Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
SPF HELO
Kevin_Miller at ci
Jul 8, 2010, 4:03 PM
Post #1 of 6 (4557 views)
Permalink
One of my users sent an email and received the following back:
http://www.openspf.org/Why?s=helo;id=mxe.ci.juneau.ak.us;ip=192.245.44.15;r=smtp.itcanint.ca

I have published SPF records for that host (mxe) so was somewhat surprised to see it fail.

mxe IN A 192.245.44.15
IN TXT "v=spf1 -a a:mxe.ci.juneau.ak.us -all"

I also have an SPF TXT record for ci.juneau.ak.us which includes the ip adddress for the mail server.

I ran the tests at openspf.org, and got the following result:

spf-test@openspf.org
mailout02.controlledmail.com #550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests: Mail-From Result="pass": Mail From="kevin_miller@ci.juneau.ak.us" HELO name="mxe.ci.juneau.ak.us" HELO Result="fail" Remote IP="192.245.44.15" ##

Note the HELO Resut="fail".

I fixed the problem, by removing the the following line from my DNS setup:
ci.juneau.ak.us IN A 204.238.24.10

1: Why would the HELO fail? The HELO name is being reported correctly as mxe.ci.juneau.ak.us.

2: On the "Why" page above, it suggests adding the following record:
v=spf1 -a a:mxe.ci.juneau.ak.us a:mxe.ci.juneau.ak.us -all
Why does it have "a:mxe.ci.juneau.ak.us" twice?
Also, what does the dash before the a (-a) do?


...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF HELO [ In reply to ]
gcerullo at pixelpointstudios
Jul 8, 2010, 4:17 PM
Post #2 of 6 (4466 views)
Permalink
On 8-Jul-10, at 7:03 PM, Kevin Miller wrote:

> One of my users sent an email and received the following back:
> http://www.openspf.org/Why?s=helo;id=mxe.ci.juneau.ak.us;ip=192.245.44.15;r=smtp.itcanint.ca
>
> I have published SPF records for that host (mxe) so was somewhat
> surprised to see it fail.
>
> mxe IN A 192.245.44.15
> IN TXT "v=spf1 -a a:mxe.ci.juneau.ak.us -all"
>
> I also have an SPF TXT record for ci.juneau.ak.us which includes the
> ip adddress for the mail server.
>
> I ran the tests at openspf.org, and got the following result:
>
> spf-test@openspf.org
> mailout02.controlledmail.com #550 5.7.1 <spf-test@openspf.org>:
> Recipient address rejected: SPF Tests: Mail-From Result="pass": Mail
> From="kevin_miller@ci.juneau.ak.us" HELO name="mxe.ci.juneau.ak.us"
> HELO Result="fail" Remote IP="192.245.44.15" ##
>
> Note the HELO Resut="fail".
>
> I fixed the problem, by removing the the following line from my DNS
> setup:
> ci.juneau.ak.us IN A 204.238.24.10
>
> 1: Why would the HELO fail? The HELO name is being reported
> correctly as mxe.ci.juneau.ak.us.
>
> 2: On the "Why" page above, it suggests adding the following record:
> v=spf1 -a a:mxe.ci.juneau.ak.us a:mxe.ci.juneau.ak.us -all
> Why does it have "a:mxe.ci.juneau.ak.us" twice?
> Also, what does the dash before the a (-a) do?


The SPF policy 'v=spf1 -a a:mxe.ci.juneau.ak.us -all' seems to be in
error. The '-a' near the beginning seems to be having a ill effect.

Try removing the '-a' near the beginning as it is meaningless and see
what happens.

Also, while you are at it, why don't you simplify it by being more
explicit and saving a DNS lookup. Try this,

v=spf1 -ip4:192.245.44.15 -all


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF HELO [ In reply to ]
spfdiscuss at alandoherty
Jul 8, 2010, 4:38 PM
Post #3 of 6 (4480 views)
Permalink
At 00:03 09/07/2010 Friday, Kevin Miller wrote:
>One of my users sent an email and received the following back:
>http://www.openspf.org/Why?s=helo;id=mxe.ci.juneau.ak.us;ip=192.245.44.15;r=smtp.itcanint.ca
>
>I have published SPF records for that host (mxe) so was somewhat surprised to see it fail.
>
>mxe IN A 192.245.44.15
> IN TXT "v=spf1 -a a:mxe.ci.juneau.ak.us -all"

I'm not surprised "your spf says to fail it", actually its unpassable

-a {fail any ip this name points to} {first match}
a:mxe.ci.juneau.ak.us {pass strangely the same a {the mxe.ci.juneau.ak.us is redundant} {never matched}
-all {fail all others} {matching all not matched by -a}

but as you admin the dns just fix it to

"v=spf1 ip4:192.245.44.15 -all"

