On 1-Sep-06, at 7:18 AM, decoder wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Hello, today I saw a strange SPF bug occuring. The original mail header was: Return-Path: <[EMAIL PROTECTED]> Received: from mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200]) by wjpserver.cs.uni-sb.de (8.12.11.20060308/8.12.11) with ESMTP id k7T8rU6P012050; Tue, 29 Aug 2006 10:53:30 +0200 Received: from mail-eur1.microsoft.com (mail-eur1.microsoft.com [213.199.128.139])by mail.cs.uni-sb.de (8.13.8/2006081400) with ESMTP id k7T8rT98004989;Tue, 29 Aug 2006 10:53:29 +0200 (CEST) Received: from xxxxx.europe.corp.microsoft.com ([65.53.193.xxx]) by mail-eur1.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Aug 2006 09:53:29 +0100 (Some unrelated privacy details replaced with xxx). Now what SPF should do is (as far as I understood): - - Get the mail server that sent this (mail-eur1.microsoft.com) - - Check that its IP is in the allowed SPF record of microsoft.com This check passes as you can see here:http://www.dnsstuff.com/tools/spf.ch? server=microsoft.com&ip=213.199.128.139Now SpamAssassin did something else, it took mail.cs.uni-sb.de as the mailserver that sent, and tried to match it against microsoft.com's SPF records which produced a SOFTFAIL: 1.4 SPF_SOFTFAIL Sending host does not match SPF-record (softfail) [SPF failed: Please seehttp://www.openspf.org/why.html?sender=xxx% 40microsoft.com&ip=134.96.254.200&receiver=This%20account%20is% 20currently%20not%20available]2.4 SPF_HELO_SOFTFAIL HELO-Name does not match SPF-record (softfail) [SPF failed: Please seehttp://www.openspf.org/why.html?sender=xxx% 40microsoft.com&ip=134.96.254.200&receiver=This%20account%20is% 20currently%20not%20available]Can someone explain me this failure?
Spamassassin gave the correct result. It compared the IP address of the last received server mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200]) against the SPF record for Microsoft and did not see a match. Result SOFTFAIL
Why do you think it should compare to mail-eur1.microsoft.com (mail- eur1.microsoft.com [213.199.128.139]).
SPF compares the IP address of the last server to handle the message before it was handed off to a server on your receiving end. If the message was sent to someone who is using forwarding and forwarded through mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200]) then this would explain the SOFTFAIL. Forwarding breaks SPF.
-- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
smime.p7s
Description: S/MIME cryptographic signature