9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] SPF
FromSent OnAttachments
Mark ConstableJan 24, 2008 7:48 pm 
Alessandro VeselyJan 24, 2008 10:28 pm 
Alessandro VeselyJan 24, 2008 10:46 pm 
Mark ConstableJan 24, 2008 11:17 pm 
Alessandro VeselyJan 25, 2008 2:17 am 
Mark ConstableJan 25, 2008 2:56 am 
Alessandro VeselyJan 26, 2008 7:28 am 
Mark ConstableJan 28, 2008 6:35 pm 
Sam VarshavchikJan 28, 2008 7:54 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] SPFActions...
From:Alessandro Vesely (ves@tana.it)
Date:Jan 24, 2008 10:28:39 pm
List:net.sourceforge.lists.courier-users

Mark Constable wrote:

Jan 25 10:33:19 mail courieresmtpd: error, relay=::ffff:216.82.241.83, from=<card@xxxxx.com.au>: 517 SPF fail card@xxxxx.com.au: Address does not pass the Sender Policy Framework

# dig +short txt xxxxx.com.au xxxxx.com.au. TXT "v=spf1 +a:mx2.xxxxx.com.au +a:mx1.xxxxx.com.au
include:spf.messagelabs.com -all"

so they use a messagelabs.com cluster and 216.82.241.83 is returned from a lookup of the MX for this domain (in the ADDITIONAL SECTION section) which I presume would be returned as part of include:spf.messagelabs.com part ?

The include:spf.messagelabs.com actually evaluates spf.messagelabs.com, which happens to have a TXT rec "v=spf1 exists:%{ir}.nets.messagelabs.com"

In the macro, "i" stands for IP, "r" for reverse, thus that becomes "exists:83.241.82.216.nets.messagelabs.com". That record actually exists (127.0.0.2), thus the test should have passed, as far as the MAILFROM is concerned.

a:mx2.xxxxx.com.au +a:mx1.xxxxx.com.au

# dig mx xxxxx.com.au.

Missing a dot between "mx" and "xxxxx"? For +a:mx2.xxxxx.com.au, you should check with # dig mx.xxxxx.com.au

opt BOFHSPFHELO=pass,unknown,error,none,neutral

What was the HELO name they used? Perhaps you can retrieve the "newmsg" log entry for that message.