SPF temperror, why?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

SPF temperror, why?

Andy Knuts
Many of the emails that passed ASSP have headers like this:

X-Assp-Received-SPF: temperror ip=217.148.21.174 mailfrom=[hidden email] helo=vmta12.addemar.com

But why is this a temperror?


If I use 'spfquery' command line I get:

# spfquery --mail-from [hidden email] -i 217.148.21.174 -h vmta12.addemar.com
pass
Please see http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery: 217.148.21.128/25 contains 217.148.21.174
spfquery: domain of [hidden email] designates 217.148.21.174 as permitted sender
Received-SPF: pass (spfquery: domain of [hidden email] designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174; envelope-from=[hidden email]; helo=vmta12.addemar.com;

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
>But why is this a temperror?

assp was unable to get a qualified result for the query using Mail::SPF -
that's all
most times this is caused by a DNS timeout

Thomas


Von:    "Andy Knuts" <[hidden email]>
An:     [hidden email]
Datum:  18.07.2016 11:53
Betreff:        [Assp-user] SPF_temperror,_why?



Many of the emails that passed ASSP have headers like this:

X-Assp-Received-SPF: temperror ip=217.148.21.174
mailfrom=[hidden email] helo=vmta12.addemar.com

But why is this a temperror?


If I use 'spfquery' command line I get:

# spfquery --mail-from [hidden email] -i 217.148.21.174 -h
vmta12.addemar.com
pass
Please see
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery: 
217.148.21.128/25 contains 217.148.21.174
spfquery: domain of [hidden email] designates 217.148.21.174
as permitted sender
Received-SPF: pass (spfquery: domain of [hidden email]
designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
envelope-from=[hidden email]; helo=vmta12.addemar.com;

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
I'm using local dns servers (powerdns recursor) and I get these a lot.
What is the default timeout setting?

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 12:52:29
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> >But why is this a temperror?
>
> assp was unable to get a qualified result for the query using Mail::SPF -
> that's all
> most times this is caused by a DNS timeout
>
> Thomas
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 11:53
> Betreff:        [Assp-user] SPF_temperror,_why?
>
>
>
> Many of the emails that passed ASSP have headers like this:
>
> X-Assp-Received-SPF: temperror ip=217.148.21.174
> mailfrom=[hidden email] helo=vmta12.addemar.com
>
> But why is this a temperror?
>
>
> If I use 'spfquery' command line I get:
>
> # spfquery --mail-from [hidden email] -i 217.148.21.174 -h
> vmta12.addemar.com
> pass
> Please see
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> 217.148.21.128/25 contains 217.148.21.174
> spfquery: domain of [hidden email] designates 217.148.21.174
> as permitted sender
> Received-SPF: pass (spfquery: domain of [hidden email]
> designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
> envelope-from=[hidden email]; helo=vmta12.addemar.com;
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
I'm stil wondering what's wrong with my DNS servers and ASSP. I installed pdns-recorsor on the same host where ASSP is running and I have installed bind on a second VM.
I tested those name server and they work as expected but ASSP still has troubles with some request. Not always, but A LOT.
In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com'

Sometimes it has the SPF records for hotmail.com, but many times it doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works. Same for "host -t txt hotmail.com 10.1.1.11".

Here's an example in maillog.txt with SPFDebug enabled:


Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> info: found message size announcement: 13.26 kByte
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> Message-Score: added -10 (tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets for 10.1.1.11
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question: 246.2.47.104.in-addr.arpa. IN PTR
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer: 246.2.47.104.in-addr.arpa. 3600 IN PTR (
                mail-db5eur01hn0246.outbound.protection.outlook.com. )
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type 'ANY' to nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type 'ANY' to nameserver 10.1.1.11 ID 20981
Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver 127.0.0.1
Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA ( ns1.msft.net. msnhst.microsoft.com.
                                        2016070805 ;serial
                                        7200 ;refresh
                                        900 ;retry
                                        2419200 ;expire
                                        3600 ;minimum
                )
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS ns1.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS ns3.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS ns4.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS ns2.msft.net.
Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68 x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce message detected
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the connection will now be moved in to the Full-Transparent-Proxy mode
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more) data readable from x.x.x.139 (connection closed by peer) - Connection reset by peer - last command was 'RCPT TO'
Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139 - processing time 0 seconds
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip Message-Score: added -2 for 65.54.190.0 in griplist (0.18), total score for this message is now -12
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89 <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch - hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header (Cache)
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip Message-Score: added 15 (dkimValencePB) for DKIM domain mismatch - hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header, total score for this message is now 3
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com. IN ANY
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN MX 5 mx1.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN A 65.55.77.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 IN NS ns4.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 IN NS ns3.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN MX 5 mx4.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN A 65.55.85.12
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 IN NS ns1.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425 IN TXT (
                "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
                )
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN MX 5 mx3.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN A 157.55.152.112
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728 IN NS ns2.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN A 157.56.172.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN MX 5 mx2.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - _dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - _dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com. 2125 IN TXT (
                "v=DMARC1; p=none; pct=100; rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
                )
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89 <[hidden email]> to: JMRP@snip info: domain hotmail.com has published a DMARC record
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe '@hotmail.com'
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: Mail::SPF::Server, 564, hotmail.com SPF
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: Mail::SPF::Server, 564, hotmail.com TXT
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip identity:[hidden email]
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip scope:mfrom
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip spf_record:
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com'
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com') receiver=mx101.snip; identity=mailfrom; envelope-from="[hidden email]"; helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89 mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 8
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89 <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM policies defined in the DMARC record for domain hotmail.com - there is no DKIM-signature found in this mail for domain hotmail.com
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com. 2125 IN TXT (
                "v=DMARC1; p=none; pct=100; rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
                )
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 - 89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 - 89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID 43820
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: 89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: 89.190.54.65.sa.senderbase.org. 19937 IN TXT (
                "0-0=1|1=MICROSOFT HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
                )
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from nameserver 127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK] 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint about message from 10 164 74 35]


any idea's?


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 12:52:29
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> >But why is this a temperror?
>
> assp was unable to get a qualified result for the query using Mail::SPF -
> that's all
> most times this is caused by a DNS timeout
>
> Thomas
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 11:53
> Betreff:        [Assp-user] SPF_temperror,_why?
>
>
>
> Many of the emails that passed ASSP have headers like this:
>
> X-Assp-Received-SPF: temperror ip=217.148.21.174
> mailfrom=[hidden email] helo=vmta12.addemar.com
>
> But why is this a temperror?
>
>
> If I use 'spfquery' command line I get:
>
> # spfquery --mail-from [hidden email] -i 217.148.21.174 -h
> vmta12.addemar.com
> pass
> Please see
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> 217.148.21.128/25 contains 217.148.21.174
> spfquery: domain of [hidden email] designates 217.148.21.174
> as permitted sender
> Received-SPF: pass (spfquery: domain of [hidden email]
> designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
> envelope-from=[hidden email]; helo=vmta12.addemar.com;
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
>Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com SPF

------------------------------------------------------------------------------------------
=item B<query_rr_types>

For which RR types to query when looking up and selecting SPF records. The
following values are supported:

=over

=item B<< Mail::SPF::Server->query_rr_type_all >>

Both C<TXT> and C<SPF> type RRs.

=item B<< Mail::SPF::Server->query_rr_type_txt >> (default)

C<TXT> type RRs only.

=item B<< Mail::SPF::Server->query_rr_type_spf >>

C<SPF> type RRs only.

=back

For years B<Mail::SPF> has defaulted to looking up both C<SPF> and C<TXT>
type
RRs as recommended by RFC 4408.  Experience has shown, however, that a
significant portion of name servers suffer from serious brain damage with
regard to the handling of queries for RR types that are unknown to them,
such
as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to looking
up
only C<TXT> type RRs.  This may be overridden by setting the
B<query_rr_types>
option.

See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
description
of the L</select_record> method.
------------------------------------------------------------------------------------------

Seems your Mail::SPF module is outdated - use 2.009

ASSP uses the default.

Thomas





Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  18.07.2016 19:27
Betreff:        Re: [Assp-user] SPF_temperror,_why?



I'm stil wondering what's wrong with my DNS servers and ASSP. I installed
pdns-recorsor on the same host where ASSP is running and I have installed
bind on a second VM.
I tested those name server and they work as expected but ASSP still has
troubles with some request. Not always, but A LOT.
In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS
'SPF' lookup of 'hotmail.com'

Sometimes it has the SPF records for hotmail.com, but many times it
doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works. Same
for "host -t txt hotmail.com 10.1.1.11".

