>Does this mean that checks like IP in HELO and IP in HELO mismatch are not
>being performed on the originating data?
These checks are performed on the connection IP and the real HELO, ispHostnames
is not involved in these checks!
Mmmm… that was what ispHostnames was all about.. to prevent it from becoming
a backdoor…. The final proxy could test the original HELO against the original
IP and have for instance a higher score for “IP in Helo mismatch” and block the
mail……
But can you confirm again that these tests are NOT being performed now?
And if so… will they be in the future?
Have a nice weekend too…
JP
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Thomas Eckardt/eck
Verzonden: zaterdag 5 juli 2008 9:48
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: Re: Antwort: SPF softfail while it shoul
Jean Pierre,
it looks like the reason for the 'softfail' was the SPF1 - SPF2 did it right!
There is falling a big stone from my heart.
>But anyhow, we have the HELO of the originating mailserver, so why not pass
>that?
>>>>>>[EMAIL PROTECTED]"; helo=""; client-ip=213.105.192.140
You can see, we've passed it with SPF2! The new versions are using 'undef'
instead of "" to set the SPF-hash-parm to undef!
>Does this mean that checks like IP in HELO and IP in HELO mismatch are not
>being performed on the originating data?
These checks are performed on the connection IP and the real HELO, ispHostnames
is not involved in these checks!
>Recommended…
This is what I've told you!
Have a nice weekend! I've to battle with BATV - want to release it next week!
Thomas
Jean-Pierre van Melis <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
05.07.2008 09:28
Bitte antworten an
ASSP development mailing list <[email protected]>
An'ASSP development mailing list' <[email protected]>
Kopie
ThemaRe: [Assp-test] Antwort: Re: Antwort: Re: Antwort: Re: Antwort: SPF
softfail while it shoul
Helo checking as part of the SPF was new to me, so I checked the RFC. There it
said:
It is RECOMMENDED that SPF clients not only check the "MAIL FROM"
identity, but also separately check the "HELO" identity by applying
the check_host() function (Section 4) to the "HELO" identity as the
<sender>.
Recommended…
But anyhow, we have the HELO of the originating mailserver, so why not pass
that?
Does this mean that checks like IP in HELO and IP in HELO mismatch are not
being performed on the originating data?
Something new from “marktplaats” came through in the log and it was again using
the fallback-server… (I have to investigate why, as well)
It turns out it had something to do with the SPF1 module. The final proxy was
using SPF1, but I switched to SPF2 after noticing this anomaly.
It was still running 1.3.9(03) though (I’m not at work) and it seems it is
passing “” as the HELO argument….
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/24) matches ispip
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/21) matches noPB
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/21) matches noDelay
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Found
'Received:' from forwarding IP: 213.105.192.140
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
SenderBase showing: GB - IBM UK Limited (IBM Educational)
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
spf_result:pass
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
identity:[EMAIL PROTECTED]
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
scope:mfrom
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
spf_record:v=spf1 ip4:213.244.166.0/24 ip4:195.78.84.0/23
ip4:216.113.175.152
ip4:216.113.175.153 ip4:216.33.244.6 ip4:216.33.244.7
ip4:194.88.230.32/27
ip4:216.136.162.64/26 ip4:63.240.103.0/26
ip4:213.105.192.128/26 ~all
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
local_exp:marktplaats.nl: 213.105.192.140 is authorized to
use '[EMAIL PROTECTED]
nl' in 'mfrom' identity (mechanism 'ip4:213.105.192.128/26'
matched)
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
authority_exp:
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
received_spf:Received-SPF: pass (marktplaats.nl:
213.105.192.140 is authorized to use
'[EMAIL PROTECTED]' in 'mfrom' identity (mechanism
'ip4:213.105.192.128/26'
matched)) receiver=sh2x.kijken.nl; identity=mfrom;
envelope-from="
[EMAIL PROTECTED]"; helo=""; client-ip=213.105.192.140
Jul-5-08 03:20:44 id-20844-01612 [SPF] 89.250.184.254 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
SPF: pass ip=213.105.192.140 [EMAIL PROTECTED]
helo=fallback1.
