[milters] Archive

Lists Index Date Thread Search

Article: 60
From: Anthony Howe
Date: 2009-08-21 02:28:32 -0400
Subject: Re: milter-spiff temp failing...

Grant Taylor uttered...:
> The SPF (txt) record for the sending domain is the following (munged for
> privacy):
> 
>    **************.***      text = "v=spf1 mx mx:redirect=***.*** ~all"

I really do hate it when people redact information that may be relevant
to a question, especially in this instance where a SPF record is public
information in DNS.

> Below is the error message that I am getting in logs:
> 
>    Aug 20 08:45:38 rti02 sm-mta[3167]: n7KDjZ2c003167: Milter:
> to=<*****@***********.***>, reject=451 4.4.3 sender
> <*****@**************.***> via **.**.**.** SPF result TempError: DNS
> name not found
> 
> I /believe/ the primary problem to be an invalid SPF record.
> Specifically the "mx:" in ("mx:redirect=***.***") the SPF record.

From my understanding of RFC 4408, this is a syntax error.

> Can any one confirm or refute the validity of having the "mx:"
> perpending the redirect mechanisms?

Try the SPF validation tools

	http://www.openspf.org/Tools

Try libsnert's spf CLI tool (can be used in scripting too) for testing
too, especially when using -v:

	com/snert/src/lib/mail/spf

----
usage: spf [-v][-h helo][-t txt] client-ip domain|mail ...

-h helo         the SMTP EHLO/HELO argument to verify
-t txt          specify the initial TXT record to use
-v              send debugging information to the mail log.

client-ip       the SMTP client connection IP
domain          one or more domains to verify
mail            one or more mail addresses to verify

Exit Codes
0               SPF Pass
1               SPF Fail
2               SPF None
3               SPF Neutral
4               SPF SoftFail
5               SPF Temporary Error
6               SPF Permanent Error
64              usage error
70              internal error

Copyright 1996, 2009 by Anthony Howe. All rights reserved.
----

Also if you're using an old version of milter-spiff and libsnert ( <
1.70), then your results might be off.


-- 
Anthony C Howe            Skype: SirWumpus                  SnertSoft
+33 6 11 89 73 78       Twitter: SirWumpus      BarricadeMX & Milters
http://snert.com/      http://nanozen.info/     http://snertsoft.com/

Lists Index Date Thread Search