Here's an example in maillog.txt with SPFDebug enabled:


Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> info: found message size announcement: 13.26 kByte
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> Message-Score: added -10 (tlsValencePB) for
SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
246.2.47.104.in-addr.arpa.               IN              PTR
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
246.2.47.104.in-addr.arpa.               3600            IN PTR          (

 mail-db5eur01hn0246.outbound.protection.outlook.com. )
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
hotmail.com.             IN              ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
'ANY' to nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
hotmail.com.             IN              ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
'ANY' to nameserver 10.1.1.11 ID 20981
Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (
ns1.msft.net. msnhst.microsoft.com.
  2016070805             ;serial
  7200                           ;refresh
  900                            ;retry
  2419200                                ;expire
  3600                           ;minimum
                                 )
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
ns1.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
ns3.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
ns4.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
ns2.msft.net.
Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
message detected
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
connection will now be moved in to the Full-Transparent-Proxy mode
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
data readable from x.x.x.139 (connection closed by peer) - Connection
reset by peer - last command was 'RCPT TO'
Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139
- processing time 0 seconds
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip Message-Score: added -2 for 65.54.190.0
in griplist (0.18), total score for this message is now -12
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header
(Cache)
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip Message-Score: added 15 (dkimValencePB)
for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
DKIM-Signature found in mail header, total score for this message is now 3
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN  
ANY
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
         MX              5 mx1.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
         A               65.55.77.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
IN               NS              ns4.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
IN               NS              ns3.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
         MX              5 mx4.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
         A               65.55.85.12
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
IN               NS              ns1.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425  IN  
 TXT             (
                                 "v=spf1 include:spf-a.outlook.com
include:spf-b.outlook.com ip4:157.55.9.128/25
include:spf.protection.outlook.com include:spf-a.hotmail.com
include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
                                 )
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
         MX              5 mx3.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
         A               157.55.152.112
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
IN               NS              ns2.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
         A               157.56.172.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
         MX              5 mx2.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
_dmarc.hotmail.com.              IN              TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
_dmarc.hotmail.com.              IN              TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN  
TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125  IN
         TXT             (
                                 "v=DMARC1; p=none; pct=100;
rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
                                 )
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<[hidden email]> to: JMRP@snip info: domain hotmail.com has published a
DMARC record
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
'@hotmail.com'
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com SPF
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com TXT
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip identity:[hidden email]
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip scope:mfrom
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip spf_record:
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error on
DNS 'SPF' lookup of 'hotmail.com'
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
(hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
receiver=mx101.snip; identity=mailfrom; envelope-from="[hidden email]";
helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89
mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
for SPF temperror, total score for this message is now 8
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
policies defined in the DMARC record for domain hotmail.com - there is no
DKIM-signature found in this mail for domain hotmail.com
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com.  
 IN              TXT
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.  
2125             IN              TXT             (
                                 "v=DMARC1; p=none; pct=100;
rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
                                 )
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
89.190.54.65.sa.senderbase.org.          IN              TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
54935
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
89.190.54.65.sa.senderbase.org.          IN              TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
43820
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was:
89.190.54.65.sa.senderbase.org.          IN              TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
89.190.54.65.sa.senderbase.org.          19937           IN TXT          (

                                 "0-0=1|1=MICROSOFT
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
                                 )
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint about
message from 10 164 74 35]


any idea's?


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 12:52:29
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> >But why is this a temperror?
>
> assp was unable to get a qualified result for the query using Mail::SPF
-

> that's all
> most times this is caused by a DNS timeout
>
> Thomas
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 11:53
> Betreff:        [Assp-user] SPF_temperror,_why?
>
>
>
> Many of the emails that passed ASSP have headers like this:
>
> X-Assp-Received-SPF: temperror ip=217.148.21.174
> mailfrom=[hidden email] helo=vmta12.addemar.com
>
> But why is this a temperror?
>
>
> If I use 'spfquery' command line I get:
>
> # spfquery --mail-from [hidden email] -i 217.148.21.174 -h

> vmta12.addemar.com
> pass
> Please see
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:

>
> 217.148.21.128/25 contains 217.148.21.174
> spfquery: domain of [hidden email] designates
217.148.21.174
> as permitted sender
> Received-SPF: pass (spfquery: domain of [hidden email]
> designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;

> envelope-from=[hidden email]; helo=vmta12.addemar.com;
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
I'm using 2.008  while ASSP says "2.007" is required.
Should upgrading to 2.009 fix this issue?


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 19:49:45
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
>
> ------------------------------------------------------------------------------------------
> =item B<query_rr_types>
>
> For which RR types to query when looking up and selecting SPF records. The
> following values are supported:
>
> =over
>
> =item B<< Mail::SPF::Server->query_rr_type_all >>
>
> Both C<TXT> and C<SPF> type RRs.
>
> =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
>
> C<TXT> type RRs only.
>
> =item B<< Mail::SPF::Server->query_rr_type_spf >>
>
> C<SPF> type RRs only.
>
> =back
>
> For years B<Mail::SPF> has defaulted to looking up both C<SPF> and C<TXT>
> type
> RRs as recommended by RFC 4408.  Experience has shown, however, that a
> significant portion of name servers suffer from serious brain damage with
> regard to the handling of queries for RR types that are unknown to them,
> such
> as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to looking
> up
> only C<TXT> type RRs.  This may be overridden by setting the
> B<query_rr_types>
> option.
>
> See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> description
> of the L</select_record> method.
> ------------------------------------------------------------------------------------------
>
> Seems your Mail::SPF module is outdated - use 2.009
>
> ASSP uses the default.
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  18.07.2016 19:27
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> I'm stil wondering what's wrong with my DNS servers and ASSP. I installed
> pdns-recorsor on the same host where ASSP is running and I have installed
> bind on a second VM.
> I tested those name server and they work as expected but ASSP still has
> troubles with some request. Not always, but A LOT.
> In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS
> 'SPF' lookup of 'hotmail.com'
>
> Sometimes it has the SPF records for hotmail.com, but many times it
> doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works. Same
> for "host -t txt hotmail.com 10.1.1.11".
>
> Here's an example in maillog.txt with SPFDebug enabled:
>
>
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> info: found message size announcement: 13.26 kByte
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> SSL-TLS-connection-OK, total score for this message is now -10
> Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> 246.2.47.104.in-addr.arpa.               IN              PTR
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> 246.2.47.104.in-addr.arpa.               3600            IN PTR          (
>
>  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> hotmail.com.             IN              ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
> 'ANY' to nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> hotmail.com.             IN              ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
> 'ANY' to nameserver 10.1.1.11 ID 20981
> Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (
> ns1.msft.net. msnhst.microsoft.com.
>   2016070805             ;serial
>   7200                           ;refresh
>   900                            ;retry
>   2419200                                ;expire
>   3600                           ;minimum
>                                  )
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
> ns1.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
> ns3.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
> ns4.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS  
> ns2.msft.net.
> Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
> message detected
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> connection will now be moved in to the Full-Transparent-Proxy mode
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> data readable from x.x.x.139 (connection closed by peer) - Connection
> reset by peer - last command was 'RCPT TO'
> Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139
> - processing time 0 seconds
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added -2 for 65.54.190.0
> in griplist (0.18), total score for this message is now -12
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header
> (Cache)
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added 15 (dkimValencePB)
> for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> DKIM-Signature found in mail header, total score for this message is now 3
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN  
> ANY
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
>          MX              5 mx1.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
>          A               65.55.77.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
> IN               NS              ns4.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
> IN               NS              ns3.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
>          MX              5 mx4.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
>          A               65.55.85.12
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
> IN               NS              ns1.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425  IN  
>  TXT             (
>                                  "v=spf1 include:spf-a.outlook.com
> include:spf-b.outlook.com ip4:157.55.9.128/25
> include:spf.protection.outlook.com include:spf-a.hotmail.com
> include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
>          MX              5 mx3.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
>          A               157.55.152.112
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728  
> IN               NS              ns2.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019  IN
>          A               157.56.172.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596  IN
>          MX              5 mx2.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> _dmarc.hotmail.com.              IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> _dmarc.hotmail.com.              IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN  
> TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125  IN
>          TXT             (
>                                  "v=DMARC1; p=none; pct=100;
> rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
> <[hidden email]> to: JMRP@snip info: domain hotmail.com has published a
> DMARC record
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> '@hotmail.com'
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com TXT
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip identity:[hidden email]
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip scope:mfrom
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip spf_record:
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error on
> DNS 'SPF' lookup of 'hotmail.com'
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
> (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> receiver=mx101.snip; identity=mailfrom; envelope-from="[hidden email]";
> helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89
> mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
> for SPF temperror, total score for this message is now 8
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> policies defined in the DMARC record for domain hotmail.com - there is no
> DKIM-signature found in this mail for domain hotmail.com
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com.  
>  IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.  
> 2125             IN              TXT             (
>                                  "v=DMARC1; p=none; pct=100;
> rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> 54935
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> 43820
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> 89.190.54.65.sa.senderbase.org.          19937           IN TXT          (
>
>                                  "0-0=1|1=MICROSOFT
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
>
> Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 54935
> Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint about
> message from 10 164 74 35]
>
>
> any idea's?
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 12:52:29
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > >But why is this a temperror?
> >
> > assp was unable to get a qualified result for the query using Mail::SPF
> -
> > that's all
> > most times this is caused by a DNS timeout
> >
> > Thomas
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     [hidden email]
> > Datum:  18.07.2016 11:53
> > Betreff:        [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > Many of the emails that passed ASSP have headers like this:
> >
> > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > mailfrom=[hidden email] helo=vmta12.addemar.com
> >
> > But why is this a temperror?
> >
> >
> > If I use 'spfquery' command line I get:
> >
> > # spfquery --mail-from [hidden email] -i 217.148.21.174 -h
>
> > vmta12.addemar.com
> > pass
> > Please see
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> >
> > 217.148.21.128/25 contains 217.148.21.174
> > spfquery: domain of [hidden email] designates
> 217.148.21.174
> > as permitted sender
> > Received-SPF: pass (spfquery: domain of [hidden email]
> > designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
>
> > envelope-from=[hidden email]; helo=vmta12.addemar.com;
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES

Thomas





Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  18.07.2016 19:56
Betreff:        Re: [Assp-user] SPF_temperror,_why?



I'm using 2.008  while ASSP says "2.007" is required.
Should upgrading to 2.009 fix this issue?


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 19:49:45
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
>
>
------------------------------------------------------------------------------------------
> =item B<query_rr_types>
>
> For which RR types to query when looking up and selecting SPF records.
The

> following values are supported:
>
> =over
>
> =item B<< Mail::SPF::Server->query_rr_type_all >>
>
> Both C<TXT> and C<SPF> type RRs.
>
> =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
>
> C<TXT> type RRs only.
>
> =item B<< Mail::SPF::Server->query_rr_type_spf >>
>
> C<SPF> type RRs only.
>
> =back
>
> For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
C<TXT>
> type
> RRs as recommended by RFC 4408.  Experience has shown, however, that a
> significant portion of name servers suffer from serious brain damage
with
> regard to the handling of queries for RR types that are unknown to them,

> such
> as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
looking
> up
> only C<TXT> type RRs.  This may be overridden by setting the
> B<query_rr_types>
> option.
>
> See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> description
> of the L</select_record> method.
>
------------------------------------------------------------------------------------------

>
> Seems your Mail::SPF module is outdated - use 2.009
>
> ASSP uses the default.
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  18.07.2016 19:27
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> I'm stil wondering what's wrong with my DNS servers and ASSP. I
installed
> pdns-recorsor on the same host where ASSP is running and I have
installed
> bind on a second VM.
> I tested those name server and they work as expected but ASSP still has
> troubles with some request. Not always, but A LOT.
> In my maillog.txt I see a lot of these: hotmail.com: Unknown error on
DNS
> 'SPF' lookup of 'hotmail.com'
>
> Sometimes it has the SPF records for hotmail.com, but many times it
> doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works.
Same

> for "host -t txt hotmail.com 10.1.1.11".
>
> Here's an example in maillog.txt with SPFDebug enabled:
>
>
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> info: found message size announcement: 13.26 kByte
> Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> SSL-TLS-connection-OK, total score for this message is now -10
> Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> 246.2.47.104.in-addr.arpa.               IN              PTR
> Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> 246.2.47.104.in-addr.arpa.               3600            IN PTR (
>
>  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> hotmail.com.             IN              ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
type
> 'ANY' to nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> hotmail.com.             IN              ANY
> Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
type
> 'ANY' to nameserver 10.1.1.11 ID 20981
> Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (

> ns1.msft.net. msnhst.microsoft.com.
>   2016070805             ;serial
>   7200                           ;refresh
>   900                            ;retry
>   2419200                                ;expire
>   3600                           ;minimum
>                                  )
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> ns1.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> ns3.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> ns4.msft.net.
> Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> ns2.msft.net.
> Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 15404
> Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce

> message detected
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> connection will now be moved in to the Full-Transparent-Proxy mode
> Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> data readable from x.x.x.139 (connection closed by peer) - Connection
> reset by peer - last command was 'RCPT TO'
> Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
x.x.x.139
> - processing time 0 seconds
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added -2 for
65.54.190.0
> in griplist (0.18), total score for this message is now -12
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
header
> (Cache)
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added 15
(dkimValencePB)
> for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> DKIM-Signature found in mail header, total score for this message is now
3
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN
> ANY
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
IN
>          MX              5 mx1.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
IN
>          A               65.55.77.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> IN               NS              ns4.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> IN               NS              ns3.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
IN
>          MX              5 mx4.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
IN
>          A               65.55.85.12
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> IN               NS              ns1.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425 IN
 
>  TXT             (
>                                  "v=spf1 include:spf-a.outlook.com
> include:spf-b.outlook.com ip4:157.55.9.128/25
> include:spf.protection.outlook.com include:spf-a.hotmail.com
> include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
IN
>          MX              5 mx3.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
IN
>          A               157.55.152.112
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> IN               NS              ns2.msft.net.
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
IN
>          A               157.56.172.28
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
IN

>          MX              5 mx2.hotmail.com.
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> _dmarc.hotmail.com.              IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> _dmarc.hotmail.com.              IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN
> TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125
IN
>          TXT             (
>                                  "v=DMARC1; p=none; pct=100;
> rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 21607
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
65.54.190.89
> <[hidden email]> to: JMRP@snip info: domain hotmail.com has published
a

> DMARC record
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> '@hotmail.com'
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com SPF
> Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> Mail::SPF::Server, 564, hotmail.com TXT
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip identity:[hidden email]
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip scope:mfrom
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip spf_record:
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error
on
> DNS 'SPF' lookup of 'hotmail.com'
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
> (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> receiver=mx101.snip; identity=mailfrom;
envelope-from="[hidden email]";
> helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
ip=65.54.190.89
> mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)

> for SPF temperror, total score for this message is now 8
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> policies defined in the DMARC record for domain hotmail.com - there is
no
> DKIM-signature found in this mail for domain hotmail.com
> Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> for 10.1.1.11
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
_dmarc.hotmail.com.

>  IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
> 2125             IN              TXT             (
>                                  "v=DMARC1; p=none; pct=100;
> rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> 54935
> Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> 43820
> Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> 127.0.0.1
> Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> 89.190.54.65.sa.senderbase.org.          IN              TXT
> Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
>
>                                  "0-0=1|1=MICROSOFT
>
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
>
> Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
>                                  )
> Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> nameserver 127.0.0.1 ID 54935
> Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
about

> message from 10 164 74 35]
>
>
> any idea's?
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 12:52:29
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > >But why is this a temperror?
> >
> > assp was unable to get a qualified result for the query using
Mail::SPF

> -
> > that's all
> > most times this is caused by a DNS timeout
> >
> > Thomas
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     [hidden email]
> > Datum:  18.07.2016 11:53
> > Betreff:        [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > Many of the emails that passed ASSP have headers like this:
> >
> > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > mailfrom=[hidden email] helo=vmta12.addemar.com
> >
> > But why is this a temperror?
> >
> >
> > If I use 'spfquery' command line I get:
> >
> > # spfquery --mail-from [hidden email] -i 217.148.21.174
-h
>
> > vmta12.addemar.com
> > pass
> > Please see
> >
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:

>
> >
> > 217.148.21.128/25 contains 217.148.21.174
> > spfquery: domain of [hidden email] designates
> 217.148.21.174
> > as permitted sender
> > Received-SPF: pass (spfquery: domain of [hidden email]
> > designates 217.148.21.174 as permitted sender)
client-ip=217.148.21.174;
>
> > envelope-from=[hidden email]; helo=vmta12.addemar.com;
> >
> >
>
------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and
protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for
NetFlow,

>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of

> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
Thanks. Will try it in a couple minutes!

Are there other modules that needs updating for ASSP to work well? I just made sure at least the version ASSP recommends was installed and this is my installation:

Module Name Module Version Module Status Download
show module load errors installed / required(recommended) show all loaded modules
ASSP_FC 1.05 / 1.05 enabled sourceforge
ASSP_SVG 1.03 / 1.03 enabled sourceforge
ASSP_WordStem 1.27 / 1.27 enabled sourceforge
AsspSelfLoader 2.03 / 2.03 enabled sourceforge
Authen::SASL 2.16 / 2.16 enabled CPAN
BerkeleyDB 0.51 / 0.42 enabled CPAN
BerkeleyDB_DBEngine 5.3 / 4.5 enabled oracle
Compress::Zlib 2.069 / 2.069 enabled CPAN
Convert::TNEF disabled by Module Setup / 0.17 is disabled in config CPAN
DB_File disabled by Module Setup / 1.816 is disabled in config CPAN
Digest::MD5 2.55 / 2.54 enabled CPAN
Digest::SHA1 2.13 / 2.13 enabled CPAN
Email::MIME 1.937 / 1.936 enabled CPAN
Email::Send 2.201 / 2.201 enabled CPAN
File::ReadBackwards 1.05 / 1.05 enabled CPAN
File::Scan::ClamAV 1.93 / 1.93 enabled CPAN
IO::Poll 0.09 / 0.07 enabled CPAN
IO::Select 1.21 / 1.21 enabled CPAN
IO::Socket::INET6 not installed / 2.67 is not detected ( enableINET6 is not set ) CPAN
IO::Socket::SSL 2.031 / 2.020 enabled CPAN
LWP::Simple 6.15 / 6.13 enabled CPAN
MIME::Types 2.13 / 2.11 enabled CPAN
Mail::DKIM::Verifier 0.39 / 0.38 enabled CPAN
Mail::SPF 2.009 / 2.007 enabled CPAN
Mail::SPF::Query 1.999001 / 1.999001 enabled CPAN
Mail::SRS disabled by Module Setup / 0.31 is disabled in config CPAN
Net::CIDR::Lite 0.21 / 0.21 enabled CPAN
Net::DNS 1.06 / 1.03 enabled CPAN
Net::IP 1.57 / 1.56 enabled CPAN
Net::LDAP 0.65 / 0.65 enabled CPAN
Net::SMTP 3.08 / 3.07 enabled CPAN
Net::SMTP::SSL 1.02 / 1.01 enabled CPAN
Net::SSLeay 1.74 / 1.72 enabled CPAN
NetAddr::IP::Lite 1.57 / 1.56 enabled CPAN
NetSNMP::agent disabled by Module Setup / 5.05 is disabled in config CPAN
OpenSSL 1.0.1e-fips 1.0.1e-fips / 0.9.8 enabled OpenSSL
OpenSSL-lib 1.0.1e-fips 11 Feb 2013 1.0.1e-fips / 1.0.1h enabled OpenSSL
PerlIO::scalar 0.14_01 / 0.14_01 enabled CPAN
Regexp::Optimizer 0.23 / 0.23 enabled CPAN
Schedule::Cron 1.01 / 1.01 enabled CPAN
Sys::CpuAffinity 1.06 / 1.06 enabled CPAN
Sys::MemInfo 0.91 / 0.91 enabled CPAN
Sys::Syslog 0.34 / 0.25 enabled CPAN
Text::Unidecode 1.27 / 1.27 enabled CPAN
Thread::Queue 3.11 / 3.07 enabled CPAN
Thread::State 0.09 / 0.09 enabled CPAN
Tie::RDBM 0.73 / 0.73 enabled CPAN
Time::HiRes 1.9739 / 1.9726 enabled CPAN
Unicode::GCString 2013.10 / 2013.10 enabled CPAN
threads 2.09 / 2.02 enabled CPAN
threads::shared 1.52 / 1.48 enabled


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 20:08:54
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  18.07.2016 19:56
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> I'm using 2.008  while ASSP says "2.007" is required.
> Should upgrading to 2.009 fix this issue?
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 19:49:45
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com SPF
> >
> >
> ------------------------------------------------------------------------------------------
> > =item B<query_rr_types>
> >
> > For which RR types to query when looking up and selecting SPF records.
> The
> > following values are supported:
> >
> > =over
> >
> > =item B<< Mail::SPF::Server->query_rr_type_all >>
> >
> > Both C<TXT> and C<SPF> type RRs.
> >
> > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> >
> > C<TXT> type RRs only.
> >
> > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> >
> > C<SPF> type RRs only.
> >
> > =back
> >
> > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> C<TXT>
> > type
> > RRs as recommended by RFC 4408.  Experience has shown, however, that a
> > significant portion of name servers suffer from serious brain damage
> with
> > regard to the handling of queries for RR types that are unknown to them,
>
> > such
> > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> looking
> > up
> > only C<TXT> type RRs.  This may be overridden by setting the
> > B<query_rr_types>
> > option.
> >
> > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > description
> > of the L</select_record> method.
> >
> ------------------------------------------------------------------------------------------
> >
> > Seems your Mail::SPF module is outdated - use 2.009
> >
> > ASSP uses the default.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     "For Users of ASSP" <[hidden email]>
> > Datum:  18.07.2016 19:27
> > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> installed
> > pdns-recorsor on the same host where ASSP is running and I have
> installed
> > bind on a second VM.
> > I tested those name server and they work as expected but ASSP still has
> > troubles with some request. Not always, but A LOT.
> > In my maillog.txt I see a lot of these: hotmail.com: Unknown error on
> DNS
> > 'SPF' lookup of 'hotmail.com'
> >
> > Sometimes it has the SPF records for hotmail.com, but many times it
> > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works.
> Same
> > for "host -t txt hotmail.com 10.1.1.11".
> >
> > Here's an example in maillog.txt with SPFDebug enabled:
> >
> >
> > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> info: found message size announcement: 13.26 kByte
> > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > SSL-TLS-connection-OK, total score for this message is now -10
> > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > 246.2.47.104.in-addr.arpa.               IN              PTR
> > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> >
> >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > hotmail.com.             IN              ANY
> > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> type
> > 'ANY' to nameserver 127.0.0.1 ID 15404
> > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > hotmail.com.             IN              ANY
> > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> type
> > 'ANY' to nameserver 10.1.1.11 ID 20981
> > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (
>
> > ns1.msft.net. msnhst.microsoft.com.
> >   2016070805             ;serial
> >   7200                           ;refresh
> >   900                            ;retry
> >   2419200                                ;expire
> >   3600                           ;minimum
> >                                  )
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns1.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns3.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns4.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns2.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 15404
> > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
>
> > message detected
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > connection will now be moved in to the Full-Transparent-Proxy mode
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> > data readable from x.x.x.139 (connection closed by peer) - Connection
> > reset by peer - last command was 'RCPT TO'
> > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> x.x.x.139
> > - processing time 0 seconds
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> 65.54.190.0
> > in griplist (0.18), total score for this message is now -12
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> header
> > (Cache)
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added 15
> (dkimValencePB)
> > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > DKIM-Signature found in mail header, total score for this message is now
> 3
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN
> > ANY
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx1.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               65.55.77.28
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns4.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns3.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx4.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               65.55.85.12
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns1.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425 IN
>  
> >  TXT             (
> >                                  "v=spf1 include:spf-a.outlook.com
> > include:spf-b.outlook.com ip4:157.55.9.128/25
> > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx3.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               157.55.152.112
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns2.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               157.56.172.28
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx2.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > _dmarc.hotmail.com.              IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > _dmarc.hotmail.com.              IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN
> > TXT
> > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125
> IN
> >          TXT             (
> >                                  "v=DMARC1; p=none; pct=100;
> > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 21607
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> 65.54.190.89
> > <[hidden email]> to: JMRP@snip info: domain hotmail.com has published
> a
> > DMARC record
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > '@hotmail.com'
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com SPF
> > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com TXT
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip scope:mfrom
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip spf_record:
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error
> on
> > DNS 'SPF' lookup of 'hotmail.com'
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
> > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > receiver=mx101.snip; identity=mailfrom;
> envelope-from="[hidden email]";
> > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> ip=65.54.190.89
> > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
>
> > for SPF temperror, total score for this message is now 8
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > policies defined in the DMARC record for domain hotmail.com - there is
> no
> > DKIM-signature found in this mail for domain hotmail.com
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> _dmarc.hotmail.com.
> >  IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
> > 2125             IN              TXT             (
> >                                  "v=DMARC1; p=none; pct=100;
> > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> > 54935
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> > 43820
> > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> >
> >                                  "0-0=1|1=MICROSOFT
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> >
> > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 54935
> > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
> about
> > message from 10 164 74 35]
> >
> >
> > any idea's?
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 12:52:29
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > >But why is this a temperror?
> > >
> > > assp was unable to get a qualified result for the query using
> Mail::SPF
> > -
> > > that's all
> > > most times this is caused by a DNS timeout
> > >
> > > Thomas
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     [hidden email]
> > > Datum:  18.07.2016 11:53
> > > Betreff:        [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > Many of the emails that passed ASSP have headers like this:
> > >
> > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > >
> > > But why is this a temperror?
> > >
> > >
> > > If I use 'spfquery' command line I get:
> > >
> > > # spfquery --mail-from [hidden email] -i 217.148.21.174
> -h
> >
> > > vmta12.addemar.com
> > > pass
> > > Please see
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> >
> > >
> > > 217.148.21.128/25 contains 217.148.21.174
> > > spfquery: domain of [hidden email] designates
> > 217.148.21.174
> > > as permitted sender
> > > Received-SPF: pass (spfquery: domain of [hidden email]
> > > designates 217.148.21.174 as permitted sender)
> client-ip=217.148.21.174;
> >
> > > envelope-from=[hidden email]; helo=vmta12.addemar.com;
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> >
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
>
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:

# grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc -l
444

# grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc -l
258


# grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep -i hotmail
Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 5
Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -6
Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -6
Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 10
Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 7
Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -6
Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -8
Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -6
Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 9
Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now -6
Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 8
Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 8





----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 20:08:54
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  18.07.2016 19:56
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> I'm using 2.008  while ASSP says "2.007" is required.
> Should upgrading to 2.009 fix this issue?
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 19:49:45
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com SPF
> >
> >
> ------------------------------------------------------------------------------------------
> > =item B<query_rr_types>
> >
> > For which RR types to query when looking up and selecting SPF records.
> The
> > following values are supported:
> >
> > =over
> >
> > =item B<< Mail::SPF::Server->query_rr_type_all >>
> >
> > Both C<TXT> and C<SPF> type RRs.
> >
> > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> >
> > C<TXT> type RRs only.
> >
> > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> >
> > C<SPF> type RRs only.
> >
> > =back
> >
> > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> C<TXT>
> > type
> > RRs as recommended by RFC 4408.  Experience has shown, however, that a
> > significant portion of name servers suffer from serious brain damage
> with
> > regard to the handling of queries for RR types that are unknown to them,
>
> > such
> > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> looking
> > up
> > only C<TXT> type RRs.  This may be overridden by setting the
> > B<query_rr_types>
> > option.
> >
> > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > description
> > of the L</select_record> method.
> >
> ------------------------------------------------------------------------------------------
> >
> > Seems your Mail::SPF module is outdated - use 2.009
> >
> > ASSP uses the default.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     "For Users of ASSP" <[hidden email]>
> > Datum:  18.07.2016 19:27
> > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> installed
> > pdns-recorsor on the same host where ASSP is running and I have
> installed
> > bind on a second VM.
> > I tested those name server and they work as expected but ASSP still has
> > troubles with some request. Not always, but A LOT.
> > In my maillog.txt I see a lot of these: hotmail.com: Unknown error on
> DNS
> > 'SPF' lookup of 'hotmail.com'
> >
> > Sometimes it has the SPF records for hotmail.com, but many times it
> > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works.
> Same
> > for "host -t txt hotmail.com 10.1.1.11".
> >
> > Here's an example in maillog.txt with SPFDebug enabled:
> >
> >
> > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> info: found message size announcement: 13.26 kByte
> > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > SSL-TLS-connection-OK, total score for this message is now -10
> > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > 246.2.47.104.in-addr.arpa.               IN              PTR
> > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> >
> >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > hotmail.com.             IN              ANY
> > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> type
> > 'ANY' to nameserver 127.0.0.1 ID 15404
> > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > hotmail.com.             IN              ANY
> > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> type
> > 'ANY' to nameserver 10.1.1.11 ID 20981
> > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (
>
> > ns1.msft.net. msnhst.microsoft.com.
> >   2016070805             ;serial
> >   7200                           ;refresh
> >   900                            ;retry
> >   2419200                                ;expire
> >   3600                           ;minimum
> >                                  )
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns1.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns3.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns4.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > ns2.msft.net.
> > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 15404
> > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
>
> > message detected
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > connection will now be moved in to the Full-Transparent-Proxy mode
> > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> > data readable from x.x.x.139 (connection closed by peer) - Connection
> > reset by peer - last command was 'RCPT TO'
> > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> x.x.x.139
> > - processing time 0 seconds
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> 65.54.190.0
> > in griplist (0.18), total score for this message is now -12
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> header
> > (Cache)
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added 15
> (dkimValencePB)
> > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > DKIM-Signature found in mail header, total score for this message is now
> 3
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN
> > ANY
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx1.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               65.55.77.28
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns4.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns3.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx4.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               65.55.85.12
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns1.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425 IN
>  
> >  TXT             (
> >                                  "v=spf1 include:spf-a.outlook.com
> > include:spf-b.outlook.com ip4:157.55.9.128/25
> > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx3.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               157.55.152.112
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > IN               NS              ns2.msft.net.
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> IN
> >          A               157.56.172.28
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> IN
> >          MX              5 mx2.hotmail.com.
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > _dmarc.hotmail.com.              IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > _dmarc.hotmail.com.              IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN
> > TXT
> > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125
> IN
> >          TXT             (
> >                                  "v=DMARC1; p=none; pct=100;
> > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 21607
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> 65.54.190.89
> > <[hidden email]> to: JMRP@snip info: domain hotmail.com has published
> a
> > DMARC record
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > '@hotmail.com'
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com SPF
> > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > Mail::SPF::Server, 564, hotmail.com TXT
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip scope:mfrom
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip spf_record:
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error
> on
> > DNS 'SPF' lookup of 'hotmail.com'
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
> > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > receiver=mx101.snip; identity=mailfrom;
> envelope-from="[hidden email]";
> > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> ip=65.54.190.89
> > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
>
> > for SPF temperror, total score for this message is now 8
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > policies defined in the DMARC record for domain hotmail.com - there is
> no
> > DKIM-signature found in this mail for domain hotmail.com
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > for 10.1.1.11
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> _dmarc.hotmail.com.
> >  IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
> > 2125             IN              TXT             (
> >                                  "v=DMARC1; p=none; pct=100;
> > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> > 54935
> > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> > 43820
> > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > 127.0.0.1
> > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> >
> >                                  "0-0=1|1=MICROSOFT
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> >
> > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> >                                  )
> > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > nameserver 127.0.0.1 ID 54935
> > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
> about
> > message from 10 164 74 35]
> >
> >
> > any idea's?
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 12:52:29
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > >But why is this a temperror?
> > >
> > > assp was unable to get a qualified result for the query using
> Mail::SPF
> > -
> > > that's all
> > > most times this is caused by a DNS timeout
> > >
> > > Thomas
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     [hidden email]
> > > Datum:  18.07.2016 11:53
> > > Betreff:        [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > Many of the emails that passed ASSP have headers like this:
> > >
> > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > >
> > > But why is this a temperror?
> > >
> > >
> > > If I use 'spfquery' command line I get:
> > >
> > > # spfquery --mail-from [hidden email] -i 217.148.21.174
> -h
> >
> > > vmta12.addemar.com
> > > pass
> > > Please see
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> >
> > >
> > > 217.148.21.128/25 contains 217.148.21.174
> > > spfquery: domain of [hidden email] designates
> > 217.148.21.174
> > > as permitted sender
> > > Received-SPF: pass (spfquery: domain of [hidden email]
> > > designates 217.148.21.174 as permitted sender)
> client-ip=217.148.21.174;
> >
> > > envelope-from=[hidden email]; helo=vmta12.addemar.com;
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> >
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
>
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
It looks like there's a problem with DNS in general but it's not always a problem:

# grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not available'

Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90 <[hidden email]> to: [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80 <[hidden email]> to:  [hidden email] [scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35 <[hidden email]> to:[hidden email] [scoring] (DKIM signature invalid) - public key: not available

 The DNS servers also seem to work fine for every other services but as you can see, sometimes ASSP is unable to find the public key for hotmail.com ?

I'm using Net::DNS 1.06. This version is okay, right?

