Mailing List Archive

question about SPF error message from mail server
Hello all,

This is my first posting to this list. I hope that this is the appropriate forum for my request.

I maintain a local mail server for our LAN, while a more centralized mail server manages mail generated to and from our mail server.

A staff person (mail.sender@state.or.us) here has been having problems posting to an email distribution list. It seems that when she posts to the list address (oasl-all@oema.memberclicks.net), a couple of the members don't receive the message. The staff person (mail.sender@state.or.us<mailto:mail.sender@state.or.us>) gets a bounce message from one of those addresses and it is included below.

I am not that familiar with SPF, so am having a hard time tracing this to the problem server. Mail.sender@state.or.us<mailto:Mail.sender@state.or.us> is using the state.or.us domain, but is sending through memberclicks.net. The line http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33 shows mail.sender@state.or.us<mailto:mail.sender@state.or.us>, but the IP is for elists.memberclicks.com.

So, where is the pinch point here and what should the next steps be. Thanks for any guidance you can provide.

Christopher Adams


Bounce alert message received when posting to the listserv:
Delivery has failed to these recipients or groups:
receiver@xxx.or.us
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
The following organization rejected your message: mail.xxx.or.us.
Diagnostic information for administrators:
Generating server: elists.memberclicks.com
receiver@xxx.or.us<mailto:receiver@xxx.or.us>
mail.xxx.or.us #<mail.xxx.or.us #4.0.0 smtp; 453 Please see http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33> #SMTP#
Original message headers:
Received: from mcvm02-app4.memberclicks.prod (mcvm02-app4.memberclicks.prod
[192.168.3.83]) by elists.memberclicks.com (Postfix) with SMTP id C49E256ADEF
for <receiver@xxx.or.us<mailto:receiver@xxx.or.us>>; Tue, 23 Nov 2010 12:47:51 -0500 (EST)
Date: Tue, 23 Nov 2010 12:34:07 -0500
From: Jennifer Maurer <mail.sender@state.or.us<mailto:mail.sender@state.or.us>>
Sender: <oasl-all@oema.memberclicks.net<mailto:oasl-all@oema.memberclicks.net>>
Reply-To: <mail.sender@state.or.us<mailto:mail.sender@state.or.us>>
To: <receiver@xxx.or.us<mailto:receiver@xxx.or.us>>
Message-ID: <22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com<mailto:22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com>>
Subject: [oasl-all] 2010 QEM Report (for 2008-09 School Year)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_000_B60CC3E64AD0D941AA792F1955E3D5C308967ABCOSLEXCHANGEosls_"
X-Mailer: msgsend

When you click on this link from the message above, http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33,
you get this message (Note the highlighted part below.):
Why did SPF cause my mail to be rejected?
What is SPF?

SPF is an extension to Internet e-mail. It prevents unauthorized people from forging your e-mail address (see the introduction<http://www.openspf.org/Introduction>). But for it to work, your own or your e-mail service provider's setup may need to be adjusted. Otherwise, the system may mistake you for an unauthorized sender.

Note that there is no central institution that enforces SPF. If a message of yours gets blocked due to SPF, this is because (1) your domain has declared an SPF policy that forbids you to send through the mail server through which you sent the message, and (2) the recipient's mail server detected this and blocked the message.

rejected a message that claimed an envelope sender address of jennifer.maurer@state.or.us.

received a message from elists.memberclicks.com (204.193.139.33) that claimed an envelope sender address of mail.sender@state.or.us.

However, the domain state.or.us has declared using SPF that it does not send mail through elists.memberclicks.com (204.193.139.33). That is why the message was rejected.

If you are jennifer.maurer@state.or.us:

state.or.us should have given you a way to send mail through an authorized server.

If you are using a mail program as opposed to web-mail, you may need to update the "SMTP server" configuration setting according to your ISP's instructions. You may also need to turn on authentication, and enter your username and password in your mail program's options. Please contact your ISP for assistance.

If you run your own MTA, you may have to set a "smarthost" or "relayhost". If you are mailing from outside your ISP's network, you may also have to make your MTA use authenticated SMTP<http://www.openspf.org/Best_Practices/SMTP_Authentication>. Ideally your server should listen on port 587 as well as port 25.

If your mail was correctly sent, but was rejected because it passed through a forwarding service, as an interim solution you can mail the final destination address directly (it should be shown in the bounce message). See the forwarding best practices<http://www.openspf.org/Best_Practices/Forwarding> (or refer the recipient there) for the discussion of a proper solution.

If you need further help, see our support<http://www.openspf.org/Support> section for free support and professional consulting services.

