Mailing List Archive

Hello,

Tuesday, August 17, 2004, 12:56:17 PM, you wrote:

RS> I am checking some domains which have SPF record but spf.py
RS> says "unknown".
RS> Using spfquery from spflib2 gives:
RS> $ spfquery -ip=194.67.23.28 -sender=gluck@mail.subscribe.ru
RS> softfail
RS> Please see
RS> http://spf.pobox.com/why.html?sender=gluck%40mail.subscribe.ru&ip=194.67.23.28&receiver=spfquery
RS> spfquery: transitioning domain of mail.subscribe.ru does not designate
RS> 194.67.23.28 as permitted sender
RS> Received-SPF: softfail (spfquery: transitioning domain of
RS> mail.subscribe.ru does not designate 194.67.23.28 as permitted sender)
RS> client-ip=194.67.23.28; envelope-from=gluck@mail.subscribe.ru;
RS> problem=Warning: Mechanisms found after the "all:" mechanism will be
RS> ignored;
RS> While spf.py gives:
RS> $ spf.py 195.161.136.3 gluck@mail.subscribe.ru mx8.mail.ru
RS> ('unknown', 250, 'SPF unknown')
RS> So, who is right? Is it softfail or unknown?
RS> (Or just some mechanism is not yet implemented in spf.py?)

No, mechanism is implemented. But I get same result:

perl -MData::Dumper -MMail::SPF::Query -le 'my $query = Mail::SPF::Query->new(ipv4=>$ARGV[0], helo=>$ARGV[1], sender=>$ARGV[2], max_lookup_count=>2, myhostname=>"roll.vyborg.com.ru", debug=>1); print Dumper($query->result);' 81.9.34.174 roll.vyborg.com.ru gluck@mail.subscribe.ru
| mail.subscribe.ru new: ipv4=81.9.34.174, sender=gluck@mail.subscribe.ru, helo=roll.vyborg.com.ru
| gluck mail.subscribe.ru localpart is gluck
| gluck mail.subscribe.ru DirectiveSet->new(): doing TXT query on mail.subscribe.ru
| gluck mail.subscribe.ru myquery: doing TXT query on mail.subscribe.ru
| gluck mail.subscribe.ru DirectiveSet->new(): TXT query on mail.subscribe.ru returned error=, last_dns_error=NOERROR
| gluck mail.subscribe.ru DirectiveSet->new(): SPF policy: redirect=subscribe.ru ~all
| gluck mail.subscribe.ru lookup: TXT redirect=subscribe.ru ~all
| gluck mail.subscribe.ru lookup: TXT prefix=~, lhs=all, rhs=
| gluck mail.subscribe.ru lookup: mec mechanisms=~all()
| gluck mail.subscribe.ru evaluate_mechanism: ~all() for domain=mail.subscribe.ru
| gluck mail.subscribe.ru evaluate_mechanism: ~all() returned hit default
| gluck mail.subscribe.ru saving result softfail to cache point and returning.
| gluck mail.subscribe.ru macro_substitute_item: S: field=S, num=, reverse=, delim=., newval=gluck%40mail.subscribe.ru
| gluck mail.subscribe.ru macro_substitute_item: I: field=I, num=, reverse=, delim=., newval=81.9.34.174
| gluck mail.subscribe.ru macro_substitute_item: xR: field=xR, num=, reverse=, delim=., newval=roll.vyborg.com.ru
| gluck mail.subscribe.ru macro_substitute: Please see http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{xR} -> Please see http://spf.pobox.com/why.html?sender=gluck%40mail.subscribe.ru&ip=81.9.34.174&receiver=roll.vyborg.com.ru
| gluck mail.subscribe.ru header_comment: spf_source = domain of gluck@mail.subscribe.ru
| gluck mail.subscribe.ru header_comment: spf_source_type = original-spf-record
$VAR1 = 'softfail';
$VAR2 = 'Please see http://spf.pobox.com/why.html?sender=gluck%40mail.subscribe.ru&ip=81.9.34.174&receiver=roll.vyborg.com.ru';
$VAR3 = 'roll.vyborg.com.ru: transitioning domain of gluck@mail.subscribe.ru does not designate 81.9.34.174 as permitted sender';
$VAR4 = 'v=spf1 redirect=subscribe.ru ~all';
$VAR5 = {
'spf_record' => 'v=spf1 redirect=subscribe.ru ~all',
'smtp_comment' => 'Please see http://spf.pobox.com/why.html?sender=gluck%40mail.subscribe.ru&ip=81.9.34.174&receiver=roll.vyborg.com.ru',
'vouches' => [],
'header_pairs' => 'receiver=roll.vyborg.com.ru; client-ip=81.9.34.174; envelope-from=gluck@mail.subscribe.ru; helo=roll.vyborg.com.ru; mechanism=~all;',
'unknown_mechs' => [],
'modifiers' => undef,
'header_comment' => 'roll.vyborg.com.ru: transitioning domain of gluck@mail.subscribe.ru does not designate 81.9.34.174 as permitted sender',
'result' => 'softfail'
};