Regards


----- Original Message -----
From: Andy Knuts [mailto:[hidden email]]
To:
For Users of ASSP [mailto:[hidden email]]
Sent: Wed, 20 Jul
2016 00:13:16 +0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
>
> # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc -l
> 444
>
> # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc -l
> 258
>
>
> # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep -i
> hotmail
> Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 5
> Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for
> this message is now -6
> Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now -6
> Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 10
> Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 7
> Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for
> this message is now -6
> Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for
> this message is now -8
> Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for
> this message is now -6
> Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 9
> Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now -6
> Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 8
> Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for
> this message is now 8
>
>
>
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 20:08:54
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     "For Users of ASSP" <[hidden email]>
> > Datum:  18.07.2016 19:56
> > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > I'm using 2.008  while ASSP says "2.007" is required.
> > Should upgrading to 2.009 fix this issue?
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 19:49:45
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com SPF
> > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > =item B<query_rr_types>
> > >
> > > For which RR types to query when looking up and selecting SPF records.
> > The
> > > following values are supported:
> > >
> > > =over
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > >
> > > Both C<TXT> and C<SPF> type RRs.
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > >
> > > C<TXT> type RRs only.
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > >
> > > C<SPF> type RRs only.
> > >
> > > =back
> > >
> > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> > C<TXT>
> > > type
> > > RRs as recommended by RFC 4408.  Experience has shown, however, that a
> > > significant portion of name servers suffer from serious brain damage
> > with
> > > regard to the handling of queries for RR types that are unknown to them,
>
> >
> > > such
> > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > looking
> > > up
> > > only C<TXT> type RRs.  This may be overridden by setting the
> > > B<query_rr_types>
> > > option.
> > >
> > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > > description
> > > of the L</select_record> method.
> > >
> >
> ------------------------------------------------------------------------------------------
> > >
> > > Seems your Mail::SPF module is outdated - use 2.009
> > >
> > > ASSP uses the default.
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     "For Users of ASSP" <[hidden email]>
> > > Datum:  18.07.2016 19:27
> > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > installed
> > > pdns-recorsor on the same host where ASSP is running and I have
> > installed
> > > bind on a second VM.
> > > I tested those name server and they work as expected but ASSP still has
> > > troubles with some request. Not always, but A LOT.
> > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error on
> > DNS
> > > 'SPF' lookup of 'hotmail.com'
> > >
> > > Sometimes it has the SPF records for hotmail.com, but many times it
> > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works.
> > Same
> > > for "host -t txt hotmail.com 10.1.1.11".
> > >
> > > Here's an example in maillog.txt with SPFDebug enabled:
> > >
> > >
> > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> info: found message size announcement: 13.26 kByte
> > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > SSL-TLS-connection-OK, total score for this message is now -10
> > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > >
> > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > > hotmail.com.             IN              ANY
> > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> > type
> > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > > hotmail.com.             IN              ANY
> > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
> > type
> > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
> > > 127.0.0.1
> > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN  SOA  (
>
> >
> > > ns1.msft.net. msnhst.microsoft.com.
> > >   2016070805             ;serial
> > >   7200                           ;refresh
> > >   900                            ;retry
> > >   2419200                                ;expire
> > >   3600                           ;minimum
> > >                                  )
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > > ns1.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > > ns3.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > > ns4.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN  NS
> > > ns2.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 15404
> > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
>
> >
> > > message detected
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
> > > data readable from x.x.x.139 (connection closed by peer) - Connection
> > > reset by peer - last command was 'RCPT TO'
> > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > x.x.x.139
> > > - processing time 0 seconds
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > 65.54.190.0
> > > in griplist (0.18), total score for this message is now -12
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> > header
> > > (Cache)
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > (dkimValencePB)
> > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > DKIM-Signature found in mail header, total score for this message is now
>
> > 3
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.  IN
> > > ANY
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> > IN
> > >          MX              5 mx1.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> > IN
> > >          A               65.55.77.28
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > > IN               NS              ns4.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > > IN               NS              ns3.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> > IN
> > >          MX              5 mx4.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> > IN
> > >          A               65.55.85.12
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > > IN               NS              ns1.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  425 IN
>
> >  
> > >  TXT             (
> > >                                  "v=spf1 include:spf-a.outlook.com
> > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> > IN
> > >          MX              5 mx3.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> > IN
> > >          A               157.55.152.112
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  86728
> > > IN               NS              ns2.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  3019
> > IN
> > >          A               157.56.172.28
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.  1596
> > IN
> > >          MX              5 mx2.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > > _dmarc.hotmail.com.              IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > > _dmarc.hotmail.com.              IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > > 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.  IN
> > > TXT
> > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.  2125
> > IN
> > >          TXT             (
> > >                                  "v=DMARC1; p=none; pct=100;
> > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 21607
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > 65.54.190.89
> > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has published
>
> > a
> > > DMARC record
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > '@hotmail.com'
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com SPF
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com TXT
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip spf_record:
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown error
> > on
> > > DNS 'SPF' lookup of 'hotmail.com'
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF: temperror
> > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > receiver=mx101.snip; identity=mailfrom;
> > envelope-from="[hidden email]";
> > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > ip=65.54.190.89
> > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
>
> >
> > > for SPF temperror, total score for this message is now 8
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > > policies defined in the DMARC record for domain hotmail.com - there is
> > no
> > > DKIM-signature found in this mail for domain hotmail.com
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > _dmarc.hotmail.com.
> > >  IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
> > > 2125             IN              TXT             (
> > >                                  "v=DMARC1; p=none; pct=100;
> > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
> > > 54935
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
> > > 43820
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
> > > 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > >
> > >                                  "0-0=1|1=MICROSOFT
> > >
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > >
> > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 54935
> > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
> > about
> > > message from 10 164 74 35]
> > >
> > >
> > > any idea's?
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 12:52:29
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > >But why is this a temperror?
> > > >
> > > > assp was unable to get a qualified result for the query using
> > Mail::SPF
> > > -
> > > > that's all
> > > > most times this is caused by a DNS timeout
> > > >
> > > > Thomas
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     [hidden email]
> > > > Datum:  18.07.2016 11:53
> > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > Many of the emails that passed ASSP have headers like this:
> > > >
> > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > >
> > > > But why is this a temperror?
> > > >
> > > >
> > > > If I use 'spfquery' command line I get:
> > > >
> > > > # spfquery --mail-from [hidden email] -i 217.148.21.174
> > -h
> > >
> > > > vmta12.addemar.com
> > > > pass
> > > > Please see
> > > >
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
> >
> > >
> > > >
> > > > 217.148.21.128/25 contains 217.148.21.174
> > > > spfquery: domain of [hidden email] designates
> > > 217.148.21.174
> > > > as permitted sender
> > > > Received-SPF: pass (spfquery: domain of [hidden email]
> > > > designates 217.148.21.174 as permitted sender)
> > client-ip=217.148.21.174;
> > >
> > > > envelope-from=[hidden email]; helo=vmta12.addemar.com;
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> > protocols
> > >
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > >
> > > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the use of
>
> >
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and protocols
>
> >
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> >
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential, legally
> > privileged and protected in law and are intended solely for the use of the
>
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
I got the same error for hotmail.com DKIM signatures.

hotmail.com _domainkey selector 1 is :

 
"v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
iKTsOP6A7vQxfSya9jg5"
 
"N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
+Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"


For what ever reason, Mail::DKIM is unable to fetch() the public key.
There is nothing you can do.

Thomas



Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  20.07.2016 00:35
Betreff:        Re: [Assp-user] SPF_temperror,_why?



It looks like there's a problem with DNS in general but it's not always a
problem:

# grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not
available'

Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91
<[hidden email]> to: [hidden email] [scoring] (DKIM signature
invalid) - public key: not available
Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87
<[hidden email]> to: [hidden email] [scoring] (DKIM
signature invalid) - public key: not available
Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215
<[hidden email]> to: [hidden email] [scoring] (DKIM
signature invalid) - public key: not available
Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39
<[hidden email]> to: [hidden email] [scoring] (DKIM signature
invalid) - public key: not available
Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
<[hidden email]> to: [hidden email] [scoring] (DKIM signature
invalid) - public key: not available
Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90
<[hidden email]> to: [hidden email]
[scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
<[hidden email]> to:  [hidden email]
[scoring] (DKIM signature invalid) - public key: not available
Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35
<[hidden email]> to:[hidden email] [scoring] (DKIM signature
invalid) - public key: not available

 The DNS servers also seem to work fine for every other services but as
you can see, sometimes ASSP is unable to find the public key for
hotmail.com ?

I'm using Net::DNS 1.06. This version is okay, right?