and be done


>I also have an SPF TXT record for ci.juneau.ak.us which includes the ip adddress for the mail server.
>
>I ran the tests at openspf.org, and got the following result:
>
>spf-test@openspf.org
>mailout02.controlledmail.com #550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests: Mail-From Result="pass": Mail From="kevin_miller@ci.juneau.ak.us" HELO name="mxe.ci.juneau.ak.us" HELO Result="fail" Remote IP="192.245.44.15" ##
>
>Note the HELO Resut="fail".
>
>I fixed the problem, by removing the the following line from my DNS setup:
>ci.juneau.ak.us IN A 204.238.24.10
>
>1: Why would the HELO fail? The HELO name is being reported correctly as mxe.ci.juneau.ak.us.
>
>2: On the "Why" page above, it suggests adding the following record:
> v=spf1 -a a:mxe.ci.juneau.ak.us a:mxe.ci.juneau.ak.us -all
> Why does it have "a:mxe.ci.juneau.ak.us" twice?
> Also, what does the dash before the a (-a) do?
>
>
>...Kevin
>--
>Kevin Miller Registered Linux User No: 307357
>CBJ MIS Dept. Network Systems Admin., Mail Admin.
>155 South Seward Street ph: (907) 586-0242
>Juneau, Alaska 99801 fax: (907 586-4500
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF HELO [ In reply to ]
Kevin_Miller at ci
Jul 8, 2010, 4:56 PM
Post #4 of 6 (4474 views)
Permalink
Gino Cerullo wrote:
> On 8-Jul-10, at 7:03 PM, Kevin Miller wrote:
>
>> One of my users sent an email and received the following back:
>> http://www.openspf.org/Why?s=helo;id=mxe.ci.juneau.ak.us;ip=192.245.44
>> .15;r=smtp.itcanint.ca
>>
>> I have published SPF records for that host (mxe) so was somewhat
>> surprised to see it fail.
>>
>> mxe IN A 192.245.44.15
>> IN TXT "v=spf1 -a a:mxe.ci.juneau.ak.us -all"
>>
>> I also have an SPF TXT record for ci.juneau.ak.us which includes the
>> ip adddress for the mail server.
>>
>> I ran the tests at openspf.org, and got the following result:
>>
>> spf-test@openspf.org
>> mailout02.controlledmail.com #550 5.7.1 <spf-test@openspf.org>:
>> Recipient address rejected: SPF Tests: Mail-From Result="pass": Mail
>> From="kevin_miller@ci.juneau.ak.us" HELO name="mxe.ci.juneau.ak.us"
>> HELO Result="fail" Remote IP="192.245.44.15" ##
>>
>> Note the HELO Resut="fail".
>>
>> I fixed the problem, by removing the the following line from my DNS
>> setup: ci.juneau.ak.us IN A 204.238.24.10
>>
>> 1: Why would the HELO fail? The HELO name is being reported
>> correctly as mxe.ci.juneau.ak.us.
>>
>> 2: On the "Why" page above, it suggests adding the following record:
>> v=spf1 -a a:mxe.ci.juneau.ak.us a:mxe.ci.juneau.ak.us -all
>> Why does it have "a:mxe.ci.juneau.ak.us" twice?
>> Also, what does the dash before the a (-a) do?
>
>
> The SPF policy 'v=spf1 -a a:mxe.ci.juneau.ak.us -all' seems to be in
> error. The '-a' near the beginning seems to be having a ill effect.
>
> Try removing the '-a' near the beginning as it is meaningless and see
> what happens.

I removed the dash when testing yesterday and it didn't make any difference. I have that record in there based on what the "Why" page shows. Except I don't list the host twice.


> Also, while you are at it, why don't you simplify it by being more
> explicit and saving a DNS lookup. Try this,
>
> v=spf1 -ip4:192.245.44.15 -all

Already have that. Well, I have this which includes it. From nslookup:
ci.juneau.ak.us text = "v=spf1 ip4:206.174.127.174 ip4:192.245.44.3 ip4:192.245.44.15 ip4:192.245.44.53 ip4:192.245.44.24 ip4:204.238.24.184 mx -all"

For each host I also have:
"v=spf1 a a:mxe.ci.juneau.ak.us -all"

Any percentage in replacing that with
"v=spf1 a -all"
which is what the wizard shows to also add in?


...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF HELO [ In reply to ]
spf1 at beer
Jul 8, 2010, 5:33 PM
Post #5 of 6 (4479 views)
Permalink
>> Try removing the '-a' near the beginning as it is meaningless and see
>> what happens.
>
> I removed the dash when testing yesterday and it didn't make any
> difference.

How long did you leave the records in place?

Remember that DNS is *heavily* cached; it is normal for records to be
cached for at least a day - and yours are set to be cached for 3 days.

> Any percentage in replacing that with
> "v=spf1 a -all"

Yes. It removes one DNS lookup. Better yet is to remove the "a" and
replace it with an explicit ip4: clause.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF HELO [ In reply to ]
Kevin_Miller at ci
Jul 9, 2010, 12:08 PM
Post #6 of 6 (4467 views)
Permalink
Vic wrote:
>>> Try removing the '-a' near the beginning as it is meaningless and
>>> see what happens.
>>
>> I removed the dash when testing yesterday and it didn't make any
>> difference.
>
> How long did you leave the records in place?
>
> Remember that DNS is *heavily* cached; it is normal for records to be
> cached for at least a day - and yours are set to be cached for 3
> days.

Yeah, I thought about that. When I remmed out the line "ci.juneau.ak.us IN A 204.238.24.10" the tests passed immediately afterwards so I guessed that maybe the test server was using a DNS server that didn't cache for just that reason. May or may be, I dunno.

>> Any percentage in replacing that with
>> "v=spf1 a -all"
>
> Yes. It removes one DNS lookup. Better yet is to remove the "a" and
> replace it with an explicit ip4: clause.

My current settings (well, a subset of them) are:
ci.juneau.ak.us. IN TXT "v=spf1 ip4:206.174.127.174 ip4:192.245.44.3 ip4:192.245.44.15 ip4:192.245.44.53 ip4:192.245.44.24 ip4:204.238.24.184 mx -all"

mxe IN A 192.245.44.15
IN TXT "v=spf1 a a:mxe.ci.juneau.ak.us -all"

So I'll change the last line to "v=spf1 ip:192.245.44.15 -all" for mxe and similar entries (with their respective IPs of cours).

Thanks all that replied...


...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal