LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Roberto,
I'm seeing an issue with SPF where a domain that has a valid spf record and the ip address that it's originating from is valid but it still fails the spf ruling.
The domain name that we are having problems with is wayne-dalton.com. Here is their spf record that they publish.

wayne-dalton.com        text = "v=spf1 mx  a:mail2.wayne-dalton.com,da.wayne-dalton.com,cn.wayne-dalton .com,pl.wayne-dalton.com,as2.wayne-walton.com,telnet.wayne-d alton.com,ps.wayne-da
lton.com mx:mail.wayne-dalton.com ~all"

Here is a snippit of our SFE logs and 

05/02/07 11:44:19:937 -- (1292) Connection from: 12.168.83.85  -  Originating country : United States
05/02/07 11:44:20:468 -- (1292) found SPF record for wayne-dalton.com: v=spf1 mx  a:mail2.wayne-dalton.com,da.wayne-dalton.com,cn.wayne-dalton .com,pl.wayne-dalton.com,as2.wayne-dalton.com,telnet.wayne-d alton.com,ps.wayne-dalton.com mx:mail.wayne-dalton.com ~all
05/02/07 11:44:20:796 -- (1292) - SPF analysis for wayne-dalton.com done: - softfail
05/02/07 11:44:20:796 -- (1292) failed SPF test (softfail) - Disconnecting 12.168.83.85
05/02/07 11:44:20:796 -- (1292) 12.168.83.85 - Mail from: thisaddress@wayne-dalton.com To: thatemail@thisdomain.com will be rejected

If you do a nslookup on the ip address 12.168.83.85  it resolves to mail2.wayne-dalton.com

Does the logic within SFE have an issue with the comas that is in the spf record.  I�ve seen a lot of spf records and this is the first one that I�ve seen with coma delimiters on the qualified names.
Thanks,
Dan B

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Dan B Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 February 2005 Location: United States Status: Offline Points: 105	Post Options Post Reply Quote Dan B Report Post Thanks(0) Quote Reply Topic: Possible bug or issue Posted: 02 May 2007 at 3:03pm
	Roberto, I'm seeing an issue with SPF where a domain that has a valid spf record and the ip address that it's originating from is valid but it still fails the spf ruling. The domain name that we are having problems with is wayne-dalton.com. Here is their spf record that they publish. wayne-dalton.com text = "v=spf1 mx a:mail2.wayne-dalton.com,da.wayne-dalton.com,cn.wayne-dalton .com,pl.wayne-dalton.com,as2.wayne-walton.com,telnet.wayne-d alton.com,ps.wayne-da lton.com mx:mail.wayne-dalton.com ~all" Here is a snippit of our SFE logs and 05/02/07 11:44:19:937 -- (1292) Connection from: 12.168.83.85 - Originating country : United States 05/02/07 11:44:20:468 -- (1292) found SPF record for wayne-dalton.com: v=spf1 mx a:mail2.wayne-dalton.com,da.wayne-dalton.com,cn.wayne-dalton .com,pl.wayne-dalton.com,as2.wayne-dalton.com,telnet.wayne-d alton.com,ps.wayne-dalton.com mx:mail.wayne-dalton.com ~all 05/02/07 11:44:20:796 -- (1292) - SPF analysis for wayne-dalton.com done: - softfail 05/02/07 11:44:20:796 -- (1292) failed SPF test (softfail) - Disconnecting 12.168.83.85 05/02/07 11:44:20:796 -- (1292) 12.168.83.85 - Mail from: thisaddress@wayne-dalton.com To: thatemail@thisdomain.com will be rejected If you do a nslookup on the ip address 12.168.83.85 it resolves to mail2.wayne-dalton.com Does the logic within SFE have an issue with the comas that is in the spf record. I�ve seen a lot of spf records and this is the first one that I�ve seen with coma delimiters on the qualified names. Thanks, Dan B

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 02 May 2007 at 7:55pm
	Dan, Actually the SPF record does indeed indicate that the email should have been a "softfail", just like SpamFilter logged. As you configured SpamFilter to block softfails, the email was stopped. You can verify the correct interpretation for the SPF record from the openspf.org official site itself using: http://www.openspf.org/Why?show-form=1&identity=thisaddr ess%40wayne-dalton.com&ip-address=12.168.83.85&.subm it=Submit It returns: An SPF-enabled mail server rejected a message that claimed an envelope sender address of thisaddress@wayne-dalton.com. An SPF-enabled mail server received a message from `mail2.wayne-dalton.com (12.168.83.85)` that claimed an envelope sender address of `thisaddress@wayne-dalton.com`. The domain `wayne-dalton.com` has declared using SPF that it does not send mail through `mail2.wayne-dalton.com (12.168.83.85)`. However, the domain is still testing its SPF policy, so the message should not have been rejected.
	Roberto Franceschetti LogSat Software Spam Filter ISP

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 02 May 2007 at 10:05pm
	The passing of soft fails is the correct answer but actually renders it semi-usless as most SPF records are still in the "we are not sure" mode. It would be nice if we could somehow tag the soft-fails if enabled to pass. Just my 2-1/2 cents.
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Possible bug or issue

An SPF-enabled mail server rejected a message that claimed an envelope sender address of thisaddress@wayne-dalton.com.