--------------------------------------------------------
sergey miassoedov MAINROAD-RIPN MSV-RIPE
work phone: +7 095 7440918 e-mail: sergey@kaa.ru
fax: +7 095 7440922 mobile: +7 903 7342792

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

The best way to check is to actually request the TXT record:

mail.subscribe.ru. 14400 IN TXT "v=spf1 redirect=subscribe.ru ~all"

and subscribe.ru gives:

subscribe.ru. 14400 IN TXT "v=spf1 +ip4:81.9.34.128/25 +ip4:195.14.58.8/29 ~all"

(~all in mail.subscribe.ru is incorrect btw, i think redirect means no further checking is done on the original spf record)

now you are testing 194.67.23.28 against this record, which clearly doesnt match 81.9.34.128/25 nor 195.14.58.8/29, but does match all and so the result is softfail.

There.

Koen



On Tue, Aug 17, 2004 at 12:56:17PM +0400, Roman Suzi wrote:
>
> I am checking some domains which have SPF record but spf.py
> says "unknown".
>
> Using spfquery from spflib2 gives:
>
> $ spfquery -ip=194.67.23.28 -sender=gluck@mail.subscribe.ru
> softfail
> Please see
> http://spf.pobox.com/why.html?sender=gluck%40mail.subscribe.ru&ip=194.67.23.28&receiver=spfquery
> spfquery: transitioning domain of mail.subscribe.ru does not designate
> 194.67.23.28 as permitted sender
> Received-SPF: softfail (spfquery: transitioning domain of
> mail.subscribe.ru does not designate 194.67.23.28 as permitted sender)
> client-ip=194.67.23.28; envelope-from=gluck@mail.subscribe.ru;
> problem=Warning: Mechanisms found after the "all:" mechanism will be
> ignored;
>
> While spf.py gives:
>
> $ spf.py 195.161.136.3 gluck@mail.subscribe.ru mx8.mail.ru
> ('unknown', 250, 'SPF unknown')
>
> So, who is right? Is it softfail or unknown?
> (Or just some mechanism is not yet implemented in spf.py?)
>
> Sincerely yours, Roman A.Suzi
> --
> - Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, 17 Aug 2004, sergey miassoedov wrote:

> Hello,
>
> Tuesday, August 17, 2004, 12:56:17 PM, you wrote:
>
> RS> I am checking some domains which have SPF record but spf.py
> RS> says "unknown".
> RS> Using spfquery from spflib2 gives:
> RS> $ spfquery -ip=194.67.23.28 -sender=gluck@mail.subscribe.ru
> RS> softfail

> RS> $ spf.py 195.161.136.3 gluck@mail.subscribe.ru mx8.mail.ru
> RS> ('unknown', 250, 'SPF unknown')

> RS> So, who is right? Is it softfail or unknown?
> RS> (Or just some mechanism is not yet implemented in spf.py?)
>
> No, mechanism is implemented. But I get same result:

Perl module gives the same result as spfquery. But Python's spf.py
gives different result. Maybe subscribe.ru are wrong and effectively
'unknown' and softfail are the same?

