Mailing List Archive

... postfix/smtpd[18357]: connect from unknown[59.94.131.165]
... postfix/policy-spf[18409]: Attribute: ccert_fingerprint=
... postfix/policy-spf[18409]: Attribute: ccert_issuer=
... postfix/policy-spf[18409]: Attribute: ccert_subject=
... postfix/policy-spf[18409]: Attribute: client_address=59.94.131.165
... postfix/policy-spf[18409]: Attribute: client_name=unknown
... postfix/policy-spf[18409]: Attribute: encryption_cipher=
... postfix/policy-spf[18409]: Attribute: encryption_keysize=0
... postfix/policy-spf[18409]: Attribute: encryption_protocol=
... postfix/policy-spf[18409]: Attribute: etrn_domain=
... postfix/policy-spf[18409]: Attribute: helo_name=jamux.com
... postfix/policy-spf[18409]: Attribute: instance=47b5.45e5a8ed.2d8ef.0
... postfix/policy-spf[18409]: Attribute: protocol_name=ESMTP
... postfix/policy-spf[18409]: Attribute: protocol_state=RCPT
... postfix/policy-spf[18409]: Attribute: queue_id=
... postfix/policy-spf[18409]: Attribute: recipient=jam@jamux.com
... postfix/policy-spf[18409]: Attribute: recipient_count=0
... postfix/policy-spf[18409]: Attribute: request=smtpd_access_policy
... postfix/policy-spf[18409]: Attribute: reverse_client_name=unknown
... postfix/policy-spf[18409]: Attribute: sasl_method=
... postfix/policy-spf[18409]: Attribute: sasl_sender=
... postfix/policy-spf[18409]: Attribute: sasl_username=
... postfix/policy-spf[18409]: Attribute: sender=john@my-site.com
... postfix/policy-spf[18409]: Attribute: size=0
... postfix/policy-spf[18409]: handler exempt_localhost: DUNNO
... postfix/policy-spf[18409]: : SPF Fail (Mechanism '-all' matched):
HELO/EHLO: jamux.com, IP Address: 59.94.131.165, Recipient:
jam@jamux.com
... postfix/policy-spf[18409]: handler sender_policy_framework: 550
Please see
http://www.openspf.org/Why?id=jamux.com&ip=59.94.131.165&receiver=athene.jamux.com

... postfix/policy-spf[18409]: handler sender_policy_framework: is
decisive.
... postfix/policy-spf[18409]: : Policy action=550 Please see
http://www.openspf.org/Why?id=jamux.com&ip=59.94.131.165&receiver=athene.jamux.com
... postfix/smtpd[18357]: NOQUEUE: reject: RCPT from
unknown[59.94.131.165]: 550 5.7.1 <jam@jamux.com>: Recipient address
rejected: Please see
http://www.openspf.org/Why?id=jamux.com&ip=59.94.131.165&receiver=athene.jamux.com;
from=<john@my-site.com> to=<jam@jamux.com> proto=ESMTP helo=<jamux.com>
... postfix/smtpd[18357]: lost connection after RCPT from
unknown[59.94.131.165]
... postfix/smtpd[18357]: disconnect from unknown[59.94.131.165]


The Why URL gives:

,----
Why did SPF cause my mail to be rejected?
What is SPF?

SPF is an extension to Internet e-mail. It prevents unauthorized
people from forging your e-mail address (see the introduction). But
for it to work, your or your e-mail service provider's setup may need
to be adjusted. Otherwise, the system may mistake you for an
unauthorized sender.

Note that there is no central institution that enforces SPF. If a
message of yours gets blocked due to SPF, this is because (1) your
domain has declared an SPF policy that forbids you to send through the
mail server through which you sent the message, and (2) the
recipient's mail server detected that and blocked the message.
athene.jamux.com rejected a message that claimed an envelope sender
address of jamux.com.

athene.jamux.com received a message from 59.94.131.165 that claimed an
envelope sender address of jamux.com.

However, the domain jamux.com has declared using SPF that it does not
send mail through 59.94.131.165. That is why the message was
rejected.
`----

But in fact he did 'helo jamux.com' while most folks AFIK take the
envelope sender to be the argument to the MAIL FROM seen in this
example in 'Attribute: sender=john@my-site.com', no?

This is postfix-policyd-spf-perl-2.002 (slightly modified) and
Mail-SPF-2.004.

My modifications shown below do not seem to be involved.

,----[ diff -c postfix-policyd-spf-perl postfix-policyd-jam-spf-perl ]
*** postfix-policyd-spf-perl Tue Feb 20 05:52:33 2007
--- postfix-policyd-jam-spf-perl Wed Feb 28 10:18:17 2007
***************
*** 1,6 ****
#!/usr/bin/perl

# http://www.openspf.org/Software
# version 2.002
#
--- 1,6 ----
#!/usr/bin/perl

# http://www.openspf.org/Software
# version 2.002
#
***************
*** 22,27 ****
--- 22,30 ----
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

+ # Modified by John A. Martin to enable postfix spf-pass access restrictions
+ # requires postfix-policyd-passed-spf-perl 27 Feb 2007
+
use version; our $VERSION = qv('2.002');

use strict;
***************
*** 49,55 ****
}
);

! my $VERBOSE = 0;

my $DEFAULT_RESPONSE = 'DUNNO';

--- 52,58 ----
}
);

! my $VERBOSE = 1;

my $DEFAULT_RESPONSE = 'DUNNO';

***************
*** 233,240 ****
return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
}
elsif ($attr->{sender} eq '') {
! return "PREPEND $helo_spf_header"
! unless $cache->{added_spf_header}++;
}

# -------------------------------------------------------------------------
--- 236,248 ----
return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
}
elsif ($attr->{sender} eq '') {
! if ($helo_result->is_code('pass')) {
! return "helo_passed_spf" unless $cache->{added_spf_header}++;
! return "helo_passed_spf_continue";
! } else {
! return "PREPEND $helo_spf_header"
! unless $cache->{added_spf_header}++;
! }
}

# -------------------------------------------------------------------------
***************
*** 291,296 ****
--- 299,308 ----
elsif ($mfrom_result->is_code('temperror')) {
return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp";
}
+ elsif ($mfrom_result->is_code('pass')) {
+ return "mfrom_passed_spf" unless $cache->{added_spf_header}++;
+ return "mfrom_passed_spf_continue";
+ }
else {
return "PREPEND $mfrom_spf_header"
unless $cache->{added_spf_header}++;
`----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1007