Re: Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

View: New views

6 Messages — Rating Filter: Alert me

Re: Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

by Jean-Pierre van Melis-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

This is the whole log of that session..

But if it is PB-IP’ing for the originating IP it means that it is already using that mechanism….??

# cat maillog.txt | grep id-66958-09443

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/24) matches ispip

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/21) matches noPB

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/21) matches noDelay

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... Found 'Received:' from forwarding IP: 195.78.85.138

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... [scoring] Home Country Bonus NL - Marktplaats Network

Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is -15, added -15 (Home Country Bonus NL - Marktplaats Network)

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 20, added 35 (DNSBL neutral, 195.78.85.138 listed by ix.dnsbl.manitu.net)

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 35, added 35 for DNSBLneutral

Jul-3-08 08:35:59 id-66958-09443 [DNSBL] 89.250.184.254 <info@...> to: rooijen@... [scoring] (DNSBL: neutral, 195.78.85.138 listed by (ix.dnsbl.manit u.net->127.0.0.2; ))

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@xxxx MX found: marktplaats.nl -> mx4.marktplaats.nl

Jul-3-08 08:35:59 id-66958-09443 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.138 mailfrom=info@... helo=fallback1.dsdeurne.nl

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 25, added 5 (SPF softfail)

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 40, added 5 for SPFsoftfail

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... ClamAV: scanned 3261 bytes in message - OK

Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... [scoring] (Received-URIBL: pass)

Jul-3-08 08:35:59 id-66958-09443 [MessageOK] 89.250.184.254 <info@...> to: rooijen@... MESSAGE OK [Uw wachtwoord voor Marktplaats nl]

Van: assp-test-bounces@... [mailto:assp-test-bounces@...] Namens Thomas Eckardt/eck
Verzonden: donderdag 3 juli 2008 17:31
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

If you enable 'ipmatchLogging' - are you able to see the message about the IP-match (89.250.184.254) for 'ispip' ? or 'regexLogging' to 'isphostnames' ?

Thomas

"JP van Melis" <jp@...>
Gesendet von: assp-test-bounces@...

03.07.2008 17:04

Bitte antworten an
ASSP development mailing list <assp-test@...>

An	"'ASSP development mailing list'" <assp-test@...>
Kopie
Thema	[Assp-test] SPF softfail while it should pass (only when mail comes from ISPIP)

I'm having problems with SPF softfail when mail comes from an ISPIP address (is in isphostnames)
It is version 1.3.9.03

This is the TXT-record of "marktplaats.nl"

# host -t txt marktplaats.nl
marktplaats.nl descriptive text "v=spf1 ip4:213.244.166.0/24 ip4:195.78.84.0/23 ip4:216.113.175.152/32 ip4:216.113.175.153/32 ip4:216.33.244.6/32 ip4:216.33.244.7/32 ip4:194.88.230.32/27 ip4:216.136.162.64/26 ip4:63.240.103.0/26 ip4:213.105.192.128/26 ~all"
marktplaats.nl descriptive text "v=spf2.0/pra ip4:213.244.166.0/24 ip4:195.78.84.0/23 ip4:216.113.175.152/32 ip4:216.113.175.153/32 ip4:216.33.244.6/32 ip4:216.33.244.7/32 ip4:194.88.230.32/27 ip4:216.136.162.64/26 ip4:63.240.103.0/26 ip4:213.105.192.128/26 ~all"

89.250.184.254 is the fallback-server and is running ASSP. It will send mail to the other proxy. That proxy has this IP as an ISPIP address and has its hostname in isphostnames
This is the log of ASSP on the "fallback-server". The SPF of 195.78.85.138 passes:

# cat maillog.txt | grep SPF | grep marktpl
Jul-3-08 08:35:59 id-66958-13591 [SPF] 195.78.85.138 <info@...> to: rooijen@... SPF: pass ip=195.78.85.138 mailfrom=info@... helo=mx18a.marktplaats.nl
Jul-3-08 08:36:07 id-66966-11918 [SPF] 195.78.85.149 <info@...> to: rooijen@... SPF: pass ip=195.78.85.149 mailfrom=info@... helo=mx19b.marktplaats.nl
Jul-3-08 08:36:52 id-67011-10668 [SPF] 195.78.85.147 <info@...> to: rooijen@... SPF: pass ip=195.78.85.147 mailfrom=info@... helo=mx17b.marktplaats.nl
Jul-3-08 13:21:31 id-84090-04881 [SPF] 213.105.192.141 <marktplaats@...> to: boegborn@... SPF: pass ip=213.105.192.141 mailfrom=marktplaats@... helo=rntuk141.rnmk.com

