RE: SPF_SOFTFAIL not working properly
> > On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote: > > > How do I debug the SPF Module during SA Operations? > > > > > > I have had another email marked as SPF_SOFTFAIL during the > > first receipt and > > > the From domain does not have a TXT SPF record. When I > > isolated the message > > > and ran it again, it was processed without any errors. > > > > > > I suspect that there is a problem with the timeout routines in > > > Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When > > I increased the > > > spf_timeout to 15, I did not have any false positives. > > > > 5 seconds is a long time to do the DNS queries for just an > SPF check. > > Any time the timeout is exceeded we explicitly treat this as > > a SOFTFAIL. > > Perhaps we'd be better off just having no result at all. > > Considering that SOFTFAIL has a score, I recommend that a SPF > timeout be > something other than SOFTFAIL, probably the same as none. It > needs it's own > comment too. Users need to know what happened. > I changed lines 318-319 in SPF.pm to: $result ||= 'error'; # changed from softfail to error - jwh 6/24/06 $comment ||= 'lookup failed'; # added comment for error - jwh 6/24/06 Here is the result for my test file with the timeout set to the default of 5 seconds: [25710] dbg: spf: checking EnvelopeFrom (helo=BABY, ip=125.214.61.195, [EMAIL PROTECTED]) | relmaxtop.com new: ipv4=125.214.61.195, [EMAIL PROTECTED], helo=BABY |marileestewart relmaxtop.com localpart is marileestewart || marileestewart relmaxtop.com DirectiveSet->new(): doing TXT query on relmaxtop.com || marileestewart relmaxtop.com myquery: doing TXT query on relmaxtop.com [25710] dbg: spf: query for [EMAIL PROTECTED]/125.214.61.195/BABY: result: error, comment: lookup failed It works for me. Jim
RE: SPF_SOFTFAIL not working properly
> On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote: > > How do I debug the SPF Module during SA Operations? > > > > I have had another email marked as SPF_SOFTFAIL during the > first receipt and > > the From domain does not have a TXT SPF record. When I > isolated the message > > and ran it again, it was processed without any errors. > > > > I suspect that there is a problem with the timeout routines in > > Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When > I increased the > > spf_timeout to 15, I did not have any false positives. > > 5 seconds is a long time to do the DNS queries for just an SPF check. > Any time the timeout is exceeded we explicitly treat this as > a SOFTFAIL. > Perhaps we'd be better off just having no result at all. Considering that SOFTFAIL has a score, I recommend that a SPF timeout be something other than SOFTFAIL, probably the same as none. It needs it's own comment too. Users need to know what happened. Jim
Re: SPF_SOFTFAIL not working properly
On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote: How do I debug the SPF Module during SA Operations? I have had another email marked as SPF_SOFTFAIL during the first receipt and the From domain does not have a TXT SPF record. When I isolated the message and ran it again, it was processed without any errors. I suspect that there is a problem with the timeout routines in Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When I increased the spf_timeout to 15, I did not have any false positives. When spf_timeout is set to 5 (default), during the initial email receipt, I think that Mail::SPF::Query exceeds the timeout and the timeout routine does not work properly. The timeout error causes Mail::Spamassassin::Plugin::SPF to classify the result as SPF_SOFTFAIL without a value for $comment. The Spamassassin Report displays the SPF_SOFTFAIL result with [SPF failed: ] because the $comment was blank. 5 seconds is a long time to do the DNS queries for just an SPF check. Any time the timeout is exceeded we explicitly treat this as a SOFTFAIL. Perhaps we'd be better off just having no result at all. my $timer = Mail::SpamAssassin::Timeout->new({ secs => $timeout }); my $err = $timer->run_and_catch(sub { ($result, $comment) = $query->result(); }); if ($err) { chomp $err; warn("spf: lookup failed: $err\n"); return 0; } $result ||= 'softfail'; $comment ||= ''; Daryl
Re: SPF_SOFTFAIL not working properly
On Samstag, 24. Juni 2006 17:14 Jim Hermann - UUN Hostmaster wrote: > When spf_timeout is set to 5 (default), during the initial email > receipt, I think that Mail::SPF::Query exceeds the timeout and the > timeout routine does not work properly. The timeout error causes > Mail::Spamassassin::Plugin::SPF to classify the result as > SPF_SOFTFAIL without a value for $comment. The Spamassassin Report > displays the SPF_SOFTFAIL result with [SPF failed: ] because the > $comment was blank. If none of the devs gives an answer here, open a bug. :-| mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key:"curl -s http://zmi.at/zmi3.asc | gpg --import" // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpzCL0gOz93s.pgp Description: PGP signature
SPF_SOFTFAIL not working properly
How do I debug the SPF Module during SA Operations? I have had another email marked as SPF_SOFTFAIL during the first receipt and the From domain does not have a TXT SPF record. When I isolated the message and ran it again, it was processed without any errors. I suspect that there is a problem with the timeout routines in Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When I increased the spf_timeout to 15, I did not have any false positives. When spf_timeout is set to 5 (default), during the initial email receipt, I think that Mail::SPF::Query exceeds the timeout and the timeout routine does not work properly. The timeout error causes Mail::Spamassassin::Plugin::SPF to classify the result as SPF_SOFTFAIL without a value for $comment. The Spamassassin Report displays the SPF_SOFTFAIL result with [SPF failed: ] because the $comment was blank. When the test file is run through spamassassin again, the DNS communication responds more quickly and the test file is processed without any errors. If a wait a few days and run the test file again, I can get spamassassin to reproduce the same SPF_SOFTFAIL error on the first test run. Subsequent test runs process the test file without errors. Jim Here are the headers: >From [EMAIL PROTECTED] Sat Jun 24 09:32:34 2006 Return-Path: <[EMAIL PROTECTED]> Received: from host.uuserver.net ([EMAIL PROTECTED]) by .com (8.12.11/8.12.11) with ESMTP id k5OBxg3c032238 for <[EMAIL PROTECTED]>; Sat, 24 Jun 2006 07:00:02 -0500 X-ClientAddr: 66.111.4.27 Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by host.uuserver.net (8.12.11/8.12.11) with ESMTP id k5OBqWLP021609 for <[EMAIL PROTECTED]>; Sat, 24 Jun 2006 06:53:00 -0500 Received: from frontend3.internal (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id 2BED8D85DE7; Sat, 24 Jun 2006 07:50:46 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by frontend3.internal (MEProxy); Sat, 24 Jun 2006 07:50:46 -0400 X-Sasl-enc: ATgT0Nv4Jo+WFvJ7myAgVLgA0CEeqr7KPDXi5TOdhNv2 1151149773 Received: from Timscomputer (d47-69-233-212.try.wideopenwest.com [69.47.212.233]) by mail.messagingengine.com (Postfix) with ESMTP id 512F56008; Sat, 24 Jun 2006 07:49:33 -0400 (EDT) From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: FW: This is a car .. Swiss style..enjoy Date: Sat, 24 Jun 2006 06:49:50 -0500 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0073_01C6975A.64AB3330" X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Thread-Index: AcaXHSu4jkOXsMTeSRGYxKoIMbX5wAAZv4Nw X-UUN-MailScanner-Information: Please contact [EMAIL PROTECTED] X-UUN-MailScanner: Found to be clean X-UUN-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.964, required 5, BAYES_40 0.70, HTML_90_100 0.11, HTML_MESSAGE 0.00, RAZOR2_CF_RANGE_00_01 0.01, SPF_SOFTFAIL 0.14) X-MailScanner-From: [EMAIL PROTECTED] X-Spam-Status: No