Mailing List Archive

Im using the perl implementation

spfquery gives the correct result:

spfquery: domain of test@adi-limited.com does not designate 203.20.101.19
as permitted sender

thanks

BB

on Fri, Aug 13, 2004 at 03:40:17PM +1000, Broun, Bevan <brounb@adi-limited.com> wrote:
> I had spf working in my test environment. It was working very nicely
> rejecting forged mail. I cant figure out what's wrong now, Im getting
>
> Milter add: header: Received-SPF: unknown (hyperion.adi-limited.com:
> error in processing during lookup of test@adi-limited.com)
>
> Note: that this is a test lab. Dont look up internet records for
> adi-limited.com. In the lab Ive got from dig:
>
> ;; ANSWER SECTION:
> adi-limited.com. 10800 IN TXT "v=spf1 a:hyperion.adi-limited.com -all"
>
> Im testing via telnet to port 25 - I am expecting to be getting rejected.
>
> help
>
> BB
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

Did you run dig & spfquery on the same box that is doing the checks??

And the obvious question: what has changed since the time it worked and
the time it didn't?

Koen

On Fri, Aug 13, 2004 at 04:44:04PM +1000, Broun, Bevan wrote:
> Im using the perl implementation
>
> spfquery gives the correct result:
>
> spfquery: domain of test@adi-limited.com does not designate 203.20.101.19
> as permitted sender
>
> thanks
>
> BB
>
> on Fri, Aug 13, 2004 at 03:40:17PM +1000, Broun, Bevan <brounb@adi-limited.com> wrote:
> > I had spf working in my test environment. It was working very nicely
> > rejecting forged mail. I cant figure out what's wrong now, Im getting
> >
> > Milter add: header: Received-SPF: unknown (hyperion.adi-limited.com:
> > error in processing during lookup of test@adi-limited.com)
> >
> > Note: that this is a test lab. Dont look up internet records for
> > adi-limited.com. In the lab Ive got from dig:
> >
> > ;; ANSWER SECTION:
> > adi-limited.com. 10800 IN TXT "v=spf1 a:hyperion.adi-limited.com -all"
> >
> > Im testing via telnet to port 25 - I am expecting to be getting rejected.
> >
> > help
> >
> > BB
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi Koen, thanks for answering. Im pulling my hair out here.

> Did you run dig & spfquery on the same box that is doing the checks??

Yes.

> And the obvious question: what has changed since the time it worked and
> the time it didn't?

This is a solaris 8 host. What I think is this: I compiled a new solaris
(on a different box) and installed over the top of the solaris sendmail.
Then we tested and everything was working. We decided to uninstall the
solaris sendmail packages (there are two) so as not to get our own sendmain
pkg overwritten by recommended patches. This removed files from /etc/mail
(but I had that backed up) and the /etc/init.d/sendmail script (which I
think is back to what I had).

Then I reinstalled our sendmail pkg and replaced the /etc/mail directory.
Im thinking that there is a permission problem perhaps.

Currently Im adding write_log lines in sendmail-milter-spf-1.41.pl to see
whats going on. It looks like sendmail is definitely using the milter but
it's getting the "unknown" result, which would suggest sendmail is perhaps
not passing the ip and email address to the milter.

Do you know how to get more logging out of that milter (without editing
code)

Ive got to get this going tonight.

Thanks

BB


>
> Koen
>
> On Fri, Aug 13, 2004 at 04:44:04PM +1000, Broun, Bevan wrote:
> > Im using the perl implementation
> >
> > spfquery gives the correct result:
> >
> > spfquery: domain of test@adi-limited.com does not designate 203.20.101.19
> > as permitted sender
> >
> > thanks
> >
> > BB
> >
> > on Fri, Aug 13, 2004 at 03:40:17PM +1000, Broun, Bevan <brounb@adi-limited.com> wrote:
> > > I had spf working in my test environment. It was working very nicely
> > > rejecting forged mail. I cant figure out what's wrong now, Im getting
> > >
> > > Milter add: header: Received-SPF: unknown (hyperion.adi-limited.com:
> > > error in processing during lookup of test@adi-limited.com)
> > >
> > > Note: that this is a test lab. Dont look up internet records for
> > > adi-limited.com. In the lab Ive got from dig:
> > >
> > > ;; ANSWER SECTION:
> > > adi-limited.com. 10800 IN TXT "v=spf1 a:hyperion.adi-limited.com -all"
> > >
> > > Im testing via telnet to port 25 - I am expecting to be getting rejected.
> > >
> > > help
> > >
> > > BB
> > >
> > > -------
> > > Archives at http://archives.listbox.com/spf-help/current/
> > > Donate! http://spf.pobox.com/donations.html
> > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Fri, Aug 13, 2004 at 05:28:48PM +1000, Broun, Bevan wrote:
> > Did you run dig & spfquery on the same box that is doing the checks??
> Yes.