The module contains only those values:

RESULTS = {'+': 'pass', '-': 'deny', '?': 'unknown',
'pass': 'pass', 'deny': 'deny', 'unknown': 'unknown' }

EXPLANATIONS = {'pass': 'sender SPF verified', 'deny': 'access denied',
'unknown': 'SPF unknown'}


Thus, there are 3 variants: pass, deny and unknown.

Still, subscribe.ru has SPF-records while they aren't helpful.

> perl -MData::Dumper -MMail::SPF::Query -le 'my $query = Mail::SPF::Query->new(ipv4=>$ARGV[0], helo=>$ARGV[1], sender=>$ARGV[2], max_lookup_count=>2, myhostname=>"roll.vyborg.com.ru", debug=>1); print Dumper($query->result);' 81.9.34.174 roll.vyborg.com.ru gluck@mail.subscribe.ru
> | mail.subscribe.ru new: ipv4=81.9.34.174, sender=gluck@mail.subscribe.ru, helo=roll.vyborg.com.ru
> | gluck mail.subscribe.ru localpart is gluck
> | gluck mail.subscribe.ru DirectiveSet->new(): doing TXT query on mail.subscribe.ru
> | gluck mail.subscribe.ru myquery: doing TXT query on mail.subscribe.ru

Roman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, Aug 17, 2004 at 02:18:22PM +0400, Roman Suzi wrote:
> Perl module gives the same result as spfquery. But Python's spf.py
> gives different result. Maybe subscribe.ru are wrong and effectively
> 'unknown' and softfail are the same?
>
> The module contains only those values:
>
> RESULTS = {'+': 'pass', '-': 'deny', '?': 'unknown',
> 'pass': 'pass', 'deny': 'deny', 'unknown': 'unknown' }
>
> EXPLANATIONS = {'pass': 'sender SPF verified', 'deny': 'access denied',
> 'unknown': 'SPF unknown'}
>
>
> Thus, there are 3 variants: pass, deny and unknown.

That can't be right, softfail is distinct from pass/deny/unknown. Unknown is for those cases that there is no spf record or there is an error during the spf check.. softfail if for domains that are in transition, and don't want to go to -all in one step but want to test their record for a bit first.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I've solved this problem by adding softfail to the RESULTS and
EXPLANATIONS dictionaries of the spf.py program.

RESULTS = {'+': 'pass',
'-': 'deny',
'?': 'unknown',
'~': 'softfail',
'pass': 'pass', 'deny': 'deny', 'unknown': 'unknown' }

EXPLANATIONS = {'pass': 'sender SPF verified',
'deny': 'access denied',
'softfail': 'Softfail transition period',
'unknown': 'SPF unknown'}


Sincerely yours, Roman A.Suzi
--
- Petrozavodsk - Karelia - Russia - mailto:rnd@onego.ru -

On Tue, 17 Aug 2004, Koen Martens wrote:

> On Tue, Aug 17, 2004 at 02:18:22PM +0400, Roman Suzi wrote:
> > Perl module gives the same result as spfquery. But Python's spf.py
> > gives different result. Maybe subscribe.ru are wrong and effectively
> > 'unknown' and softfail are the same?
> >
> > The module contains only those values:
> >
> > RESULTS = {'+': 'pass', '-': 'deny', '?': 'unknown',
> > 'pass': 'pass', 'deny': 'deny', 'unknown': 'unknown' }
> >
> > EXPLANATIONS = {'pass': 'sender SPF verified', 'deny': 'access denied',
> > 'unknown': 'SPF unknown'}
> >
> >
> > Thus, there are 3 variants: pass, deny and unknown.
>
> That can't be right, softfail is distinct from pass/deny/unknown. Unknown is for those cases that there is no spf record or there is an error during the spf check.. softfail if for domains that are in transition, and don't want to go to -all in one step but want to test their record for a bit first.
>
> Koen
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com