dsdeurne.nl
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
PB-Message-Score is 20, added 20 (BombSuspicious:
'UNSUBSCRIBE')
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:Suspicious 'UNSUBSCRIBE'
Jul-5-08 03:20:44 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
ClamAV: scanned 8908 bytes in message - OK
Jul-5-08 03:20:44 Commencing URIBL checks on rightnow.com
Jul-5-08 03:20:45 Completed URIBL checks on rightnow.com
Jul-5-08 03:20:45 Commencing URIBL checks on marktplaats.nl
Jul-5-08 03:20:45 Completed URIBL checks on marktplaats.nl
Jul-5-08 03:20:45 Commencing URIBL checks on custhelp.com
Jul-5-08 03:20:45 Completed URIBL checks on custhelp.com
Jul-5-08 03:20:45 id-20844-01612 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
[scoring] (Received-URIBL: pass)
Jul-5-08 03:20:45 id-20844-01612 [MessageOK] 89.250.184.254 <[EMAIL PROTECTED]>
to:
[EMAIL PROTECTED] MESSAGE OK [Marktplaats gebruiker
Treindagkaart voor U]
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Thomas Eckardt/eck
Verzonden: zaterdag 5 juli 2008 6:32
Aan: ASSP development mailing list
Onderwerp: [Assp-test] Antwort: Re: Antwort: Re: Antwort: Re: Antwort: SPF
softfail while it shoul
Jean-Pierre,
please would you try out the last 1.4.0 or 2.0.0 . I've made some changes to
SPF, setting the checked HELO not to an empty string but to 'undef' if
ispHostnames is used. SPF now also ignores the HELO in SFPCache if ispHostnames
is used! Checking the helo is an option in the perl SPF-modules and I think
it's good to do so, as long as it does work! Let's see!
ps.: If you are using ispHostnames, you should never use the SPF1-modules, in
this case only use SFP2 !!!!!!
Michael,
>?!?! Did I miss something here? Why would SPF return a softfail other
>then if its actually a softfail response/lookup in DNS?
>If we need to indicate a block condition for the sender domain not
>matching the HELO - then it should be unique different feature, and not
<lumped into the SPF *specification*.
As you know SPF in ASSP is done by using the SPF-modules. So we have to live
with the responds of that modules or we have to rewrite them! The only thing we
can do, is to prepaire the input values the right way - that is what I'm try to
do! And think about, as long as a mail is not coming from an ISP, checking the
helo with SPF is OK and should be done. And - sorry - if you are talking about
*specification* you should just know them - the HELO-identity is part of SPF
(rfc4408)! Please believe me, Fritz and I, we are spending a lot of time in
reading and understanding the dozens RFC's that belongs to mail traffic, to
make ASSP compatible to them!
Thomas
Jean-Pierre van Melis <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
04.07.2008 21:49
Bitte antworten an
ASSP development mailing list <[email protected]>
An'ASSP development mailing list' <[email protected]>
Kopie
ThemaRe: [Assp-test] Antwort: Re: Antwort: Re: Antwort: SPF softfail
while it shoul
I just turned on DebugSPF...
In the mean time I found an entry where everything is working as it is supposed
to...
This time it's a hotmail-account...
Looking at the log it is spam (which came through) but that's beside the point
now.
SPF2 is now active on the 2nd proxy.
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/24) matches ispip
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/21) matches noPB
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> IP
89.250.184.254
(89.250.184.0/21) matches noDelay
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Found
'Received:' from forwarding IP: 65.54.246.95
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] SenderBase
showing: US - Microsoft Corp
Jul-4-08 18:02:35 id-87355-05611 [DNSBL] 89.250.184.254 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
[scoring] (DNSBL: pass)
Jul-4-08 18:02:35 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:SPFstrict '@hotmail.com'
Jul-4-08 18:02:35 id-87355-05611 [SPF] 89.250.184.254 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] SPF:
pass ip=65.54.246.95 [EMAIL PROTECTED]
helo=fallback1.dsdeurne.nl
Jul-4-08 18:02:36 Commencing URIBL checks on shop6818.com
Jul-4-08 18:02:36 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] [scoring]
(Received-URIBL: fail (shop6818.com.black.uribl.com->127.0.0.2;
shop6818.com.multi.
surbl.org->127.0.0.80; ))
Jul-4-08 18:02:36 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
PB-Message-Score is 25, added 25 (Received-URIBL: fail
(shop6818.com.black.uribl.com-
>127.0.0.2; shop6818.com.multi.surbl.org->127.0.0.80; ))
Jul-4-08 18:02:36 id-87355-05611 89.250.184.254 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] PB-IP-Score
for '65.54.246.0' is 25, added 25 for URIBLfailed
Jul-4-08 18:02:36 id-87355-05611 [MessageOK] 89.250.184.254 <[EMAIL PROTECTED]>
to: [EMAIL PROTECTED]
MESSAGE OK [Dear friend]
Jul-4-08 18:02:36 Disconnected: 89.250.184.254
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Fritz Borgstedt
Verzonden: vrijdag 4 juli 2008 18:53
Aan: ASSP development mailing list
Onderwerp: Re: [Assp-test] Antwort: Re: Antwort: Re: Antwort: SPF softfail
while it shoul
ASSP development mailing list <[email protected]>
schreibt:
>SPF logging is set to “verbose”. Debug is not an option. I set global
>debugging on, but getting mail this way is a rare occasion?.
?
DebugSPF is in the SPF section.
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this
email!-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at
http://www.sourceforge.net/community/cca08_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