If you are confident that your message did go through an authorized server:

The administrator of the domain state.or.us may have incorrectly configured its SPF record. This is a common cause of mistakes.

Here's what you can do: Contact the state.or.us postmaster<mailto:postmaster@state.or.us> and tell them that they need to change state.or.us's SPF record so that it authorizes elists.memberclicks.com. For example, they could change the record to something like
v=spf1 a:mail1.state.or.us a:mail2.state.or.us a:mail3.state.or.us a:mail4.state.or.us a:mail5.state.or.us a:bob.oem.state.or.us a:elists.memberclicks.com -all

If you refer your postmaster to this web page, they should be able to solve the problem.

If you did not send the message:

SPF successfully blocked a forgery attempt; someone tried to send mail pretending to be from mail.sender@state.or.us, but the message was rejected before anybody saw it. This means SPF is working as designed.

________________________________
How can I reference this web page for explaining SPF results?

This web page is a public service of the SPF project. SPF implementations can (and do) use it to help explain the results of SPF checks by presenting to users a parameterized link to this page. See the "Why?" page documentation<http://www.openspf.org/Why/API> for details on how this works.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101129191348:B4A57CC6-FC16-11DF-8D66-F0FFA61DBDA3
Powered by Listbox: http://www.listbox.com
Re: question about SPF error message from mail server [ In reply to ]
well yes things are bad

1 no mailinglist should send mail with the original sender-envelope
(a mailinglist is supposed to send mail with the list-admin@mailinglist-domain as envelope or some other automatic address for bounce handling)
a proper mailinglist would never send using the original envelope as this would cause all bounces to goto members not any auto-unsubscribe or manual un subscribe processor

2 or the receiver is mis-using spf and checking the from instead (less likely)

3 as getting either fixed is unlikely, you can either

A authorize the lists-server(s) in the senders domain SPF (not so good)
B set up a per-user spf with this users envelope allowed from list-servers and you and others just you (less bad)