Regards


----- Original Message -----
From: Andy Knuts [mailto:[hidden email]]
To:
For Users of ASSP [mailto:[hidden email]]
Sent: Wed, 20 Jul
2016 00:13:16 +0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
>
> # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc -l
> 444
>
> # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc -l
> 258
>
>
> # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep -i
> hotmail
> Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 5
> Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
for
> this message is now -6
> Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now
-6
> Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> <[hidden email]> to: [hidden email] Message-Score:
added 5
> (spfeValencePB) for SPF temperror, total score for this message is now
10
> Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 7
> Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> <[hidden email]> to:
[hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
for
> this message is now -6
> Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> <[hidden email]> to: [hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
for
> this message is now -8
> Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> <[hidden email]> to:
[hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
for
> this message is now -6
> Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 9
> Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now
-6
> Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> <[hidden email]> to: [hidden email] Message-Score: added 5
> (spfeValencePB) for SPF temperror, total score for this message is now 8
> Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> <[hidden email]> to:
[hidden email]
> Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
for

> this message is now 8
>
>
>
>
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Mon, 18 Jul 2016 20:08:54
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     "For Users of ASSP" <[hidden email]>
> > Datum:  18.07.2016 19:56
> > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > I'm using 2.008  while ASSP says "2.007" is required.
> > Should upgrading to 2.009 fix this issue?
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 19:49:45
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com SPF
> > >
> > >
> >
>
------------------------------------------------------------------------------------------
> > > =item B<query_rr_types>
> > >
> > > For which RR types to query when looking up and selecting SPF
records.

> > The
> > > following values are supported:
> > >
> > > =over
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > >
> > > Both C<TXT> and C<SPF> type RRs.
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > >
> > > C<TXT> type RRs only.
> > >
> > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > >
> > > C<SPF> type RRs only.
> > >
> > > =back
> > >
> > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> > C<TXT>
> > > type
> > > RRs as recommended by RFC 4408.  Experience has shown, however, that
a
> > > significant portion of name servers suffer from serious brain damage

> > with
> > > regard to the handling of queries for RR types that are unknown to
them,

>
> >
> > > such
> > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > looking
> > > up
> > > only C<TXT> type RRs.  This may be overridden by setting the
> > > B<query_rr_types>
> > > option.
> > >
> > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > > description
> > > of the L</select_record> method.
> > >
> >
>
------------------------------------------------------------------------------------------

> > >
> > > Seems your Mail::SPF module is outdated - use 2.009
> > >
> > > ASSP uses the default.
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     "For Users of ASSP" <[hidden email]>
> > > Datum:  18.07.2016 19:27
> > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > installed
> > > pdns-recorsor on the same host where ASSP is running and I have
> > installed
> > > bind on a second VM.
> > > I tested those name server and they work as expected but ASSP still
has
> > > troubles with some request. Not always, but A LOT.
> > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error
on
> > DNS
> > > 'SPF' lookup of 'hotmail.com'
> > >
> > > Sometimes it has the SPF records for hotmail.com, but many times it
> > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always
works.
> > Same
> > > for "host -t txt hotmail.com 10.1.1.11".
> > >
> > > Here's an example in maillog.txt with SPFDebug enabled:
> > >
> > >
> > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> info: found message size announcement: 13.26
kByte
> > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > SSL-TLS-connection-OK, total score for this message is now -10
> > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS
sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > >
> > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -

> > > hotmail.com.             IN              ANY
> > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'

> > type
> > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -

> > > hotmail.com.             IN              ANY
> > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'

> > type
> > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from
nameserver
> > > 127.0.0.1
> > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA
 (

>
> >
> > > ns1.msft.net. msnhst.microsoft.com.
> > >   2016070805             ;serial
> > >   7200                           ;refresh
> > >   900                            ;retry
> > >   2419200                                ;expire
> > >   3600                           ;minimum
> > >                                  )
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS
> > > ns1.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS
> > > ns3.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS
> > > ns4.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS
> > > ns2.msft.net.
> > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 15404
> > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139
bounce
>
> >
> > > message detected
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no
(more)
> > > data readable from x.x.x.139 (connection closed by peer) -
Connection

> > > reset by peer - last command was 'RCPT TO'
> > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > x.x.x.139
> > > - processing time 0 seconds
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > 65.54.190.0
> > > in griplist (0.18), total score for this message is now -12
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> > header
> > > (Cache)
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > (dkimValencePB)
> > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > DKIM-Signature found in mail header, total score for this message is
now
>
> > 3
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.
IN
> > > ANY
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
1596
> > IN
> > >          MX              5 mx1.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
3019
> > IN
> > >          A               65.55.77.28
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
86728
> > > IN               NS              ns4.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
86728
> > > IN               NS              ns3.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
1596
> > IN
> > >          MX              5 mx4.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
3019
> > IN
> > >          A               65.55.85.12
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
86728
> > > IN               NS              ns1.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425
IN
>
> >
> > >  TXT             (
> > >                                  "v=spf1 include:spf-a.outlook.com
> > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com
~all"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
1596
> > IN
> > >          MX              5 mx3.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
3019
> > IN
> > >          A               157.55.152.112
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
86728
> > > IN               NS              ns2.msft.net.
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
3019
> > IN
> > >          A               157.56.172.28
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
1596
> > IN
> > >          MX              5 mx2.hotmail.com.
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -

> > > _dmarc.hotmail.com.              IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -

> > > _dmarc.hotmail.com.              IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
nameserver
> > > 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.
IN
> > > TXT
> > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.
2125

> > IN
> > >          TXT             (
> > >                                  "v=DMARC1; p=none; pct=100;
> > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 21607
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > 65.54.190.89
> > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has
published
>
> > a
> > > DMARC record
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > '@hotmail.com'
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain
hotmail.com -

> > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com SPF
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > Mail::SPF::Server, 564, hotmail.com TXT
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip spf_record:
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown
error
> > on
> > > DNS 'SPF' lookup of 'hotmail.com'
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF:
temperror

> > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > receiver=mx101.snip; identity=mailfrom;
> > envelope-from="[hidden email]";
> > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > ip=65.54.190.89
> > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip Message-Score: added 5
(spfeValencePB)
>
> >
> > > for SPF temperror, total score for this message is now 8
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > > policies defined in the DMARC record for domain hotmail.com - there
is
> > no
> > > DKIM-signature found in this mail for domain hotmail.com
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
sockets
> > > for 10.1.1.11
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > _dmarc.hotmail.com.
> > >  IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer:
_dmarc.hotmail.com.
> > > 2125             IN              TXT             (
> > >                                  "v=DMARC1; p=none; pct=100;
> > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -

> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1
ID
> > > 54935
> > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -

> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11
ID
> > > 43820
> > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
nameserver

> > > 127.0.0.1
> > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > >
> > >                                  "0-0=1|1=MICROSOFT
> > >
> >
>
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > >
> > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > >                                  )
> > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > nameserver 127.0.0.1 ID 54935
> > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint

> > about
> > > message from 10 164 74 35]
> > >
> > >
> > > any idea's?
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 12:52:29
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > >But why is this a temperror?
> > > >
> > > > assp was unable to get a qualified result for the query using
> > Mail::SPF
> > > -
> > > > that's all
> > > > most times this is caused by a DNS timeout
> > > >
> > > > Thomas
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     [hidden email]
> > > > Datum:  18.07.2016 11:53
> > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > Many of the emails that passed ASSP have headers like this:
> > > >
> > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > >
> > > > But why is this a temperror?
> > > >
> > > >
> > > > If I use 'spfquery' command line I get:
> > > >
> > > > # spfquery --mail-from [hidden email] -i
217.148.21.174
> > -h
> > >
> > > > vmta12.addemar.com
> > > > pass
> > > > Please see
> > > >
> > >
> >
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:

> >
> > >
> > > >
> > > > 217.148.21.128/25 contains 217.148.21.174
> > > > spfquery: domain of [hidden email] designates
> > > 217.148.21.174
> > > > as permitted sender
> > > > Received-SPF: pass (spfquery: domain of
[hidden email]
> > > > designates 217.148.21.174 as permitted sender)
> > client-ip=217.148.21.174;
> > >
> > > > envelope-from=[hidden email];
helo=vmta12.addemar.com;
> > > >
> > > >
> > >
> >
>
------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
and
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> > protocols
> > >
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > >
> > > > J-Flow, sFlow and other flows. Make informed decisions using
capacity

> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the
use of
>
> >
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
>
------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and

> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
protocols
>
> >
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
NetFlow,
>
> >
> > > J-Flow, sFlow and other flows. Make informed decisions using
capacity

> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use
of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be
no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
>
------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and
protocols
> > are
> > consuming the most bandwidth. Provides multi-vendor support for
NetFlow,

> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
legally
> > privileged and protected in law and are intended solely for the use of
the

>
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
Okay. Thanks.