This is the 2nd proxy. When the mail comes directly to the proxy there's no problem, but when it comes from ispip it's a softfail. Maybe it's not the originating address that it's checking in reality?

cat maillog.txt | grep SPF | grep marktpl
Jul-3-08 08:35:59 id-66958-09443 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.138 mailfrom=info@... helo=fallback1.dsdeurne.nl
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 25, added 5 (SPF softfail)
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 40, added 5 for SPFsoftfail
Jul-3-08 08:36:52 id-67011-13637 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.147 mailfrom=info@... helo=fallback1.dsdeurne.nl
Jul-3-08 08:36:52 id-67011-13637 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 25, added 5 (SPF softfail)
Jul-3-08 08:36:52 id-67011-13637 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 40, added 5 for SPFsoftfail
Jul-3-08 08:37:07 id-67026-01314 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.149 mailfrom=info@... helo=fallback1.dsdeurne.nl
Jul-3-08 08:37:07 id-67026-01314 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 25, added 5 (SPF softfail)
Jul-3-08 08:37:07 id-67026-01314 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 40, added 5 for SPFsoftfail
Jul-3-08 12:09:42 id-79781-08908 [SPF] 213.105.192.141 <marktplaats@...> to: campmans@... SPF: pass ip=213.105.192.141 mailfrom=marktplaats@... helo=rntuk141.rnmk.com

The 2nd server was running SPF1. I just changed it, but I don't think it's the reason.

JP-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test

DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test

Antwort: Re: Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

by Thomas Eckardt/eck :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Jean-Pierre,

SPF returns a "softfail" because the helo does not match the sender domain. If you never want to get the softfail for your "fallback-server", just write the IP of that server to 'noSPFRe' (in regex-notation) or to do it 'soft': let the fallback-server add the 'AddSPFHeader' to any mail and use ' noSPFRe' to check for "X-Assp-Received-SPF: pass" to chech that SPF was done by your fallback-server!

Thomas

Jean-Pierre van Melis <jp@...>
Gesendet von: assp-test-bounces@...

03.07.2008 18:16

Bitte antworten an
ASSP development mailing list <assp-test@...>

An	'ASSP development mailing list' <assp-test@...>
Kopie
Thema	Re: [Assp-test] Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

This is the whole log of that session..
But if it is PB-IP’ing for the originating IP it means that it is already using that mechanism….??

# cat maillog.txt | grep id-66958-09443
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/24) matches ispip
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/21) matches noPB
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> IP 89.250.184.254 (89.250.184.0/21) matches noDelay
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... Found 'Received:' from forwarding IP: 195.78.85.138
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... [scoring] Home Country Bonus NL - Marktplaats Network
Jul-3-08 08:35:58 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is -15, added -15 (Home Country Bonus NL - Marktplaats Network)
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 20, added 35 (DNSBL neutral, 195.78.85.138 listed by ix.dnsbl.manitu.net)
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 35, added 35 for DNSBLneutral
Jul-3-08 08:35:59 id-66958-09443 [DNSBL] 89.250.184.254 <info@...> to: rooijen@... [scoring] (DNSBL: neutral, 195.78.85.138 listed by (ix.dnsbl.manit u.net->127.0.0.2; ))
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@xxxx MX found: marktplaats.nl -> mx4.marktplaats.nl
Jul-3-08 08:35:59 id-66958-09443 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.138 mailfrom=info@... helo=fallback1.dsdeurne.nl
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-Message-Score is 25, added 5 (SPF softfail)
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... PB-IP-Score for '195.78.85.0' is 40, added 5 for SPFsoftfail
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... ClamAV: scanned 3261 bytes in message - OK
Jul-3-08 08:35:59 id-66958-09443 89.250.184.254 <info@...> to: rooijen@... [scoring] (Received-URIBL: pass)
Jul-3-08 08:35:59 id-66958-09443 [MessageOK] 89.250.184.254 <info@...> to: rooijen@... MESSAGE OK [Uw wachtwoord voor Marktplaats nl]

Van: assp-test-bounces@... [mailto:assp-test-bounces@...] Namens Thomas Eckardt/eck
Verzonden: donderdag 3 juli 2008 17:31
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

If you enable 'ipmatchLogging' - are you able to see the message about the IP-match (89.250.184.254) for 'ispip' ? or 'regexLogging' to 'isphostnames' ?