for per user spf you can see it in action on my address

At 00:13 30/11/2010 Tuesday, Chris Adams wrote:
>Hello all,
>
>This is my first posting to this list. I hope that this is the appropriate forum for my request.
>
>I maintain a local mail server for our LAN, while a more centralized mail server manages mail generated to and from our mail server.
>
>A staff person (mail.sender@state.or.us) here has been having problems posting to an email distribution list. It seems that when she posts to the list address (oasl-all@oema.memberclicks.net), a couple of the members don?t receive the message. The staff person (<mailto:mail.sender@state.or.us>mail.sender@state.or.us) gets a bounce message from one of those addresses and it is included below.
>
>I am not that familiar with SPF, so am having a hard time tracing this to the problem server. <mailto:Mail.sender@state.or.us>Mail.sender@state.or.us is using the state.or.us domain, but is sending through memberclicks.net. The line <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33 shows <mailto:mail.sender@state.or.us>mail.sender@state.or.us, but the IP is for elists.memberclicks.com.
>
>So, where is the pinch point here and what should the next steps be. Thanks for any guidance you can provide.
>
>Christopher Adams
>
>
>Bounce alert message received when posting to the listserv:
>Delivery has failed to these recipients or groups:
>receiver@xxx.or.us
>A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
>The following organization rejected your message: mail.xxx.or.us.
>Diagnostic information for administrators:
>Generating server: elists.memberclicks.com
><mailto:receiver@xxx.or.us>receiver@xxx.or.us
>mail.xxx.or.us #<mail.xxx.or.us #4.0.0 smtp; 453 Please see <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33> #SMTP#
>Original message headers:
>Received: from mcvm02-app4.memberclicks.prod (mcvm02-app4.memberclicks.prod
>[192.168.3.83]) by elists.memberclicks.com (Postfix) with SMTP id C49E256ADEF
> for <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>; Tue, 23 Nov 2010 12:47:51 -0500 (EST)
>Date: Tue, 23 Nov 2010 12:34:07 -0500
>From: Jennifer Maurer <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
>Sender: <<mailto:oasl-all@oema.memberclicks.net>oasl-all@oema.memberclicks.net>
>Reply-To: <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
>To: <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>
>Message-ID: <<mailto:22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com>22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com>
>Subject: [oasl-all] 2010 QEM Report (for 2008-09 School Year)
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="_000_B60CC3E64AD0D941AA792F1955E3D5C308967ABCOSLEXCHANGEosls_"
>X-Mailer: msgsend
>
>When you click on this link from the message above, <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.193.139.33,
>you get this message (Note the highlighted part below.):
>
>
>Why did SPF cause my mail to be rejected?
>
>
>
>
>
>What is SPF?
>
>
>
>SPF is an extension to Internet e-mail. It prevents unauthorized people from forging your e-mail address (see the <http://www.openspf.org/Introduction>introduction). But for it to work, your own or your e-mail service provider's setup may need to be adjusted. Otherwise, the system may mistake you for an unauthorized sender.
>
>Note that there is no central institution that enforces SPF. If a message of yours gets blocked due to SPF, this is because (1) your domain has declared an SPF policy that forbids you to send through the mail server through which you sent the message, and (2) the recipient's mail server detected this and blocked the message.
>
>
>rejected a message that claimed an envelope sender address of jennifer.maurer@state.or.us.
>
>
>
>received a message from elists.memberclicks.com (204.193.139.33) that claimed an envelope sender address of mail.sender@state.or.us.
>
>However, the domain state.or.us has declared using SPF that it does not send mail through elists.memberclicks.com (204.193.139.33). That is why the message was rejected.
>
>
>If you are jennifer.maurer@state.or.us:
>
>
>
>state.or.us should have given you a way to send mail through an authorized server.
>
>If you are using a mail program as opposed to web-mail, you may need to update the "SMTP server" configuration setting according to your ISP's instructions. You may also need to turn on authentication, and enter your username and password in your mail program's options. Please contact your ISP for assistance.
>
>If you run your own MTA, you may have to set a "smarthost" or "relayhost". If you are mailing from outside your ISP's network, you may also have to make your MTA use <http://www.openspf.org/Best_Practices/SMTP_Authentication>authenticated SMTP. Ideally your server should listen on port 587 as well as port 25.
>
>If your mail was correctly sent, but was rejected because it passed through a forwarding service, as an interim solution you can mail the final destination address directly (it should be shown in the bounce message). See the <http://www.openspf.org/Best_Practices/Forwarding>forwarding best practices (or refer the recipient there) for the discussion of a proper solution.
>
>If you need further help, see our <http://www.openspf.org/Support>support section for free support and professional consulting services.
>
>
>If you are confident that your message did go through an authorized server:
>
>
>
>The administrator of the domain state.or.us may have incorrectly configured its SPF record. This is a common cause of mistakes.
>
>Here's what you can do: Contact the <mailto:postmaster@state.or.us>state.or.us<mailto:postmaster@state.or.us> postmaster and tell them that they need to change state.or.us's SPF record so that it authorizes elists.memberclicks.com. For example, they could change the record to something like
>v=spf1 a:mail1.state.or.us a:mail2.state.or.us a:mail3.state.or.us a:mail4.state.or.us a:mail5.state.or.us a:bob.oem.state.or.us a:elists.memberclicks.com -all
>
>If you refer your postmaster to this web page, they should be able to solve the problem.
>
>
>If you did not send the message:
>
>
>
>SPF successfully blocked a forgery attempt; someone tried to send mail pretending to be from mail.sender@state.or.us, but the message was rejected before anybody saw it. This means SPF is working as designed.
>
>----------
>
>
>How can I reference this web page for explaining SPF results?
>
>
>
>This web page is a public service of the SPF project. SPF implementations can (and do) use it to help explain the results of SPF checks by presenting to users a parameterized link to this page. See the <http://www.openspf.org/Why/API>"Why?" page documentation for details on how this works.
>
>Sender Policy Framework: <http://www.openspf.org>http://www.openspf.org
>Modify Your Subscription: <http://www.listbox.com/member/>http://www.listbox.com/member/
><https://www.listbox.com/member/archive/1020/=now>Archives<https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa> | <https://www.listbox.com/member/?&>Modify Your Subscription | <https://www.listbox.com/unsubscribe/?&&post_id=20101129191348:B4A57CC6-FC16-11DF-8D66-F0FFA61DBDA3>Unsubscribe Now<http://www.listbox.com>



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101129195644:B1A58A56-FC1C-11DF-898B-52DEC5F4DBAC
Powered by Listbox: http://www.listbox.com
RE: question about SPF error message from mail server [ In reply to ]
> 1 no mailinglist should send mail with the original sender-envelope
> (a mailinglist is supposed to send mail with the list-
> admin@mailinglist-domain as envelope or some other automatic address
> for bounce handling)
> a proper mailinglist would never send using the original envelope as
> this would cause all bounces to goto members not any auto-unsubscribe
> or manual un subscribe processor
>
> 2 or the receiver is mis-using spf and checking the from instead (less
> likely)
>
> 3 as getting either fixed is unlikely, you can either
>
> A authorize the lists-server(s) in the senders domain SPF (not so good)
> B set up a per-user spf with this users envelope allowed from list-
> servers and you and others just you (less bad)

I guess I don't quite understand what action I should take. The user sends to a mailing list that is outside our LAN. Also, all mail from the user is ultimately handled by a central mail server in a domain that handles our subnet. However, we don't have any control over that mail server. We use Exchange as our mail server.