Ok, one thing, the host in the spf record, does that still resolve.. What was it, hyperion.adi-limited.com.. (is that from the allistair reynolds sf novels btw, i also have a host named hyperion :)

> Then I reinstalled our sendmail pkg and replaced the /etc/mail directory.
> Im thinking that there is a permission problem perhaps.

Hmm, i doubt this. The milter does not write files outside of /var/sendmail-milter-bla (or what is it), which it normally creates itself. The unknown result is coming from Mail::Spf::Query, are you sure it is the latest version and all?

> Currently Im adding write_log lines in sendmail-milter-spf-1.41.pl to see
> whats going on. It looks like sendmail is definitely using the milter but
> it's getting the "unknown" result, which would suggest sendmail is perhaps
> not passing the ip and email address to the milter.
>
> Do you know how to get more logging out of that milter (without editing
> code)

I'm afraid you'll have to edit the code, you can maybe get some more output from the sendmail side by using -d to the sendmail invocation, but I don't have the bat book handy here, so I can't look up what debug level you should use for that (i guess a google would also get you that info).

> Ive got to get this going tonight.

Hope you'll get it going again!

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

----- Original Message -----
From: "Broun, Bevan" <brounb@adi-limited.com>
To: <spf-help@v2.listbox.com>
Sent: Friday, August 13, 2004 3:28 AM
Subject: Re: [spf-help] spf was working, now isnt: more info


> Hi Koen, thanks for answering. Im pulling my hair out here.
>
> > Did you run dig & spfquery on the same box that is doing the checks??
>
> Yes.
>
> > And the obvious question: what has changed since the time it worked and
> > the time it didn't?
>
> This is a solaris 8 host. What I think is this: I compiled a new solaris
> (on a different box) and installed over the top of the solaris sendmail.
> Then we tested and everything was working. We decided to uninstall the
> solaris sendmail packages (there are two) so as not to get our own
sendmain
> pkg overwritten by recommended patches. This removed files from /etc/mail
> (but I had that backed up) and the /etc/init.d/sendmail script (which I
> think is back to what I had).

Oh, great ghu. Sun is *always* at least 2 years behind the times on basic
open source packages like sendmail, and has a tendency to hand-massage the
source code to integrate in things like their latest NIS+ implementation.
This compatibility difficulty is compounded by running somewhat out of date
versions of Solaris.

I'd vastly encourage you to entirely flush any Sun versions of sendmail
before starting, then build sendmail from scratch to get something
supportable. Having to do that kind of thing on a regular basis is how I got
my initial familiarity with gcc, supporting X11, gzip, man, bind, and other
packages that are kept much more up-to-date and flexible in the open source
world.

> Then I reinstalled our sendmail pkg and replaced the /etc/mail directory.
> Im thinking that there is a permission problem perhaps.
>
> Currently Im adding write_log lines in sendmail-milter-spf-1.41.pl to see
> whats going on. It looks like sendmail is definitely using the milter but
> it's getting the "unknown" result, which would suggest sendmail is perhaps
> not passing the ip and email address to the milter.
>
> Do you know how to get more logging out of that milter (without editing
> code)
>
> Ive got to get this going tonight.

Uh-oh. That doesn't leave time for what I just described.

Which sendmail are you actually using now? Have you tried re-installing a
new enough sendmail, one that supports milters?

