-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 27 Oct 2004, Christoph Cordes wrote: > ClamAV database updated (2004.10.27 10:58 GMT): daily.cvd > Version: 556 > > Submission: 6424-web, 6425-web > Sender: Gabor Funk, Andrey Melnikov > Submitted virus name: Bagz[.gen], I-Worm.Bagz.f > Added: Worm.Bagz.E > > > -- > Best regards, > Christoph mailto:[EMAIL PROTECTED] > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb > Dear Christoph and clamav team, we about to activate failure based upon SPF records. For four days now we have had it running on our MTA, but before we start rejecting we decided to watch the Received-SPF headers for any signs of unwanted failures. Of all the failures only one is a problem for us. Namely the clamav list emails. See headers as follows :- Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from alfred.belfast.heartsine.net (Alfred.belfast.heartsine.net [192.168.1.34]) by jim.belfast.heartsine.net (Postfix) with ESMTP id D6D5A1017F for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:55 +0100 (BST) Received: from batman.heartsine.com (batman.heartsine.com [192.168.1.2]) by alfred.belfast.heartsine.net (8.12.10/8.12.10) with ESMTP id i9RBOtxq013365 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:55 +0100 Received-SPF: fail (batman.heartsine.com: domain of [EMAIL PROTECTED] does not designate 12.152.184.25 as permitted sender) receiver=batman.heartsine.com; client_ip=12.152.184.25; [EMAIL PROTECTED]; Received: from externalmx-1.sourceforge.net (externalmx-1.sourceforge.net [12.152.184.25]) by batman.heartsine.com (8.13.1/8.13.1) with ESMTP id i9RBOscI000499 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:54 +0100 Received: from aj.catt.com ([64.18.103.6] ident=postfix) by externalmx-1.sourceforge.net with esmtp (Exim 4.41) id 1CMlv3-0004aG-4T; Wed, 27 Oct 2004 04:24:47 -0700 Received: from aj.catt.com (localhost [127.0.0.1]) by aj.catt.com (Postfix) with ESMTP id CE2371561BB; Wed, 27 Oct 2004 07:24:10 -0400 (EDT) Received: from precompiled.de (precompiled.de [217.160.131.71]) by aj.catt.com (Postfix) with SMTP id E017010B8C2 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 07:24:05 -0400 (EDT) Received: (qmail 17031 invoked by uid 0); 27 Oct 2004 11:24:05 -0000 Received: from [EMAIL PROTECTED] by nmi by uid 524 with qmail-scanner-1.20 Processed in 0.032446 secs; 27 Oct 2004 11:24:05 -0000 Received: from i528c2311.versanet.de (HELO ?127.0.0.1?) (82.140.35.17) by 0 with SMTP; 27 Oct 2004 11:24:04 -0000 X-AntiVirus: Checked by Dr.Web [version: 4.32a, engine: 4.32a, virus records: 58178, updated: 27.10.2004] Message-ID: <[EMAIL PROTECTED]> Date: Wed, 27 Oct 2004 13:30:11 +0200 From: Christoph Cordes <[EMAIL PROTECTED]> As you can see had we started rejecting, then this message [Clamav-virusdb] Update (daily: 556) would have been rejected. I have manually checked the SPF records and while clamav.net doesn't list any spf permissions the Return-path : <[EMAIL PROTECTED]> domain lists.clamav.net lists :- lists.clamav.net. 300 IN TXT "v=spf1 mx -all" the mx as permitted, namely :- lists.clamav.net. 1200 IN MX 20 mail.oltrelinux.com. lists.clamav.net. 1200 IN MX 10 aj.catt.com. mail.oltrelinux.com. 3600 IN A 194.242.226.43 aj.catt.com. 2277 IN A 64.18.103.6 I not an expert on SPF (yet) and I appologies if I have done something wrong on my end but as I understand it according to the SPF authorities for the return paths quoted in this email the server :- externalmx-1.sourceforge.net : 12.152.184.25 is not permitted to send emails for this domain. Am I correct and do you need to fix your SPF records ? Jim :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBf6NtRdAZy0oJ0LwRArb7AJ9B8IHStw+V+OimNqW8its9DO1xsACeIr+7 IJ5sjqOPuekj35W9tpBDIng= =bQ16 -----END PGP SIGNATURE----- _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
