon:
----- Transcript of session follows -----
... while talking to mail.xenterra.net.:
<<< 550 5.7.1 <hostmaster [at] xenterra>... Mail from [220.127.116.11] Rejected.
http://spf.pobox.com/why.html?sender=srs0=r0dfqdat=2u=xenterra.net=hostmaster [at] xenterra&ip=63.246.150
550 5.1.1 hostmaster [at] xenterra User unknown
<<< 503 5.0.0 Need RCPT (recipient)
So, the mail forwarded from metaflash-direct.com was rejected by the receiving
mail server because the right hand side of the @ was not rewritten.
Now here's the weird part. Craigslist.org apparently uses SPF, as well. Here's
the header from a recent craigslist.org post to hostmaster [at] xenterra:
<SRS0=4kfUZHSo=2T=craigslist.org=bounce-selfpostingkit-sales=metaflash-direct.com [at] mail
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ns1.xenterra.net
X-Spam-Status: No, score=0.4 required=5.0 tests=AWL,BAYES_50,HTML_MESSAGE,
SPF_PASS,UPPERCASE_25_50 autolearn=ham version=3.1.0
Received: from ns01.metaflash-direct.com (IDENT:0 [at] mail
by ns1.xenterra.net (8.13.5/8.13.5) with ESMTP id jBMH47l5031432
for <hostmaster [at] xenterra>; Thu, 22 Dec 2005 10:04:12 -0700
Received-SPF: pass (ns01.metaflash-direct.com: domain of
bounce-selfpostingkit-sales=metaflash-direct.com [at] craigslist designates
permitted sender) receiver=ns01.metaflash-direct.com;
envelope-from=bounce-selfpostingkit-sales=metaflash-direct.com [at] craigslist;
Received: from mxout4.craigslist.org (mxout4.craigslist.org [18.104.22.168])
by ns01.metaflash-direct.com (8.13.5/8.13.5) with ESMTP id jBMH41n4007063
for <sales [at] metaflash-direct>; Thu, 22 Dec 2005 12:04:06 -0500
Received: from spot.craigslist.org (spot.craigslist.org [22.214.171.124])
by mxout4.craigslist.org (Postfix) with SMTP id 4774936BE1
for <sales [at] metaflash-direct>; Thu, 22 Dec 2005 09:03:55 -0800 (PST)
Here the Return-Path got rewritten to "mail.metaflash-direct.com" and was
accepted by ns1.xenterra.net because the IP address matched up. This happened
when sendmail.mc/cf was HACKed with SRS_LOCAL_SELF. I tried that one and
SRS_ALL with the problem forward and got failure all the time.
> There are many new ways to invoke the
> rewriting (all variations on options regarding class=w). To start with the
> most obvious question: you did regenerate your sendmail.cf, right? (with
> an option from the new m4).
Yes, always. See just above.
> It would help if you showed me a header, or part of the sendmail log, to
> see with what sort of rewriting is occuring, and for what domains. It may
> be that no rewriting takes place, or rewriting for a domain in class w for
> which no SPF record exists.
There are SPF records for all these domains.
BTW, xenterra.net is not in class w for the metaflash-direct.com server and
domain metaflash-direct.com is not in class w for ns1.xenterra.net.
> Feel free to contact me off-list about it, if you so desire.
I hope this is enough to elucidate this problem. If you need anything
more, let me know. I REALLY appreciate the help with this, Mark. I love this
SPF/SRS thing and it's really frustrating, not to mention destroying my email
service, that it's not working 100%.
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2