Am 11.12.2015 um 17:11 schrieb Alex:
On Fri, Dec 11, 2015 at 10:33 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:On 10.12.15 22:54, Alex wrote:I don't understand why a message from tripadvisor.com would have SPF_FAIL, and as part of trying to understand how SPF works, I'd like to figure out what's happening. Would someone be able to take a look at this message and figure out why mail from tripadvisor.com fails SPF? http://pastebin.com/36hzGcTsOn 11.12.15 08:56, Matus UHLAR - fantomas wrote:the envelope sender seems to be bounce-15_html-74319930-51788793-10834732...@bounce.e.tripadvisor.com bounce.e.tripadvisor.com seems to have no SPF record, so I also don't understand why SPF tests should hit at all, maybe SPF HELO tests...disregard, please. I made an mistype when checking the SPF records. The main reason why the mail hits SPF_FAIL is that you don't trust even servers you receive mail from - first three hops: h02p01.smtp.routit.net (h02p01.smtp.routit.net [89.146.30.9]) pop3.routit.net ([213.144.235.7]) h03p02.smtp.routit.net (h03p02.smtp.routit.net [89.146.30.18])Is it possible this message was forwarded, breaking the trust path?
when you try to understand a little bit what SPF does the answer is clearly yes, any Received header not litest in your trusted_networks or internal_networks after the origin server delivered the mail will not break SPF but also *every* DNSBL/DNSWL and so fire all sort of false-postives as well as false negatives
Reindl wrote:who is that? Received: from h03p02.smtp.routit.net (h03p02.smtp.routit.net [89.146.30.18]) by pop3.routit.net (Postfix) with ESMTP id D0A1B42463 for <wytze.vandenb...@example.nl>; Fri, 11 Dec 2015 02:18:21 +0100 (CET) who is that? Received: from pop3.routit.net ([213.144.235.7]) by h02p01.smtp.routit.net with ESMTP; 11 Dec 2015 02:18:26 +0100 who is that? Received: from h02p01.smtp.routit.net (h02p01.smtp.routit.net [89.146.30.9]) by bwimail02.example.com (Postfix) with ESMTP id 0F8CA345F25 for <wytze.vandenb...@example.com>; Thu, 10 Dec 2015 20:18:38 -0500 (EST)We're not responsible for the example.nl domain
man that message has *five* Received headers after the tripadvsior server - and it smells like a combination of forwarding and fetchmail
Received: from pop3.routit.net ([213.144.235.7]) by h02p01.smtp.routit.net with ESMTP; 11 Dec 2015 02:18:26 +0100
Received: from h03p02.smtp.routit.net (h03p02.smtp.routit.net [89.146.30.18]) by pop3.routit.net (Postfix) with ESMTP id D0A1B42463 for <wytze.vandenb...@example.nl>; Fri, 11 Dec 2015 02:18:21 +0100 (CET)
so I don't understand where that came from. Perhaps that account forwarded it to the wytze.vandenb...@example.com (our domain) without any other indications of that having occurred, breaking the trust path?
surely
that are in X-Spam-RelaysUntrusted header. the next server in path is: mta3.e.tripadvisor.com ([66.231.81.9]) that passes the SPF test.What did you need to do to test this?
what do you need to test when "mta3.e.tripadvisor.com" is clearly "tripadvisor.com" and that received header is burried in the middle of other received headers?
signature.asc
Description: OpenPGP digital signature