It would be helpful if I could figure who ultimately is responsible for this. Is it our mail server as the sender? Is it the domain that hosts the mailing list? Is it our state domain that we are a subnet of? Is it the receiver's domain/mail server?

Any guidance would be most helpful. Thank you.



>
> for per user spf you can see it in action on my address
>
> At 00:13 30/11/2010 Tuesday, Chris Adams wrote:
> >Hello all,
> >
> >This is my first posting to this list. I hope that this is the
> appropriate forum for my request.
> >
> >I maintain a local mail server for our LAN, while a more centralized
> mail server manages mail generated to and from our mail server.
> >
> >A staff person (mail.sender@state.or.us) here has been having problems
> posting to an email distribution list. It seems that when she posts to
> the list address (oasl-all@oema.memberclicks.net), a couple of the
> members don?t receive the message. The staff person
> (<mailto:mail.sender@state.or.us>mail.sender@state.or.us) gets a bounce
> message from one of those addresses and it is included below.
> >
> >I am not that familiar with SPF, so am having a hard time tracing this
> to the problem server.
> <mailto:Mail.sender@state.or.us>Mail.sender@state.or.us is using the
> state.or.us domain, but is sending through memberclicks.net. The line
> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19
> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
> p=204.193.139.33 shows
> <mailto:mail.sender@state.or.us>mail.sender@state.or.us, but the IP is
> for elists.memberclicks.com.
> >
> >So, where is the pinch point here and what should the next steps be.
> Thanks for any guidance you can provide.
> >
> >Christopher Adams
> >
> >
> >Bounce alert message received when posting to the listserv:
> >Delivery has failed to these recipients or groups:
> >receiver@xxx.or.us
> >A problem occurred during the delivery of this message to this e-mail
> address. Try sending this message again. If the problem continues,
> please contact your helpdesk.
> >The following organization rejected your message: mail.xxx.or.us.
> >Diagnostic information for administrators:
> >Generating server: elists.memberclicks.com
> ><mailto:receiver@xxx.or.us>receiver@xxx.or.us
> >mail.xxx.or.us #<mail.xxx.or.us #4.0.0 smtp; 453 Please see
> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19
> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
> p=204.193.139.33> #SMTP#
> >Original message headers:
> >Received: from mcvm02-app4.memberclicks.prod (mcvm02-
> app4.memberclicks.prod
> >[192.168.3.83]) by elists.memberclicks.com (Postfix) with SMTP id
> C49E256ADEF
> > for <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>; Tue,
> 23 Nov 2010 12:47:51 -0500 (EST)
> >Date: Tue, 23 Nov 2010 12:34:07 -0500
> >From: Jennifer Maurer
> <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
> >Sender: <<mailto:oasl-all@oema.memberclicks.net>oasl-
> all@oema.memberclicks.net>
> >Reply-To: <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
> >To: <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>
> >Message-ID:
> <<mailto:22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.
> com>22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com>
> >Subject: [oasl-all] 2010 QEM Report (for 2008-09 School Year)
> >MIME-Version: 1.0
> >Content-Type: multipart/alternative;
> >
> boundary="_000_B60CC3E64AD0D941AA792F1955E3D5C308967ABCOSLEXCHANGEosls_
> "
> >X-Mailer: msgsend
> >
> >When you click on this link from the message above,
> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19
> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
> p=204.193.139.33,
> >you get this message (Note the highlighted part below.):
> >
> >
> >Why did SPF cause my mail to be rejected?
> >
> >
> >
> >
> >
> >What is SPF?
> >
> >
> >
> >SPF is an extension to Internet e-mail. It prevents unauthorized
> people from forging your e-mail address (see the
> <http://www.openspf.org/Introduction>introduction). But for it to work,
> your own or your e-mail service provider's setup may need to be
> adjusted. Otherwise, the system may mistake you for an unauthorized
> sender.
> >
> >Note that there is no central institution that enforces SPF. If a
> message of yours gets blocked due to SPF, this is because (1) your
> domain has declared an SPF policy that forbids you to send through the
> mail server through which you sent the message, and (2) the recipient's
> mail server detected this and blocked the message.
> >
> >
> >rejected a message that claimed an envelope sender address of
> jennifer.maurer@state.or.us.
> >
> >
> >
> >received a message from elists.memberclicks.com (204.193.139.33) that
> claimed an envelope sender address of mail.sender@state.or.us.
> >
> >However, the domain state.or.us has declared using SPF that it does
> not send mail through elists.memberclicks.com (204.193.139.33). That is
> why the message was rejected.
> >
> >
> >If you are jennifer.maurer@state.or.us:
> >
> >
> >
> >state.or.us should have given you a way to send mail through an
> authorized server.
> >
> >If you are using a mail program as opposed to web-mail, you may need
> to update the "SMTP server" configuration setting according to your
> ISP's instructions. You may also need to turn on authentication, and
> enter your username and password in your mail program's options. Please
> contact your ISP for assistance.
> >
> >If you run your own MTA, you may have to set a "smarthost" or
> "relayhost". If you are mailing from outside your ISP's network, you
> may also have to make your MTA use
> <http://www.openspf.org/Best_Practices/SMTP_Authentication>authenticate
> d SMTP. Ideally your server should listen on port 587 as well as port
> 25.
> >
> >If your mail was correctly sent, but was rejected because it passed
> through a forwarding service, as an interim solution you can mail the
> final destination address directly (it should be shown in the bounce
> message). See the
> <http://www.openspf.org/Best_Practices/Forwarding>forwarding best
> practices (or refer the recipient there) for the discussion of a proper
> solution.
> >
> >If you need further help, see our
> <http://www.openspf.org/Support>support section for free support and
> professional consulting services.
> >
> >
> >If you are confident that your message did go through an authorized
> server:
> >
> >
> >
> >The administrator of the domain state.or.us may have incorrectly
> configured its SPF record. This is a common cause of mistakes.
> >
> >Here's what you can do: Contact the
> <mailto:postmaster@state.or.us>state.or.us<mailto:postmaster@state.or.u
> s> postmaster and tell them that they need to change state.or.us's SPF
> record so that it authorizes elists.memberclicks.com. For example, they
> could change the record to something like
> >v=spf1 a:mail1.state.or.us a:mail2.state.or.us a:mail3.state.or.us
> a:mail4.state.or.us a:mail5.state.or.us a:bob.oem.state.or.us
> a:elists.memberclicks.com -all
> >
> >If you refer your postmaster to this web page, they should be able to
> solve the problem.
> >
> >
> >If you did not send the message:
> >
> >
> >
> >SPF successfully blocked a forgery attempt; someone tried to send mail
> pretending to be from mail.sender@state.or.us, but the message was
> rejected before anybody saw it. This means SPF is working as designed.
> >
> >----------
> >
> >
> >How can I reference this web page for explaining SPF results?
> >
> >
> >
> >This web page is a public service of the SPF project. SPF
> implementations can (and do) use it to help explain the results of SPF
> checks by presenting to users a parameterized link to this page. See
> the <http://www.openspf.org/Why/API>"Why?" page documentation for
> details on how this works.
> >
> >Sender Policy Framework:
> <http://www.openspf.org>http://www.openspf.org
> >Modify Your Subscription:
> <http://www.listbox.com/member/>http://www.listbox.com/member/
> ><https://www.listbox.com/member/archive/1020/=now>Archives<https://www
> .listbox.com/member/archive/rss/1020/15739084-a04d3caa> |
> <https://www.listbox.com/member/?&>Modify Your Subscription |
> <https://www.listbox.com/unsubscribe/?&&post_id=20101129191348:B4A57CC6
> -FC16-11DF-8D66-F0FFA61DBDA3>Unsubscribe Now<http://www.listbox.com>
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/20219374-
> 56d8ad3e
> Modify Your Subscription:
> https://www.listbox.com/member/?&
> 55f3cccb
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&
> 374-750555ea&post_id=20101129195644:B1A58A56-FC1C-11DF-898B-
> 52DEC5F4DBAC
> Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101130140059:2DA8A22C-FCB4-11DF-BC1D-8E2994C5034D
Powered by Listbox: http://www.listbox.com
Re: RE: question about SPF error message from mail server [ In reply to ]
Ho ricevuto il messaggio. Sono in ferie fino al 16 dicembre, legger� il messaggio al mio rientro il 17 dicembre.
Per cose urgenti potete scrivere a info@biatwork.com, i miei colleghi prenderanno in carico la vostra email.

