http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
Thomas
Von: "Andy Knuts" <[email protected]>
An: "For Users of ASSP" <[email protected]>
Datum: 18.07.2016 19:56
Betreff: Re: [Assp-user] SPF_temperror,_why?
I'm using 2.008 while ASSP says "2.007" is required.
Should upgrading to 2.009 fix this issue?
----- Original Message -----
From: Thomas Eckardt
[mailto:[email protected]]
To: For Users of ASSP
[mailto:[email protected]]
Sent: Mon, 18 Jul 2016 19:49:45
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?
> >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
>
>
------------------------------------------------------------------------------------------
> =item B<query_rr_types>
>
> For which RR types to query when looking up and selecting SPF records.
The
> following values are supported:
>
> =over
>
> =item B<< Mail::SPF::Server->query_rr_type_all >>
>
> Both C<TXT> and C<SPF> type RRs.
>
> =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
>
> C<TXT> type RRs only.
>
> =item B<< Mail::SPF::Server->query_rr_type_spf >>
>
> C<SPF> type RRs only.
>
> =back
>
> For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
C<TXT>
> type
> RRs as recommended by RFC 4408. Experience has shown, however, that a
> significant portion of name servers suffer from serious brain damage
with
> regard to the handling of queries for RR types that are unknown to them,
> such
> as the C<SPF> RR type. Consequently B<Mail::SPF> now defaults to
looking
> up
> only C<TXT> type RRs. This may be overridden by setting the
> B<query_rr_types>
> option.
>
> See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> description
> of the L</select_record> method.
>
------------------------------------------------------------------------------------------
>
> Seems your Mail::SPF module is outdated - use 2.009
>
> ASSP uses the default.
>
> Thomas
>
>
>
>
>
> Von: "Andy Knuts" <[email protected]>
> An: "For Users of ASSP" <[email protected]>
> Datum: 18.07.2016 19:27
> Betreff: Re: [Assp-user] SPF_temperror,_why?
>
>
>
> I'm stil wondering what's wrong with my DNS servers and ASSP. I
installed
> pdns-recorsor on the same host where ASSP is running and I have
installed
> bind on a second VM.
> I tested those name server and they work as expected but ASSP still has
> troubles with some request. Not always, but A LOT.
> In my maillog.txt I see a lot of these: hotmail.com: Unknown error on
DNS
> 'SPF' lookup of 'hotmail.com'
>
> Sometimes it has the SPF records for hotmail.com, but many times it
> doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works.
Same
> for "host -t txt hotmail.com 10.1.1.11".
>
> Here's an example in maillog.txt with SPFDebug enabled:
>
>
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> info: found message size announcement: 13.26 kByte
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> Message-Score: added -10 (tlsValencePB) for
> SSL-TLS-connection-OK, total score for this message is now -10
> Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> 246.2.47.104.in-addr.arpa. IN PTR
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> 246.2.47.104.in-addr.arpa. 3600 IN PTR (
>
> mail-db5eur01hn0246.outbound.protection.outlook.com. )
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> hotmail.com. IN ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
type
> 'ANY' to nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> hotmail.com. IN ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
type
> 'ANY' to nameserver 10.1.1.11 ID 20981
> Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA (
> ns1.msft.net. msnhst.microsoft.com.
> 2016070805 ;serial
> 7200 ;refresh
> 900 ;retry
> 2419200 ;expire
> 3600 ;minimum
> )
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
> ns1.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
> ns3.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
> ns4.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
> ns2.msft.net.
> Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
> message detected
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> connection will now be moved in to the Full-Transparent-Proxy mode
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> data readable from x.x.x.139 (connection closed by peer) - Connection
> reset by peer - last command was 'RCPT TO'
> Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
x.x.x.139
> - processing time 0 seconds
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip Message-Score: added -2 for
65.54.190.0
> in griplist (0.18), total score for this message is now -12
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
65.54.190.89
> <[email protected]> to: JMRP@snip [scoring] DKIM domain mismatch -
> hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
header
> (Cache)
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip Message-Score: added 15
(dkimValencePB)
> for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> DKIM-Signature found in mail header, total score for this message is now
3
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com. IN
> ANY
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN
> MX 5 mx1.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN
> A 65.55.77.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
> IN NS ns4.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
> IN NS ns3.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN
> MX 5 mx4.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN
> A 65.55.85.12
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
> IN NS ns1.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425 IN
> TXT (
> "v=spf1 include:spf-a.outlook.com
> include:spf-b.outlook.com ip4:157.55.9.128/25
> include:spf.protection.outlook.com include:spf-a.hotmail.com
> include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> )
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN
> MX 5 mx3.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN
> A 157.55.152.112
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
> IN NS ns2.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN
> A 157.56.172.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN
> MX 5 mx2.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> _dmarc.hotmail.com. IN TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> _dmarc.hotmail.com. IN TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com. IN
> TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com. 2125
IN
> TXT (
> "v=DMARC1; p=none; pct=100;
> rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"
> )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
65.54.190.89
> <[email protected]> to: JMRP@snip info: domain hotmail.com has published
a
> DMARC record
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip strictspf Regex: strictSPFRe
> '@hotmail.com'
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com TXT
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip [scoring] spf_result:temperror
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip identity:[email protected]
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip scope:mfrom
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip spf_record:
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip local_exp:hotmail.com: Unknown error
on
> DNS 'SPF' lookup of 'hotmail.com'
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip received_spf:Received-SPF: temperror
> (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> receiver=mx101.snip; identity=mailfrom;
envelope-from="[email protected]";
> helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip [scoring] SPF: temperror
ip=65.54.190.89
> [email protected] helo=BAY004-OMC2S14.hotmail.com
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
> for SPF temperror, total score for this message is now 8
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[email protected]> to: JMRP@snip DMARC: this mail breakes the DKIM
> policies defined in the DMARC record for domain hotmail.com - there is
no
> DKIM-signature found in this mail for domain hotmail.com
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
_dmarc.hotmail.com.
> IN TXT
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
> 2125 IN TXT (
> "v=DMARC1; p=none; pct=100;
> rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"
> )
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> 89.190.54.65.sa.senderbase.org. IN TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> 54935
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> 89.190.54.65.sa.senderbase.org. IN TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> 43820
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> 89.190.54.65.sa.senderbase.org. IN TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> 89.190.54.65.sa.senderbase.org. 19937 IN TXT (
>
> "0-0=1|1=MICROSOFT
>
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
>
> Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 54935
> Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> 65.54.190.89 <[email protected]> to: JMRP@snip message ok [complaint
about
> message from 10 164 74 35]
>
>
> any idea's?
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[email protected]]
> To: For Users of ASSP
> [mailto:[email protected]]
> Sent: Mon, 18 Jul 2016 12:52:29
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > >But why is this a temperror?
> >
> > assp was unable to get a qualified result for the query using
Mail::SPF
> -
> > that's all
> > most times this is caused by a DNS timeout
> >
> > Thomas
> >
> >
> > Von: "Andy Knuts" <[email protected]>
> > An: [email protected]
> > Datum: 18.07.2016 11:53
> > Betreff: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > Many of the emails that passed ASSP have headers like this:
> >
> > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > [email protected] helo=vmta12.addemar.com
> >
> > But why is this a temperror?
> >
> >
> > If I use 'spfquery' command line I get:
> >
> > # spfquery --mail-from [email protected] -i 217.148.21.174
-h
>
> > vmta12.addemar.com
> > pass
> > Please see
> >
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> >
> > 217.148.21.128/25 contains 217.148.21.174
> > spfquery: domain of [email protected] designates
> 217.148.21.174
> > as permitted sender
> > Received-SPF: pass (spfquery: domain of [email protected]
> > designates 217.148.21.174 as permitted sender)
client-ip=217.148.21.174;
>
> > [email protected]; helo=vmta12.addemar.com;
> >
> >
>
------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and
protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for
NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