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Dear Bevan Brown,

FWIW, I run solaris 9 with my own compiled in sendmail and never removed the
solaris packages. If an update patch from Sun ruined something it would just
mean I'd have to recompile sendmail on top of it. But this never happened, I
just did patch 9_Recommended (after a year of no patching, heh) and didn't need
to recompile sendmail. I just ensured that my own /usr/lib/sendmail and
/usr/lib/smrsh were manually in place, renaming the Sun stuff to sendmail_DIST
for obviousness. Make sure your manual sendmail permissions / ownership are
correct, on mine it appears they are root / smmsp for sendmail, -r-xr-sr-x
and bin/bin for smrsh, -r-xr-xr-x . I was careful when I manually put
my own binaries in /usr/lib to copy the permissions of the existing.
If that is not possible on your machine if it were me I'd reinstall the
Sun supported sendmail first, note everything, then put your own in without
removing anything but the sendmail and smrsh binaries. Thats worked for me
for over 2 years, and four sendmail upgrades.

I would have a look at your m4 / config file. It might also be your
sendmail config file is probably in need of a recompile. Since you also
mentioned recreating the /etc/mail dir by hand, confirm the permissions are
correct. Mine appears to be root/mail .

Good luck, but it doesn't appear to be spf related from what you describe.

+-------------------------
+ Dave Dennis
+ Seattle, WA
+ dmd@speakeasy.org
+ http://www.dmdennis.com
+-------------------------

On Fri, 13 Aug 2004, Broun, Bevan wrote:

> Hi Koen, thanks for answering. Im pulling my hair out here.
>
> > Did you run dig & spfquery on the same box that is doing the checks??
>
> Yes.
>
> > And the obvious question: what has changed since the time it worked and
> > the time it didn't?
>
> This is a solaris 8 host. What I think is this: I compiled a new solaris
> (on a different box) and installed over the top of the solaris sendmail.
> Then we tested and everything was working. We decided to uninstall the
> solaris sendmail packages (there are two) so as not to get our own sendmain
> pkg overwritten by recommended patches. This removed files from /etc/mail
> (but I had that backed up) and the /etc/init.d/sendmail script (which I
> think is back to what I had).
>
> Then I reinstalled our sendmail pkg and replaced the /etc/mail directory.
> Im thinking that there is a permission problem perhaps.
>
> Currently Im adding write_log lines in sendmail-milter-spf-1.41.pl to see
> whats going on. It looks like sendmail is definitely using the milter but
> it's getting the "unknown" result, which would suggest sendmail is perhaps
> not passing the ip and email address to the milter.
>
> Do you know how to get more logging out of that milter (without editing
> code)
>
> Ive got to get this going tonight.
>
> Thanks
>
> BB
>
>
> >
> > Koen
> >
> > On Fri, Aug 13, 2004 at 04:44:04PM +1000, Broun, Bevan wrote:
> > > Im using the perl implementation
> > >
> > > spfquery gives the correct result:
> > >
> > > spfquery: domain of test@adi-limited.com does not designate 203.20.101.19
> > > as permitted sender
> > >
> > > thanks
> > >
> > > BB
> > >
> > > on Fri, Aug 13, 2004 at 03:40:17PM +1000, Broun, Bevan <brounb@adi-limited.com> wrote:
> > > > I had spf working in my test environment. It was working very nicely
> > > > rejecting forged mail. I cant figure out what's wrong now, Im getting
> > > >
> > > > Milter add: header: Received-SPF: unknown (hyperion.adi-limited.com:
> > > > error in processing during lookup of test@adi-limited.com)
> > > >
> > > > Note: that this is a test lab. Dont look up internet records for
> > > > adi-limited.com. In the lab Ive got from dig:
> > > >
> > > > ;; ANSWER SECTION:
> > > > adi-limited.com. 10800 IN TXT "v=spf1 a:hyperion.adi-limited.com -all"
> > > >
> > > > Im testing via telnet to port 25 - I am expecting to be getting rejected.
> > > >
> > > > help
> > > >
> > > > BB
> > > >
> > > > -------
> > > > Archives at http://archives.listbox.com/spf-help/current/
> > > > Donate! http://spf.pobox.com/donations.html
> > > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > >
> > > -------
> > > Archives at http://archives.listbox.com/spf-help/current/
> > > Donate! http://spf.pobox.com/donations.html
> > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
> > --
> > K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> > Networking, embedded systems, unix expertise, artificial intelligence.
> > Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> > Wondering about the funny attachment your mail program
> > can't read? Visit http://www.openpgp.org/
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com