Cordiali saluti
Massimo Gregori





-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101130140211:4D41D70C-FCB4-11DF-A5F0-8C0057A84816
Powered by Listbox: http://www.listbox.com
RE: question about SPF error message from mail server [ In reply to ]
At 19:00 30/11/2010 Tuesday, Chris Adams wrote:
>> 1 no mailinglist should send mail with the original sender-envelope
>> (a mailinglist is supposed to send mail with the list-
>> admin@mailinglist-domain as envelope or some other automatic address
>> for bounce handling)
>> a proper mailinglist would never send using the original envelope as
>> this would cause all bounces to goto members not any auto-unsubscribe
>> or manual un subscribe processor
>>
>> 2 or the receiver is mis-using spf and checking the from instead (less
>> likely)
>>
>> 3 as getting either fixed is unlikely, you can either
>>
>> A authorize the lists-server(s) in the senders domain SPF (not so good)
>> B set up a per-user spf with this users envelope allowed from list-
>> servers and you and others just you (less bad)
>
>I guess I don't quite understand what action I should take. The user sends to a mailing list that is outside our LAN. Also, all mail from the user is ultimately handled by a central mail server in a domain that handles our subnet. However, we don't have any control over that mail server. We use Exchange as our mail server.
>
>It would be helpful if I could figure who ultimately is responsible for this. Is it our mail server as the sender? Is it the domain that hosts the mailing list? Is it our state domain that we are a subnet of? Is it the receiver's domain/mail server?
>
>Any guidance would be most helpful. Thank you.

the only 3 people involved are

A the person who manages of maintains the spf records/policy for the senders domain (if they want to mitigate the damage being done by the broken mailinglist) if thats not you there is little point in discussing

B the person running the broken mailinglist (if they can be convinced to fix it)

C the sender whos completely at the mercy of A and B

(i mistakenly assumed as you were 'here' that you would be A, if not theres nothing you can do)

