ASSP SPF Failures

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ASSP SPF Failures

assp-test mailing list
I'm receiving reports of email failures from rackspace.com.  Their SPF record is HUGE, but passes testing from mxtoolbox.com and kitterman.com testing tools, I've temporarily had to use SPF override to accept all mail from them.  Is this a bug?

The logs are showing:


19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> Message-Score: added -10 (tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now -10
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED Whitelisted sender Domain: @rackspace.com
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED DKIM-Signature found
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: detected IP's on the mail routing way: 50.56.229.13, 216.32.180.54
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: detected source IP: 50.56.229.13
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: domain rackspace.com has published a DMARC record
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED SPF: found SPAMMER SPF record/mechanism 'mechanism 'ip4:192.237.132.24/31' matched' for domain rackspace.com - SPF result is set to 'fail'
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED Message-Score: added 10 (spfValencePB) for SPF fail, total score for this message is now 0
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] [SPF] 192.237.132.24 <[hidden email]> to: leesa@REDACTED [spam found] (SPF fail) [FW Associates Rackspace] -> /assp/spam/FW_TMP_Associates_Inc_Rackspace--4160149.eml;
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED [SMTP Error] 554 5.7.1 failed SPF: rackspace.com: 192.237.132.24 is authorized to use 'prvs=0369bdad92=[hidden email]' in 'mfrom' identity (mechanism 'ip4:192.237.132.24/31' matched)
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED finished message - received DATA size: 3.58 kByte - sent DATA size: 0 Byte
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED disconnected: session:7FB97C4C7410 192.237.132.24 - processing time 1 seconds

Doug

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ASSP SPF Failures

Thomas Eckardt/eck
ip6:2a04:35c0::/29

mask /29 for ipv6 is too less - minimum allowed ipv6 mask in assp SPF is /32

how ever, the output in the log should show this issue more correctly , I'll check this

Thomas





Von:        Doug Lytle via Assp-test <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Kopie:        Doug Lytle <[hidden email]>
Datum:        20.07.2017 19:01
Betreff:        [Assp-test] ASSP SPF Failures




I'm receiving reports of email failures from rackspace.com.  Their SPF record is HUGE, but passes testing from mxtoolbox.com and kitterman.com testing tools, I've temporarily had to use SPF override to accept all mail from them.  Is this a bug?

The logs are showing:


19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> Message-Score: added -10 (tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now -10
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED Whitelisted sender Domain: @rackspace.com
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED DKIM-Signature found
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: detected IP's on the mail routing way: 50.56.229.13, 216.32.180.54
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: detected source IP: 50.56.229.13
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED info: domain rackspace.com has published a DMARC record
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED SPF: found SPAMMER SPF record/mechanism 'mechanism 'ip4:192.237.132.24/31' matched' for domain rackspace.com - SPF result is set to 'fail'
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED Message-Score: added 10 (spfValencePB) for SPF fail, total score for this message is now 0
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] [SPF] 192.237.132.24 <[hidden email]> to: leesa@REDACTED [spam found] (SPF fail) [FW Associates Rackspace] -> /assp/spam/FW_TMP_Associates_Inc_Rackspace--4160149.eml;
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED [SMTP Error] 554 5.7.1 failed SPF: rackspace.com: 192.237.132.24 is authorized to use 'prvs=0369bdad92=[hidden email]' in 'mfrom' identity (mechanism 'ip4:192.237.132.24/31' matched)
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED finished message - received DATA size: 3.58 kByte - sent DATA size: 0 Byte
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 <[hidden email]> to: leesa@REDACTED disconnected: session:7FB97C4C7410 192.237.132.24 - processing time 1 seconds

Doug

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Loading...