[milters] Archive

Lists Index Date Thread Search

Article: 1274
From: Steve Freegard
Date: 2006-11-21 05:35:24 -0500
Subject: Re: milter-spiff: pass then fail?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Ben Spencer wrote:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> We just ran into a oddity and hoping that someone can help us understand
> this.
> 
> Here is a log snippet (I prefixed the lines with a line number). I can
> concerned about lines 11, 22 & 23 as they all seem to disagree.
> 
> 1: Nov 20 15:05:57 mailgw sendmail[27626]: NOQUEUE: connect from
> mail.apexit.com [72.25.139.129] (may be forged)
> 2: Nov 20 15:05:57 mailgw milter-gris[22946]: 10384 NOQUEUE:
> filterOpen(b0502600, 'mail.apexit.com', [72.25.139.129])
> 3: Nov 20 15:05:57 mailgw milter-spiff[8572]: 05820 NOQUEUE:
> filterOpen(aa102590, 'mail.apexit.com', [72.25.139.129])
> 4: Nov 20 15:05:57 mailgw milter-gris[22946]: 10384 NOQUEUE:
> filterHelo(b0502600, 'mail.apexit.com')
> 5: Nov 20 15:05:57 mailgw milter-spiff[8572]: 05820 NOQUEUE:
> filterHelo(aa102590, 'mail.apexit.com')
> 6: Nov 20 15:05:57 mailgw milter-spiff[8572]: enter spfCheck(aa0ff800,
> mail.apexit.com, '(null)') ip=72.25.139.129 helo=unknown
> mail=postmaster@mail.apexit.com
> 7: Nov 20 15:05:57 mailgw milter-spiff[8572]: enter DnsGet(9b08fc0,
> TXT=16, 1, mail.apexit.com)
> 8: Nov 20 15:06:01 mailgw milter-spiff[8572]: exit  DnsGet(9b08fc0,
> TXT=16, 1, mail.apexit.com) Vector=9b094b8 rc=0 error=
> Nov 20 15:06:01 mailgw milter-spiff[8572]: domain=mail.apexit.com
> TXT=v=spf1 a -all
> 9: Nov 20 15:06:01 mailgw milter-spiff[8572]: enter DnsGet(9b08fc0, A=1,
> 1, mail.apexit.com)
> 10: Nov 20 15:06:01 mailgw milter-spiff[8572]: exit  DnsGet(9b08fc0,
> A=1, 1, mail.apexit.com) Vector=9b0a1c0 rc=0 error=
> 11: Nov 20 15:06:01 mailgw milter-spiff[8572]: exit  spfCheck(aa0ff800,
> mail.apexit.com, '(null)') result=Fail error=
> 15: Nov 20 15:06:01 mailgw milter-spiff[8572]: 05820 kAKL5vIR027626:
> filterMail(aa102590, 9b0e010) MAIL='<jean-charles.compagnon@apexit.com>'
> 16: Nov 20 15:06:01 mailgw milter-spiff[8572]: 05820 kAKL5vIR027626:
> address='jean-charles.compagnon@apexit.com'
> localleft='jean-charles.compagnon' localright='' domain='apexit.com'
> auth='(null)'
> 17: Nov 20 15:06:01 mailgw milter-spiff[8572]: 05820 kAKL5vIR027626:
> sender=<jean-charles.compagnon@apexit.com> access=? skipConnection=0
> skipMessage=0
> 18: Nov 20 15:06:01 mailgw milter-spiff[8572]: enter spfCheck(aa0ff820,
> apexit.com, '(null)') ip=72.25.139.129 helo=mail.apexit.com
> mail=jean-charles.compagnon@apexit.com
> 19: Nov 20 15:06:01 mailgw milter-spiff[8572]: enter DnsGet(9af6a60,
> TXT=16, 1, apexit.com)
> 20: Nov 20 15:06:01 mailgw milter-spiff[8572]: exit  DnsGet(9af6a60,
> TXT=16, 1, apexit.com) Vector=9b094b8 rc=0 error=
> 21: Nov 20 15:06:01 mailgw milter-spiff[8572]: domain=apexit.com
> TXT=v=spf1 ip4:72.25.139.0/24 a mx ptr include:dynamic-info.com ~all
> 22: Nov 20 15:06:01 mailgw milter-spiff[8572]: exit  spfCheck(aa0ff820,
> apexit.com, '(null)') result=Pass error=
> 23: Nov 20 15:06:01 mailgw milter-spiff[8572]: 05820 kAKL5vIR027626:
> reply 550 5.7.1 HELO mail.apexit.com from 72.25.139.129 SPF result Fail;

This seems to be two separate mails, one from postmaster@mail.apexit.com:

[root@mail io]# host -t TXT mail.apexit.com
mail.apexit.com text "v=spf1 a -all"

[root@mail io]# host -t A mail.apexit.com
mail.apexit.com has address 72.25.139.175

The connecting IP was 72.25.139.129 - hence the result was Fail.


The second message was from jean-charles.compagnon@apexit.com:

[root@mail io]# host -t TXT apexit.com
apexit.com text "v=spf1 ip4:72.25.139.0/24 a mx ptr
include:dynamic-info.com ~all"

The connecting IP was 72.25.139.129 again - this would match the PTR and
ip4:72.25.139.0/24 rules, hence the result was Pass.


Hope this clears things up for you.

Kind regards,
Steve.


Lists Index Date Thread Search