as well this list is pretty much for administrators of SPF policy


>> for per user spf you can see it in action on my address
>>
>> At 00:13 30/11/2010 Tuesday, Chris Adams wrote:
>> >Hello all,
>> >
>> >This is my first posting to this list. I hope that this is the
>> appropriate forum for my request.
>> >
>> >I maintain a local mail server for our LAN, while a more centralized
>> mail server manages mail generated to and from our mail server.
>> >
>> >A staff person (mail.sender@state.or.us) here has been having problems
>> posting to an email distribution list. It seems that when she posts to
>> the list address (oasl-all@oema.memberclicks.net), a couple of the
>> members don?t receive the message. The staff person
>> (<mailto:mail.sender@state.or.us>mail.sender@state.or.us) gets a bounce
>> message from one of those addresses and it is included below.
>> >
>> >I am not that familiar with SPF, so am having a hard time tracing this
>> to the problem server.
>> <mailto:Mail.sender@state.or.us>Mail.sender@state.or.us is using the
>> state.or.us domain, but is sending through memberclicks.net. The line
>> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
>> p=204.193.139.33 shows
>> <mailto:mail.sender@state.or.us>mail.sender@state.or.us, but the IP is
>> for elists.memberclicks.com.
>> >
>> >So, where is the pinch point here and what should the next steps be.
>> Thanks for any guidance you can provide.
>> >
>> >Christopher Adams
>> >
>> >
>> >Bounce alert message received when posting to the listserv:
>> >Delivery has failed to these recipients or groups:
>> >receiver@xxx.or.us
>> >A problem occurred during the delivery of this message to this e-mail
>> address. Try sending this message again. If the problem continues,
>> please contact your helpdesk.
>> >The following organization rejected your message: mail.xxx.or.us.
>> >Diagnostic information for administrators:
>> >Generating server: elists.memberclicks.com
>> ><mailto:receiver@xxx.or.us>receiver@xxx.or.us
>> >mail.xxx.or.us #<mail.xxx.or.us #4.0.0 smtp; 453 Please see
>> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
>> p=204.193.139.33> #SMTP#
>> >Original message headers:
>> >Received: from mcvm02-app4.memberclicks.prod (mcvm02-
>> app4.memberclicks.prod
>> >[192.168.3.83]) by elists.memberclicks.com (Postfix) with SMTP id
>> C49E256ADEF
>> > for <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>; Tue,
>> 23 Nov 2010 12:47:51 -0500 (EST)
>> >Date: Tue, 23 Nov 2010 12:34:07 -0500
>> >From: Jennifer Maurer
>> <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
>> >Sender: <<mailto:oasl-all@oema.memberclicks.net>oasl-
>> all@oema.memberclicks.net>
>> >Reply-To: <<mailto:mail.sender@state.or.us>mail.sender@state.or.us>
>> >To: <<mailto:receiver@xxx.or.us>receiver@xxx.or.us>
>> >Message-ID:
>> <<mailto:22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.> com>22376125.109299.1290534471802.JavaMail.webmaster@memberclicks.com>
>> >Subject: [oasl-all] 2010 QEM Report (for 2008-09 School Year)
>> >MIME-Version: 1.0
>> >Content-Type: multipart/alternative;
>> >
>> boundary="_000_B60CC3E64AD0D941AA792F1955E3D5C308967ABCOSLEXCHANGEosls_
>> "
>> >X-Mailer: msgsend
>> >
>> >When you click on this link from the message above,
>> <http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&ip=204.19> 3.139.33>http://spf.pobox.com/why.html?sender=mail.sender@state.or.us&i
>> p=204.193.139.33,
>> >you get this message (Note the highlighted part below.):
>> >
>> >
>> >Why did SPF cause my mail to be rejected?
>> >
>> >
>> >
>> >
>> >
>> >What is SPF?
>> >
>> >
>> >
>> >SPF is an extension to Internet e-mail. It prevents unauthorized
>> people from forging your e-mail address (see the
>> <http://www.openspf.org/Introduction>introduction). But for it to work,
>> your own or your e-mail service provider's setup may need to be
>> adjusted. Otherwise, the system may mistake you for an unauthorized
>> sender.
>> >
>> >Note that there is no central institution that enforces SPF. If a
>> message of yours gets blocked due to SPF, this is because (1) your
>> domain has declared an SPF policy that forbids you to send through the
>> mail server through which you sent the message, and (2) the recipient's
>> mail server detected this and blocked the message.
>> >
>> >
>> >rejected a message that claimed an envelope sender address of
>> jennifer.maurer@state.or.us.
>> >
>> >
>> >
>> >received a message from elists.memberclicks.com (204.193.139.33) that
