I'm using 2.008 while ASSP says "2.007" is required. Should upgrading to 2.009 fix this issue?
----- Original Message ----- From: Thomas Eckardt [mailto:[email protected]] To: For Users of ASSP [mailto:[email protected]] Sent: Mon, 18 Jul 2016 19:49:45 +0100 Subject: Re: [Assp-user] SPF_temperror,_why? > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: > Mail::SPF::Server, 564, hotmail.com SPF > > ------------------------------------------------------------------------------------------ > =item B<query_rr_types> > > For which RR types to query when looking up and selecting SPF records. The > following values are supported: > > =over > > =item B<< Mail::SPF::Server->query_rr_type_all >> > > Both C<TXT> and C<SPF> type RRs. > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default) > > C<TXT> type RRs only. > > =item B<< Mail::SPF::Server->query_rr_type_spf >> > > C<SPF> type RRs only. > > =back > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and C<TXT> > type > RRs as recommended by RFC 4408. Experience has shown, however, that a > significant portion of name servers suffer from serious brain damage with > regard to the handling of queries for RR types that are unknown to them, > such > as the C<SPF> RR type. Consequently B<Mail::SPF> now defaults to looking > up > only C<TXT> type RRs. This may be overridden by setting the > B<query_rr_types> > option. > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the > description > of the L</select_record> method. > ------------------------------------------------------------------------------------------ > > Seems your Mail::SPF module is outdated - use 2.009 > > ASSP uses the default. > > Thomas > > > > > > Von: "Andy Knuts" <[email protected]> > An: "For Users of ASSP" <[email protected]> > Datum: 18.07.2016 19:27 > Betreff: Re: [Assp-user] SPF_temperror,_why? > > > > I'm stil wondering what's wrong with my DNS servers and ASSP. I installed > pdns-recorsor on the same host where ASSP is running and I have installed > bind on a second VM. > I tested those name server and they work as expected but ASSP still has > troubles with some request. Not always, but A LOT. > In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS > 'SPF' lookup of 'hotmail.com' > > Sometimes it has the SPF records for hotmail.com, but many times it > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works. Same > for "host -t txt hotmail.com 10.1.1.11". > > Here's an example in maillog.txt with SPFDebug enabled: > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> info: found message size announcement: 13.26 kByte > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> Message-Score: added -10 (tlsValencePB) for > SSL-TLS-connection-OK, total score for this message is now -10 > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2 > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets > for 10.1.1.11 > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question: > 246.2.47.104.in-addr.arpa. IN PTR > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer: > 246.2.47.104.in-addr.arpa. 3600 IN PTR ( > > mail-db5eur01hn0246.outbound.protection.outlook.com. ) > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - > hotmail.com. IN ANY > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type > 'ANY' to nameserver 127.0.0.1 ID 15404 > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - > hotmail.com. IN ANY > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type > 'ANY' to nameserver 10.1.1.11 ID 20981 > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1 > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver > 127.0.0.1 > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA ( > ns1.msft.net. msnhst.microsoft.com. > 2016070805 ;serial > 7200 ;refresh > 900 ;retry > 2419200 ;expire > 3600 ;minimum > ) > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS > ns1.msft.net. > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS > ns3.msft.net. > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS > ns4.msft.net. > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS > ns2.msft.net. > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from > nameserver 127.0.0.1 ID 15404 > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68 > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125 > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce > message detected > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the > connection will now be moved in to the Full-Transparent-Proxy mode > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more) > data readable from x.x.x.139 (connection closed by peer) - Connection > reset by peer - last command was 'RCPT TO' > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139 > - processing time 0 seconds > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip Message-Score: added -2 for 65.54.190.0 > in griplist (0.18), total score for this message is now -12 > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89 > <[email protected]> to: JMRP@snip [scoring] DKIM domain mismatch - > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header > (Cache) > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip Message-Score: added 15 (dkimValencePB) > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no > DKIM-Signature found in mail header, total score for this message is now 3 > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2 > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets > for 10.1.1.11 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com. IN > ANY > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN > MX 5 mx1.hotmail.com. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN > A 65.55.77.28 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 > IN NS ns4.msft.net. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 > IN NS ns3.msft.net. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN > MX 5 mx4.hotmail.com. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN > A 65.55.85.12 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 > IN NS ns1.msft.net. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425 IN > TXT ( > "v=spf1 include:spf-a.outlook.com > include:spf-b.outlook.com ip4:157.55.9.128/25 > include:spf.protection.outlook.com include:spf-a.hotmail.com > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all" > ) > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN > MX 5 mx3.hotmail.com. