Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philip Gladstone wrote:
> Can I get a test case added to the SPF test suite that deals with the
> problematic situation in my SPF record.
>
> In particular I have the following piece:
>
> -exists:%{i}.%{l1r-}.user.%{d}
>
> In practice the %{l1r-} causes problems for some implementations -- I
> can see from my DNS logs that they map a local part of 'philip' into
> 'hilip'. This is wrong. [.This piece of SPF is actually quite effective
> at eliminating spammers who guess incorrect userids in my domain]
>
> This bug exists at at least two distinct sites (both of which are mail
> forwarding sites handling personal domains) so I suspect that there is
> a common implementation with this as a defect.

We can add a test case to the test suite easily, however trying to
identify the MTA software running on those broken sites may of more
immediate use. Maybe we can guess the SPF implementations used by them
and try to get them fixed directly?

What MTAs are they running? Does their SMTP signature (e.g. the welcome
message) give any hints?

Julian.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHV+CFwL7PKlBZWjsRAmOBAKDTxgnDYWiE9R+l52G4P4nZUa7XqgCdHvT/
tEm5g7nbmnWFWAof0fKVW30=
=+LnG
-----END PGP SIGNATURE-----

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1311532&id_secret=73120603-9f280b
Powered by Listbox: http://www.listbox.com

On Thursday 06 December 2007 06:44, Julian Mehnle wrote:
> Philip Gladstone wrote:
> > Can I get a test case added to the SPF test suite that deals with the
> > problematic situation in my SPF record.
> >
> > In particular I have the following piece:
> >
> > -exists:%{i}.%{l1r-}.user.%{d}
> >
> > In practice the %{l1r-} causes problems for some implementations -- I
> > can see from my DNS logs that they map a local part of 'philip' into
> > 'hilip'. This is wrong. [.This piece of SPF is actually quite effective
> > at eliminating spammers who guess incorrect userids in my domain]
> >
> > This bug exists at at least two distinct sites (both of which are mail
> > forwarding sites handling personal domains) so I suspect that there is
> > a common implementation with this as a defect.
>
> We can add a test case to the test suite easily, however trying to
> identify the MTA software running on those broken sites may of more
> immediate use. Maybe we can guess the SPF implementations used by them
> and try to get them fixed directly?
>
> What MTAs are they running? Does their SMTP signature (e.g. the welcome
> message) give any hints?
>
I do find that Philip's record is a good one for catching implementation
errors. When I first implemented my web validator in 2005, Philip pointed me
at issues in his record (including IIRC this macro expansion) that resulted
in me fixing a number of things in pyspf.

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1311532&id_secret=73159574-42de2e
Powered by Listbox: http://www.listbox.com

One of the sites is godaddy's hosting service:

I get the following interaction:

nc 64.202.166.12 25
220 pre-smtp31-01.prod.mesa1.secureserver.net ESMTP
help
214-qmail home page: http://pobox.com/~djb/qmail.html
214 qmail-ldap patch home page: http://www.nrg4u.com
MAIL FROM: <philip@gladstonefamily.net>
554 refused mailfrom because of SPF policy
quit
221 pre-smtp31-01.prod.mesa1.secureserver.net Goodbye.

This implies it must be some sort of SPF patch into qmail. The actual
record that it tries to lookup is:

140.177.205.131.hilip.user.spf.gladstonefamily.net

The other site is

nc 212.53.64.82 25
220 coumta55.netbenefit.co.uk ESMTP ready at Thu, 06 Dec 2007 21:05:30 +0000
HELP
214-Commands supported:
214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
MAIL FROM: <philip@gladstonefamily.net>
250 OK
RCPT TO: <test@easily.co.uk>
451 140.177.205.131 - You have been greylisted, please try later
quit
221 coumta55.netbenefit.co.uk closing connection

Unfortunately, I have now been caught by some greylisting process.
However, the original error message was

212.53.64.82 does not like recipient.
Remote host said: 550 "Mail from gladstonefamily.net is denied from host
140.177.205.131 SPF"

I.e. these two systems are two different MTAs (as far as I can tell). I
just tried again and the greylisting timeout let me in, and that system
does not appear to be doing SPF checks at all.

Philip

Julian Mehnle wrote:
> Philip Gladstone wrote:
>> Can I get a test case added to the SPF test suite that deals with the
>> problematic situation in my SPF record.
>
>> In particular I have the following piece:
>
>> -exists:%{i}.%{l1r-}.user.%{d}
>
>> In practice the %{l1r-} causes problems for some implementations -- I
>> can see from my DNS logs that they map a local part of 'philip' into
>> 'hilip'. This is wrong. [.This piece of SPF is actually quite effective
>> at eliminating spammers who guess incorrect userids in my domain]
>
>> This bug exists at at least two distinct sites (both of which are mail
>> forwarding sites handling personal domains) so I suspect that there is
>> a common implementation with this as a defect.
>
> We can add a test case to the test suite easily, however trying to
> identify the MTA software running on those broken sites may of more
> immediate use. Maybe we can guess the SPF implementations used by them
> and try to get them fixed directly?
>
> What MTAs are they running? Does their SMTP signature (e.g. the welcome
> message) give any hints?
>
> Julian.
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1311532&id_secret=73325748-40dd8f
Powered by Listbox: http://www.listbox.com