>> claimed an envelope sender address of mail.sender@state.or.us.
>> >
>> >However, the domain state.or.us has declared using SPF that it does
>> not send mail through elists.memberclicks.com (204.193.139.33). That is
>> why the message was rejected.
>> >
>> >
>> >If you are jennifer.maurer@state.or.us:
>> >
>> >
>> >
>> >state.or.us should have given you a way to send mail through an
>> authorized server.
>> >
>> >If you are using a mail program as opposed to web-mail, you may need
>> to update the "SMTP server" configuration setting according to your
>> ISP's instructions. You may also need to turn on authentication, and
>> enter your username and password in your mail program's options. Please
>> contact your ISP for assistance.
>> >
>> >If you run your own MTA, you may have to set a "smarthost" or
>> "relayhost". If you are mailing from outside your ISP's network, you
>> may also have to make your MTA use
>> <http://www.openspf.org/Best_Practices/SMTP_Authentication>authenticate
>> d SMTP. Ideally your server should listen on port 587 as well as port
>> 25.
>> >
>> >If your mail was correctly sent, but was rejected because it passed
>> through a forwarding service, as an interim solution you can mail the
>> final destination address directly (it should be shown in the bounce
>> message). See the
>> <http://www.openspf.org/Best_Practices/Forwarding>forwarding best
>> practices (or refer the recipient there) for the discussion of a proper
>> solution.
>> >
>> >If you need further help, see our
>> <http://www.openspf.org/Support>support section for free support and
>> professional consulting services.
>> >
>> >
>> >If you are confident that your message did go through an authorized
>> server:
>> >
>> >
>> >
>> >The administrator of the domain state.or.us may have incorrectly
>> configured its SPF record. This is a common cause of mistakes.
>> >
>> >Here's what you can do: Contact the
>> <mailto:postmaster@state.or.us>state.or.us<mailto:postmaster@state.or.u> s> postmaster and tell them that they need to change state.or.us's SPF
>> record so that it authorizes elists.memberclicks.com. For example, they
>> could change the record to something like
>> >v=spf1 a:mail1.state.or.us a:mail2.state.or.us a:mail3.state.or.us
>> a:mail4.state.or.us a:mail5.state.or.us a:bob.oem.state.or.us
>> a:elists.memberclicks.com -all
>> >
>> >If you refer your postmaster to this web page, they should be able to
>> solve the problem.
>> >
>> >
>> >If you did not send the message:
>> >
>> >
>> >
>> >SPF successfully blocked a forgery attempt; someone tried to send mail
>> pretending to be from mail.sender@state.or.us, but the message was
>> rejected before anybody saw it. This means SPF is working as designed.
>> >
>> >----------
>> >
>> >
>> >How can I reference this web page for explaining SPF results?
>> >
>> >
>> >
>> >This web page is a public service of the SPF project. SPF
>> implementations can (and do) use it to help explain the results of SPF
>> checks by presenting to users a parameterized link to this page. See
>> the <http://www.openspf.org/Why/API>"Why?" page documentation for
>> details on how this works.
>> >
>> >Sender Policy Framework:
>> <http://www.openspf.org>http://www.openspf.org
>> >Modify Your Subscription:
>> <http://www.listbox.com/member/>http://www.listbox.com/member/
>> ><https://www.listbox.com/member/archive/1020/=now>Archives<https://www> .listbox.com/member/archive/rss/1020/15739084-a04d3caa> |
>> <https://www.listbox.com/member/?&>Modify Your Subscription |
>> <https://www.listbox.com/unsubscribe/?&&post_id=20101129191348:B4A57CC6> -FC16-11DF-8D66-F0FFA61DBDA3>Unsubscribe Now<http://www.listbox.com>
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org
>> [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/
>> [http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/20219374-
>> 56d8ad3e
>> Modify Your Subscription:
>> https://www.listbox.com/member/?&
>> 55f3cccb
>> Unsubscribe Now:
>> https://www.listbox.com/unsubscribe/?&
>> 374-750555ea&post_id=20101129195644:B1A58A56-FC1C-11DF-898B-
>> 52DEC5F4DBAC
>> Powered by Listbox: http://www.listbox.com
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101130140059:2DA8A22C-FCB4-11DF-BC1D-8E2994C5034D
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101130162405:2A5BB708-FCC8-11DF-8521-C9060CBF99F5
Powered by Listbox: http://www.listbox.com
RE: question about SPF error message from mail server [ In reply to ]
Chris Adams wrote on Mon, Nov 29 2010 at 6:13 pm:

