Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?

2013-12-02 Diskussionsfäden David Schweikert
Hi Benoit,

On Mon, Dec 02, 2013 at 16:54:59 +0100, Benoit Panizzon wrote:
> Today, I discovered, that emails whose envelope sender matched the DNS SPF 
> record, but whose From: Header did not (like after the envelope sender has 
> being rewritten by SRS) were rejected by a hosted exchange server provider.

Could it be that a DMARC policy is defined for the domain in the From:
header? With DMARC the From: header is checked too.

Cheers
David


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?

2013-12-02 Diskussionsfäden Marc SCHAEFER
On Mon, Dec 02, 2013 at 05:20:25PM +0100, Klaus Ethgen wrote:
> I had one of this issue in Univerity too.

same in the cantonal mail server ne.ch.

customer had to hack a pipe to a procmail to change the enveloppe so
that a simple mail reflector works.



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?

2013-12-02 Diskussionsfäden Klaus Ethgen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Am Mo den  2. Dez 2013 um 16:54 schrieb Benoit Panizzon:
> Today, I discovered, that emails whose envelope sender matched the DNS SPF 
> record, but whose From: Header did not (like after the envelope sender has 
> being rewritten by SRS) were rejected by a hosted exchange server provider.
> 
> I got in contact with that admin and he told me that this was the way the SPF 
> check works in the Microsoft Exchange Forefront Server.
> 
> Well, according to the RFC 4408 only HELO or MAIL FROM are being considered 
> for SPF. Not the From: header.
> Is there anyone out there who can confirm, that Microsoft Exchange Forefront 
> Server realy has such a broken SPF implementation. Or did the exchange admin 
> just misconfigure his server?

Yes, this is a common fact that microsoft does this wrong.
Unfortunately the responsible "admins" are even worse and try to tell
you that "this is from microsoft, that is a correct behaviour". You
always have to work around this.

I had one of this issue in Univerity too.

Regards
   Klaus Ethgen
- -- 
Klaus Ethgen  http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)

iQGcBAEBCgAGBQJSnLNHAAoJEKZ8CrGAGfasoFML/3sP8hb+6abrOtKMVM2PuBUu
kGVhAG2pxIbA8nWWbVxcDmF92egdnU9Pzasrd93n/sNHqRL+eq1BP/BpXfSI40oB
R2miR5gnVHa93+ddy1GsNoJXAahzM4IUakAfMK3JSMsPATngGPRy5tAmUm8jQ4jY
w5rMgpIJK8gVd66/pImxKxacRpQiOGZ9u8c7C37JahS7CgZjyQwls8etJ78JsBPe
ll365kHPVAxpIxqXLOoqgIKTYyz6SwNxrzDbrhqDEDLz5JfSACk9NqYwrw99DtH+
UwL1LCfSsam5HI0YtJ6J69HelYe7IgmA+tMBRiMPPtvQxdYWa0xvcoHV/W7EGDZj
/RZq6eZahgKVHl0MZDFKHPAEtTGGUemeGKcAZDTGVCe5CQjuW+QVV4iMW/SJVPm+
g28VMaBH3Z92ubXx2RDLG5Zklx2BrMjzF8WUJ45jhZ2+SdNgBdQoQII18Jq7M1uV
jRhTfRG4bJramJeFqZO+dsZWNVLOhpw0ViUrJGxsmQ==
=0cYh
-END PGP SIGNATURE-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


[swinog] Broken SPF Check implementation in Microsoft Exchange Forefront?

2013-12-02 Diskussionsfäden Benoit Panizzon
Hellou

Today, I discovered, that emails whose envelope sender matched the DNS SPF 
record, but whose From: Header did not (like after the envelope sender has 
being rewritten by SRS) were rejected by a hosted exchange server provider.

I got in contact with that admin and he told me that this was the way the SPF 
check works in the Microsoft Exchange Forefront Server.

Well, according to the RFC 4408 only HELO or MAIL FROM are being considered 
for SPF. Not the From: header.
Is there anyone out there who can confirm, that Microsoft Exchange Forefront 
Server realy has such a broken SPF implementation. Or did the exchange admin 
just misconfigure his server?

Mit freundlichen GrĂ¼ssen

Benoit Panizzon
-- 
I m p r o W a r e   A G-
__

Zurlindenstrasse 29 Tel  +41 61 826 93 07
CH-4133 PrattelnFax  +41 61 826 93 02
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


[swinog] SwiNOG-BE127 - Postponed

2013-12-02 Diskussionsfäden Roman Hochuli
Dear All

The SwiNOG-BE 127 has been postponed to next week. More details to follow...

-- 
SwiNOG Organisation
Roman Hochuli
Board Member


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog