Mailing List Archive

On Wed, Oct 7, 2009 at 21:43, Miels van Schaik <mielsvanschaik@gmail.com> wrote:
> Hello,
>
> I'm trying to set up SPF for our website, http://www.wetenschapsforum.nl

SPF is for email, not for web ;)

> First the good news: I think I've succeeded in adding the correct TXT
> header (v=spf1 a mx ?all)

That says that you send email from:

a: wetenschapsforum.nl (85.17.220.92)
mx: mail.wetenschapsforum.nl (85.17.220.92)
?all: But just ignore the record

> When I send an email from my account at wetenschapsforum to my gmail
> account I find this in the headers:
> (I've replace my real address with ****)
>
> Received-SPF: pass (google.com: domain of ****@wetenschapsforum.nl
> designates 85.17.220.92 as permitted sender) client-ip=85.17.220.92;

SPF pass - your SPF record is correct.

> Authentication-Results: mx.google.com; spf=pass (google.com: domain of
> ****@wetenschapsforum.nl designates 85.17.220.92 as permitted sender)
> smtp.mail=****@wetenschapsforum.nl

SPF pass - your SPF record is correct.

> So looks good, right?
>
> Now for the bad news:
> We're running Invision Power Board. One of the reasons I'm looking
> into SPF is to prevent our (automated) mails to get in spamboxes. I'm
> referring to notifications like the board is sending in case of a new
> new personale message etc.
> Now when I get a message from the board the header looks like this:
> (I've replaced the sending address with --- this time).
>
> Received-SPF: softfail (google.com: best guess record for domain of
> transitioning ---@wetenschapsforum.nl does not designate <unknown> as
> permitted sender)
>
> I don't have a clue why it sais "<unknown>".

As you didn't include the full header of such an email, neither will
anybody else.

Please provide the FULL, unaltered, headers of such an email so we can
help you. If you don't want to post the information here (there's no
reason to hide it, it's public anyway as soon as you send email) you
can use the Contact form on the SPF site
(http://www.openspf.org/Contact) to reach a small team of volunteers
to help you.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 21:43 07/10/2009 Wednesday, Miels van Schaik wrote:
>Hello,
>
>I'm trying to set up SPF for our website, http://www.wetenschapsforum.nl
>
>First the good news: I think I've succeeded in adding the correct TXT
>header (v=spf1 a mx ?all)

correct?? well it has the ip you want twice so hardly correct
v=spf1 a ?all
would save the receiver extra dns lookups and have the same result
or v=spf1 ip4:85.17.220.92 ?all
is saving them all extra dns lookups and thus working even better

>When I send an email from my account at wetenschapsforum to my gmaail
><removed >
>So looks good, right?
>
>Now for the bad news:
>We're running Invision Power Board. One of the reasons I'm looking
>into SPF is to prevent our (automated) mails to get in spamboxes. I'm
>referring to notifications like the board is sending in case of a new
>new personale message etc.
>Now when I get a message from the board the header looks like this:
>(I've replaced the sending address with --- this time).
>
>Received-SPF: softfail (google.com: best guess record for domain of
>transitioning ---@wetenschapsforum.nl does not designate <unknown> as
>permitted sender)

what about giving us the actual received header
{or all if your unsure which received is from mails arrival in google}
{not the Recieved-SPF header}
so we can actually see the IP the automated mail comes from
{as its obviously different or it wouldn't have failed SPF}

>I don't have a clue why it sais "<unknown>".

at a guess its from an ip that has no ptr record or mismatching ptr record
but without the received headers there is no way to tell

if it is then this will be a bigger issue than any SPF related one

why do you not give us the headers its not like there is anything secret in them?



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hello,

Regarding the format of the string Alan wrote:
> or v=spf1 ip4:85.17.220.92 ?all
> is saving them all extra dns lookups and thus working even better
Good idea, I'll change the format accordingly. Thanks.
To be complete: I've constructed the string with this SPF-tool
http://old.openspf.org/wizard.html , but saving lookups by entering an
IP sounds like a better practice.

Rob wrote:
> If you don't want to post the information here (there's no
> reason to hide it, it's public anyway as soon as you send email)
And Alan continued:
> why do you not give us the headers its not like there is anything secret in them?
Well, this mail might end up in quite some mailboxes. So when one of
all those recipients would get a mailworm I'd like to reduce the
number of email addresses harvested. But I do understand this will
make helping my harder. So here is the complete header:

Just a recap: this header belongs to a notification sent out
automatically by our forum board, notifying me of a new topic,
personal message etc.
I have configured my GMail to import my POP3 mailbox at Wetenschapsforum.
I wonder why the sender gets listed as <unknown>

----------------------------------------------------------------------------
Delivered-To: mielsvanschaik@gmail.com
Received: by 10.216.90.84 with SMTP id d62cs50574wef;
Fri, 9 Oct 2009 10:45:36 -0700 (PDT)
Received: by 10.224.97.219 with SMTP id m27mr2176679qan.373.1255110335435;
Fri, 09 Oct 2009 10:45:35 -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of
transitioning wetenschap@wetenschapsforum.nl does not designate
<unknown> as permitted sender)
Received: by 10.241.83.170 with POP3 id 42mf672733qyk.37;
Fri, 09 Oct 2009 10:45:35 -0700 (PDT)
X-Gmail-Fetch-Info: M.v.Schaik@wetenschapsforum.nl 2
mail.wetenschapsforum.nl 110 M.v.Schaik@wetenschapsforum.nl
Return-path: <wetenschap@wetenschapsforum.nl>
Envelope-to: m.v.schaik@wetenschapsforum.nl
Delivery-date: Fri, 09 Oct 2009 18:53:53 +0200
Received: from apache by vps08-node02.2uhosting.nl with local (Exim 4.67)
(envelope-from <wetenschap@wetenschapsforum.nl>)
id 1MwIj3-0002RF-RA
for m.v.schaik@wetenschapsforum.nl; Fri, 09 Oct 2009 18:53:53 +0200
To: m.v.schaik@wetenschapsforum.nl
Subject: Je hebt een persoonlijk bericht
X-PHP-Script: www.wetenschapsforum.nl/invision233/index.php for 81.204.97.86
MIME-Version: 1.0
Date: Fri, 09 Oct 2009 18:53:53 +0200
From: "Wetenschapsforum" <forumbot@wetenschapsforum.nl>
X-Priority: 3
X-Mailer: IPB PHP Mailer
Content-type: text/plain; charset="iso-8859-1"
Message-Id: <E1MwIj3-0002RF-RA@vps08-node02.2uhosting.nl>
---------------------------------------------------------------------------

This probably has more to do with the configuration of sendmail
instead of SPF, but I was hoping you'd have some ideas on what to do
next!

Regards,

Miels


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Fri, Oct 9, 2009 at 18:56, Miels van Schaik <mielsvanschaik@gmail.com> wrote:
>
> I have configured my GMail to import my POP3 mailbox at Wetenschapsforum.
> I wonder why the sender gets listed as <unknown>

Possibly because of the POP3 import - I suspect you need to log a
fault with Google since it appears that that's the problem.

> ----------------------------------------------------------------------------
> Delivered-To: mielsvanschaik@gmail.com
> Received: by 10.216.90.84 with SMTP id d62cs50574wef;
>        Fri, 9 Oct 2009 10:45:36 -0700 (PDT)
> Received: by 10.224.97.219 with SMTP id m27mr2176679qan.373.1255110335435;
>        Fri, 09 Oct 2009 10:45:35 -0700 (PDT)
> Received-SPF: softfail (google.com: best guess record for domain of
> transitioning wetenschap@wetenschapsforum.nl does not designate
> <unknown> as permitted sender)
> Received: by 10.241.83.170 with POP3 id 42mf672733qyk.37;
>        Fri, 09 Oct 2009 10:45:35 -0700 (PDT)

Yup, that looks like a bug with Google's POP3/SPF interaction.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 18:56 09/10/2009 Friday, Miels van Schaik wrote:
>Hello,
>
>Regarding the format of the string Alan wrote:
>> or v=spf1 ip4:85.17.220.92 ?all
>> is saving them all extra dns lookups and thus working even better
>Good idea, I'll change the format accordingly. Thanks.
>To be complete: I've constructed the string with this SPF-tool
>http://old.openspf.org/wizard.html , but saving lookups by entering an
>IP sounds like a better practice.
>
>Rob wrote:
>> If you don't want to post the information here (there's no
>> reason to hide it, it's public anyway as soon as you send email)
>And Alan continued:
>> why do you not give us the headers its not like there is anything secret in them?
>Well, this mail might end up in quite some mailboxes. So when one of
>all those recipients would get a mailworm I'd like to reduce the
>number of email addresses harvested. But I do understand this will
>make helping my harder. So here is the complete header:
>
>Just a recap: this header belongs to a notification sent out
>automatically by our forum board, notifying me of a new topic,
>personal message etc.
>I have configured my GMail to import my POP3 mailbox at Wetenschapsforum.
>I wonder why the sender gets listed as <unknown>

because SPF is an smtp based protocol the
sender and other smtp envelope details are unavailable to pop3 clients {like gmail}
gmail attempts to guess by looking at the received/delivered-to,envelope-sender headers in your pop3 mailservers copy
but as the apache {sender} and pop3 are on the same box the mail never goes via smtp at any point
so no ip to check against SPF thus <unknown>

the specific headers used are below not not received by smtp but @local@ and no ip anywhere


now for a real test send a mail direct by smtp to either your gmail address
or to myself {and I'll send you the results}

an address on the same server as the sender can never determine PASS/FAIL via spf as it will never travel via smtp

and gmails {or anyones} SPF headers for pop3 retrieved mail should NEVER be trusted
the receiver {your server} before the mail goes to pop3
is the only person who can make a trustable SPF pass/fail determination
{on non-local mail, local mail should be trustable because it was generated/sent by you}


>Return-path: <wetenschap@wetenschapsforum.nl>
>Envelope-to: m.v.schaik@wetenschapsforum.nl
>Delivery-date: Fri, 09 Oct 2009 18:53:53 +0200
>Received: from apache by vps08-node02.2uhosting.nl with local (Exim 4.67)
> (envelope-from <wetenschap@wetenschapsforum.nl>)
> id 1MwIj3-0002RF-RA
> for m.v.schaik@wetenschapsforum.nl; Fri, 09 Oct 2009 18:53:53 +0200
>To: m.v.schaik@wetenschapsforum.nl






-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thanks for the extensive explanation. I sent the mail directly to my
gmail as you suggested, which resulted in a SPF pass. So now it's
working as intended (and as a bonus I did gain some more insight in
how it all works)!

Regards,

Miels


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 14:45 10/10/2009 Saturday, Miels van Schaik wrote:
>Thanks for the extensive explanation. I sent the mail directly to my
>gmail as you suggested, which resulted in a SPF pass. So now it's
>working as intended (and as a bonus I did gain some more insight in
>how it all works)!

glad to hear it
but that has only covered envelope-sender/return-path/mfrom SPF

which is 90%

but but for gold standard you should also cover
accurate HELO/EHLO SPF extra 9%

find the name(s) your mta(s) use in their helo/ehlo greeting {from the received headers}
add "v=spf1 A -all" ie allow this name in helo from the ip this name points to

and separately
mitigating against the broken Sender-ID/SPF overlap 1%
{as so few use the broken sender-id)

in your envelope-sender domain add the following sender-id records
to avoid mis-use of your spf records for sender id
"v=spf2.0/pra ?all" *ie i do not use the bits of sender-id that go beyond the normal spf-checks
"v=spf2.0/mfrom {same string as your spf1}" *ie sender-id users check the envelope in the same way SPF users do

and lastly
using SPF to self-blacklist all your non-mail domains 0.01%

simply add "v=spf1 -all" to all other domains not used in envelope or helo/ehlo to prevent them being (ab)used by others

{as yes SPF is about getting your mail through but its all moot if it dosn't help stop all the other forgeries from domains owned by you}

>Regards,
>
>Miels
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com