417 is what I'm used to seeing ... in my case the 417 was triggered by a lookup failure being negatively cached by a ms Windows DNS server.
Have you checked your configuration for spf? What version are you running and what does the config look like? Cheers Sent from my Samsung device -------- Original message -------- From: Alessandro Vesely <ves...@tana.it> Date: 2015-11-13 03:23 (GMT-08:00) To: "Mitch (BitBlock)" <mi...@bitblock.net>, Courier Users <courier-users@lists.sourceforge.net> Subject: Re: [courier-users] No SPF reject during DNS outage. How come? Hi Mitch, On Fri 13/Nov/2015 02:04:29 +0100 you wrote: > Hey Alessandro - did you receive any replies not cc'd to the list? Nope. > Just thinking out loud here... does courier cache lookups or is it possible > your local resolver did? > Maybe something cached the lookup of your SPF for your domain - and then the > non-cached lookup of the IP failed... > Could that result in the behaviour you see? > Maybe you would have to have timed your test to occur during the cache > lifetime of the spf record? I don't think I got cache hits, although that's a possibility. There's something which works counter-intuitively in the SPF module, but that's probably not even covered clearly by the RFC. I'd have preferred a 417 reply code in this case. Thank you for your interest Ale > -----Original Message----- > From: Alessandro Vesely [mailto:ves...@tana.it] > Sent: November-12-15 3:23 AM > To: Courier Users > Subject: [courier-users] No SPF reject during DNS outage. How come? > > Hi! > > I received a bunch of spam marked like this: > > Return-Path: <zl...@tana.it> > Received: from [210.205.1.118] (softdnserr [210.205.1.118]) > by wmail.tana.it with ESMTP; Thu, 12 Nov 2015 09:55:57 +0100 > id 00000000005DC042.0000000056445431.00005BFC > Received-SPF: error (Address does not pass the Sender Policy Framework) > SPF=MAILFROM; > sender=zl...@tana.it; > remoteip=210.205.1.118; > remotehost=softdnserr; > helo=[210.205.1.118]; > receiver=wmail.tana.it; > > The "softdnserr" presumably came from DNS outage. The NS was disconnected > for quite some time, so only internal stuff was being resolved during > reception. > Thus, Courier could get a -all SPF record for tana.it, but not the reverse IP > for that Korean address. > > However, I tried to reproduce that behavior to no avail. At the console, I > always got _517 SPF fail_ after MAIL FROM:, even if I disconnected the NS > again. My Courier version is getting old, but this doesn't seem to be > related to the recent SPF fix, does it? > > Any other idea? > > TIA > Ale > > ------------------------------------------------------------------------------ > _______________________________________________ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > > ------------------------------------------------------------------------------ > _______________________________________________ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users >
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users