Thomas

"JP van Melis" <jp@...>
Gesendet von: assp-test-bounces@...
03.07.2008 17:04

Bitte antworten an
ASSP development mailing list <assp-test@...>

An
"'ASSP development mailing list'" <assp-test@...>

Kopie

Thema
[Assp-test] SPF softfail while it should pass (only when mail comes from ISPIP)

I'm having problems with SPF softfail when mail comes from an ISPIP address (is in isphostnames)
It is version 1.3.9.03

JP-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test

DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08_______________________________________________ Assp-test mailing list Assp-test@... https://lists.sourceforge.net/lists/listinfo/assp-test

DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: Antwort: Re: Antwort: SPF softfail while it should pass(only when mail comes from ISPIP)

by JP van Melis :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

What's this all about?

The feature that need "isphostnames" is about doing all IP-related checks as if they were done from the originating IP.

What's the HELO got to do with SPF?

This feature (one I suggested) is all about this. It's a mail that's supposedly coming from marktplaats.nl.

marktplaats.nl has an SPF-record and ASSP should test if the IP matches that record.... no more no less...

Van: assp-test-bounces@... [mailto:assp-test-bounces@...] Namens Thomas Eckardt/eck
Verzonden: vrijdag 4 juli 2008 12:26
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: Re: Antwort: SPF softfail while it should pass(only when mail comes from ISPIP)

Jean-Pierre van Melis <jp@...>
Gesendet von: assp-test-bounces@...

03.07.2008 18:16

Bitte antworten an
ASSP development mailing list <assp-test@...>

An	'ASSP development mailing list' <assp-test@...>
Kopie
Thema	Re: [Assp-test] Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

Antwort: Re: Antwort: Re: Antwort: SPF softfail while it should pass(only when mail comes from ISPIP)

by Thomas Eckardt/eck :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

>Jul-3-08 08:35:59 id-66958-09443 [SPF] 89.250.184.254 <info@...> to: rooijen@... SPF: softfail ip=195.78.85.138 mailfrom=info@... helo=fallback1.dsdeurne.nl

You can see: the "isphostnames"-IP is used - mailfrom is used - helo is used !!!!
With SPF2 helo is set to "" for the SPF-query (I just try to set it undef, if this is confusing the SPF-module) if "isphostnames"-IP is used. I think SPF1 will not work that way - there must be something changed! I'm unable to see any other reason at this time for that softfai,l as the (what ever) helo-value that is submitted to the SPF-module.
Switch 'DebugSPF' to on and let us see what SPF is telling us!

But - by the way - for what reason are you doing an additional SPF-check, if you realy know, that the fallback has already done it?

Thomas

"JP van Melis" <jp@...>
Gesendet von: assp-test-bounces@...

04.07.2008 14:10

Bitte antworten an
ASSP development mailing list <assp-test@...>

An	"'ASSP development mailing list'" <assp-test@...>
Kopie
Thema	Re: [Assp-test] Antwort: Re: Antwort: SPF softfail while it should pass(only when mail comes from ISPIP)

What's this all about?
The feature that need "isphostnames" is about doing all IP-related checks as if they were done from the originating IP.
What's the HELO got to do with SPF?

This feature (one I suggested) is all about this. It's a mail that's supposedly coming from marktplaats.nl.
marktplaats.nl has an SPF-record and ASSP should test if the IP matches that record.... no more no less...

Van: assp-test-bounces@... [mailto:assp-test-bounces@...] Namens Thomas Eckardt/eck
Verzonden: vrijdag 4 juli 2008 12:26
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: Re: Antwort: SPF softfail while it should pass(only when mail comes from ISPIP)

Jean-Pierre,

SPF returns a "softfail" because the helo does not match the sender domain. If you never want to get the softfail for your "fallback-server", just write the IP of that server to 'noSPFRe' (in regex-notation) or to do it 'soft': let the fallback-server add the 'AddSPFHeader' to any mail and use ' noSPFRe' to check for "X-Assp-Received-SPF: pass" to chech that SPF was done by your fallback-server!

Thomas

Jean-Pierre van Melis <jp@...>
Gesendet von: assp-test-bounces@...

03.07.2008 18:16

Bitte antworten an
ASSP development mailing list <assp-test@...>

An	'ASSP development mailing list' <assp-test@...>
Kopie
Thema	Re: [Assp-test] Antwort: SPF softfail while it should pass (only when mail comes from ISPIP)

I'm having problems with SPF softfail when mail comes from an ISPIP address (is in isphostnames)
It is version 1.3.9.03

This is the TXT-record of "marktplaats.nl"

# host -t txt marktplaats.nl
marktplaats.nl descriptive text "v=spf1 ip4:213.244.166.0/24 ip4:195.78.84.0/