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN > A 157.55.152.112 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 > IN NS ns2.msft.net. > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN > A 157.56.172.28 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN > MX 5 mx2.hotmail.com. > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - > _dmarc.hotmail.com. IN TXT > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607 > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - > _dmarc.hotmail.com. IN TXT > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169 > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1 > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver > 127.0.0.1 > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com. IN > TXT > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com. 2125 IN > TXT ( > "v=DMARC1; p=none; pct=100; > rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1" > ) > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from > nameserver 127.0.0.1 ID 21607 > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89 > <[email protected]> to: JMRP@snip info: domain hotmail.com has published a > DMARC record > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip strictspf Regex: strictSPFRe > '@hotmail.com' > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com - > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: > Mail::SPF::Server, 564, hotmail.com SPF > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: > Mail::SPF::Server, 564, hotmail.com TXT > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip [scoring] spf_result:temperror > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip identity:[email protected] > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip scope:mfrom > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip spf_record: > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip local_exp:hotmail.com: Unknown error on > DNS 'SPF' lookup of 'hotmail.com' > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip received_spf:Received-SPF: temperror > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com') > receiver=mx101.snip; identity=mailfrom; envelope-from="[email protected]"; > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89 > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89 > [email protected] helo=BAY004-OMC2S14.hotmail.com > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip Message-Score: added 5 (spfeValencePB) > for SPF temperror, total score for this message is now 8 > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 > <[email protected]> to: JMRP@snip DMARC: this mail breakes the DKIM > policies defined in the DMARC record for domain hotmail.com - there is no > DKIM-signature found in this mail for domain hotmail.com > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2 > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets > for 10.1.1.11 > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com. > IN TXT > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com. > 2125 IN TXT ( > "v=DMARC1; p=none; pct=100; > rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1" > ) > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - > 89.190.54.65.sa.senderbase.org. IN TXT > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID > 54935 > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - > 89.190.54.65.sa.senderbase.org. IN TXT > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID > 43820 > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1 > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver > 127.0.0.1 > Jul-18-16 19:04:29 [Worker_1] DNS-question was: > 89.190.54.65.sa.senderbase.org. IN TXT > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: > 89.190.54.65.sa.senderbase.org. 19937 IN TXT ( > > "0-0=1|1=MICROSOFT > HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394" > ) > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from > nameserver 127.0.0.1 ID 54935 > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08 > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125 > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK] > 65.54.190.89 <[email protected]> to: JMRP@snip message ok [complaint about > message from 10 164 74 35] > > > any idea's? > > > ----- Original Message ----- > From: Thomas Eckardt > [mailto:[email protected]] > To: For Users of ASSP > [mailto:[email protected]] > Sent: Mon, 18 Jul 2016 12:52:29 > +0100 > Subject: Re: [Assp-user] SPF_temperror,_why? > > > > >But why is this a temperror? > > > > assp was unable to get a qualified result for the query using Mail::SPF > - > > that's all > > most times this is caused by a DNS timeout > > > > Thomas > > > > > > Von: "Andy Knuts" <[email protected]> > > An: [email protected] > > Datum: 18.07.2016 11:53 > > Betreff: [Assp-user] SPF_temperror,_why? > > > > > > > > Many of the emails that passed ASSP have headers like this: > > > > X-Assp-Received-SPF: temperror ip=217.148.21.174 > > [email protected] helo=vmta12.addemar.com > > > > But why is this a temperror? > > > > > > If I use 'spfquery' command line I get: > > > > # spfquery --mail-from [email protected] -i 217.148.21.174 -h > > > vmta12.addemar.com > > pass > > Please see > > > http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery: > > > > > 217.148.21.128/25 contains 217.148.21.174 > > spfquery: domain of [email protected] designates > 217.148.21.174 > > as permitted sender > > Received-SPF: pass (spfquery: domain of [email protected] > > designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174; > > > [email protected]; helo=vmta12.addemar.com; > > > > > ------------------------------------------------------------------------------ > > What NetFlow Analyzer can do for you? Monitors network bandwidth and > > traffic > > patterns at an interface-level. Reveals which users, apps, and protocols > > > are > > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > > > J-Flow, sFlow and other flows. Make informed decisions using capacity > > planning > > reports.http://sdm.link/zohodev2dev > > _______________________________________________ > > Assp-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