> rejected a message that claimed an envelope sender address of
> jennifer.maurer@state.or.us.
>
> received a message from elists.memberclicks.com (204.193.139.33) that claimed
> an envelope sender address of mail.sender@state.or.us.
>
> However, the domain state.or.us has declared using SPF that it does not send
> mail through elists.memberclicks.com (204.193.139.33). That is why the message
> was rejected.

The above is the crux of the problem. Either state.or.us has to allow 204.193.139.33 as an approved server (or Neutral server), or what Alan is suggesting is that the mailing list not use Jennifer's address as the envelope sender when it sends out messages. Instead, it could use something like "listname@elists.memberclicks.com", perhaps.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Precinct toilets stolen! Police have nothing to go on.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101130163159:43B9C3CE-FCC9-11DF-8EB5-F287F559ED1D
Powered by Listbox: http://www.listbox.com
RE: question about SPF error message from mail server [ In reply to ]
Thank you for your response. That is very helpful.

Christopher Adams

> -----Original Message-----
> From: Steve Yates [mailto:steve@teamITS.com]
> Sent: Tuesday, November 30, 2010 1:32 PM
> To: spf-help@listbox.com
> Subject: [spf-help] RE: question about SPF error message from mail
> server
>
> Chris Adams wrote on Mon, Nov 29 2010 at 6:13 pm:
>
> > rejected a message that claimed an envelope sender address of
> > jennifer.maurer@state.or.us.
> >
> > received a message from elists.memberclicks.com (204.193.139.33) that
> claimed
> > an envelope sender address of mail.sender@state.or.us.
> >
> > However, the domain state.or.us has declared using SPF that it does
> not send
> > mail through elists.memberclicks.com (204.193.139.33). That is why
> the message
> > was rejected.
>
> The above is the crux of the problem. Either state.or.us has to
> allow 204.193.139.33 as an approved server (or Neutral server), or what
> Alan is suggesting is that the mailing list not use Jennifer's address
> as the envelope sender when it sends out messages. Instead, it could
> use something like "listname@elists.memberclicks.com", perhaps.
>
> -----
> SPF FAQ: http://www.openspf.org/FAQ
> Common mistakes: http://www.openspf.org/FAQ/Common_mistakes
>
> - Steve Yates
> - ITS, Inc.
> - Precinct toilets stolen! Police have nothing to go on.
>
> ~ Taglines by Taglinator: www.srtware.com ~
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/20219374-
> 56d8ad3e
> Modify Your Subscription:
> https://www.listbox.com/member/?&
> 55f3cccb
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&
> 374-750555ea&post_id=20101130163159:43B9C3CE-FCC9-11DF-8EB5-
> F287F559ED1D
> Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101130163322:7D7FA088-FCC9-11DF-8985-318EF559ED1D
Powered by Listbox: http://www.listbox.com