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Wed, 20 Jul 2016 08:00:42
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I got the same error for hotmail.com DKIM signatures.
>
> hotmail.com _domainkey selector 1 is :
>
>  
> "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
> ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
> iKTsOP6A7vQxfSya9jg5"
>  
> "N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
> +Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"
>
>
> For what ever reason, Mail::DKIM is unable to fetch() the public key.
> There is nothing you can do.
>
> Thomas
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  20.07.2016 00:35
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> It looks like there's a problem with DNS in general but it's not always a
> problem:
>
> # grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not
> available'
>
> Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87
> <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature invalid) - public key: not available
> Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215
> <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature invalid) - public key: not available
> Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90
> <[hidden email]> to: [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> <[hidden email]> to:  [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35
> <[hidden email]> to:[hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
>
>  The DNS servers also seem to work fine for every other services but as
> you can see, sometimes ASSP is unable to find the public key for
> hotmail.com ?
>
> I'm using Net::DNS 1.06. This version is okay, right?
>
> Regards
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[hidden email]]
> To:
> For Users of ASSP [mailto:[hidden email]]
> Sent: Wed, 20 Jul
> 2016 00:13:16 +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc -l
> > 444
> >
> > # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc -l
> > 258
> >
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep -i
> > hotmail
> > Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 5
> > Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> -6
> > Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> > <[hidden email]> to: [hidden email] Message-Score:
> added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> 10
> > Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 7
> > Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -8
> > Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 9
> > Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> -6
> > Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 8
> > Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now 8
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 20:08:54
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     "For Users of ASSP" <[hidden email]>
> > > Datum:  18.07.2016 19:56
> > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > I'm using 2.008  while ASSP says "2.007" is required.
> > > Should upgrading to 2.009 fix this issue?
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 19:49:45
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > =item B<query_rr_types>
> > > >
> > > > For which RR types to query when looking up and selecting SPF
> records.
> > > The
> > > > following values are supported:
> > > >
> > > > =over
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > > >
> > > > Both C<TXT> and C<SPF> type RRs.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > > >
> > > > C<TXT> type RRs only.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > > >
> > > > C<SPF> type RRs only.
> > > >
> > > > =back
> > > >
> > > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> > > C<TXT>
> > > > type
> > > > RRs as recommended by RFC 4408.  Experience has shown, however, that
> a
> > > > significant portion of name servers suffer from serious brain damage
>
> > > with
> > > > regard to the handling of queries for RR types that are unknown to
> them,
> >
> > >
> > > > such
> > > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > > looking
> > > > up
> > > > only C<TXT> type RRs.  This may be overridden by setting the
> > > > B<query_rr_types>
> > > > option.
> > > >
> > > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > > > description
> > > > of the L</select_record> method.
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > >
> > > > Seems your Mail::SPF module is outdated - use 2.009
> > > >
> > > > ASSP uses the default.
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     "For Users of ASSP" <[hidden email]>
> > > > Datum:  18.07.2016 19:27
> > > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > > installed
> > > > pdns-recorsor on the same host where ASSP is running and I have
> > > installed
> > > > bind on a second VM.
> > > > I tested those name server and they work as expected but ASSP still
> has
> > > > troubles with some request. Not always, but A LOT.
> > > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error
> on
> > > DNS
> > > > 'SPF' lookup of 'hotmail.com'
> > > >
> > > > Sometimes it has the SPF records for hotmail.com, but many times it
> > > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always
> works.
> > > Same
> > > > for "host -t txt hotmail.com 10.1.1.11".
> > > >
> > > > Here's an example in maillog.txt with SPFDebug enabled:
> > > >
> > > >
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> info: found message size announcement: 13.26
> kByte
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > > SSL-TLS-connection-OK, total score for this message is now -10
> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > > >
> > > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA
>  (
> >
> > >
> > > > ns1.msft.net. msnhst.microsoft.com.
> > > >   2016070805             ;serial
> > > >   7200                           ;refresh
> > > >   900                            ;retry
> > > >   2419200                                ;expire
> > > >   3600                           ;minimum
> > > >                                  )
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns1.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns3.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns4.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns2.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139
> bounce
> >
> > >
> > > > message detected
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no
> (more)
> > > > data readable from x.x.x.139 (connection closed by peer) -
> Connection
> > > > reset by peer - last command was 'RCPT TO'
> > > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > > x.x.x.139
> > > > - processing time 0 seconds
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > > 65.54.190.0
> > > > in griplist (0.18), total score for this message is now -12
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > > > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> > > header
> > > > (Cache)
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > > (dkimValencePB)
> > > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > > DKIM-Signature found in mail header, total score for this message is
> now
> >
> > > 3
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.
> IN
> > > > ANY
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx1.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.77.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns4.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns3.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx4.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.85.12
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns1.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425
> IN
> >
> > >
> > > >  TXT             (
> > > >                                  "v=spf1 include:spf-a.outlook.com
> > > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com
> ~all"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx3.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.55.152.112
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns2.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.56.172.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx2.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.
> IN
> > > > TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.
> 2125
> > > IN
> > > >          TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has
> published
> >
> > > a
> > > > DMARC record
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > > '@hotmail.com'
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain
> hotmail.com -
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com TXT
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip spf_record:
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown
> error
> > > on
> > > > DNS 'SPF' lookup of 'hotmail.com'
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF:
> temperror
> > > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > > receiver=mx101.snip; identity=mailfrom;
> > > envelope-from="[hidden email]";
> > > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > > ip=65.54.190.89
> > > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added 5
> (spfeValencePB)
> >
> > >
> > > > for SPF temperror, total score for this message is now 8
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > > > policies defined in the DMARC record for domain hotmail.com - there
> is
> > > no
> > > > DKIM-signature found in this mail for domain hotmail.com
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > > _dmarc.hotmail.com.
> > > >  IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer:
> _dmarc.hotmail.com.
> > > > 2125             IN              TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1
> ID
> > > > 54935
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11
> ID
> > > > 43820
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > > >
> > > >                                  "0-0=1|1=MICROSOFT
> > > >
> > >
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > > >
> > > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 54935
> > > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
>
> > > about
> > > > message from 10 164 74 35]
> > > >
> > > >
> > > > any idea's?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Thomas Eckardt
> > > > [mailto:[hidden email]]
> > > > To: For Users of ASSP
> > > > [mailto:[hidden email]]
> > > > Sent: Mon, 18 Jul 2016 12:52:29
> > > > +0100
> > > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > > > >But why is this a temperror?
> > > > >
> > > > > assp was unable to get a qualified result for the query using
> > > Mail::SPF
> > > > -
> > > > > that's all
> > > > > most times this is caused by a DNS timeout
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > > Von:    "Andy Knuts" <[hidden email]>
> > > > > An:     [hidden email]
> > > > > Datum:  18.07.2016 11:53
> > > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > > >
> > > > >
> > > > >
> > > > > Many of the emails that passed ASSP have headers like this:
> > > > >
> > > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > > >
> > > > > But why is this a temperror?
> > > > >
> > > > >
> > > > > If I use 'spfquery' command line I get:
> > > > >
> > > > > # spfquery --mail-from [hidden email] -i
> 217.148.21.174
> > > -h
> > > >
> > > > > vmta12.addemar.com
> > > > > pass
> > > > > Please see
> > > > >
> > > >
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> > >
> > > >
> > > > >
> > > > > 217.148.21.128/25 contains 217.148.21.174
> > > > > spfquery: domain of [hidden email] designates
> > > > 217.148.21.174
> > > > > as permitted sender
> > > > > Received-SPF: pass (spfquery: domain of
> [hidden email]
> > > > > designates 217.148.21.174 as permitted sender)
> > > client-ip=217.148.21.174;
> > > >
> > > > > envelope-from=[hidden email];
> helo=vmta12.addemar.com;
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
> and
> > > > > traffic
> > > > > patterns at an interface-level. Reveals which users, apps, and
> > > protocols
> > > >
> > > > > are
> > > > > consuming the most bandwidth. Provides multi-vendor support for
> > > NetFlow,
> > > >
> > > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > > planning
> > > > > reports.http://sdm.link/zohodev2dev
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [hidden email]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use of
> >
> > >
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should be
> no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
>
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> >
> > >
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > >
> > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the use
> of
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> legally
> > > privileged and protected in law and are intended solely for the use of
> the
> >
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> are
> >
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
And can I somehow force ASSP to do SPF checks on the email adres in the From header too? Because right now it seems to check only the sender address. Look:

Return-Path: <[hidden email]>
X-Envelope-To: info@snip
Received: from localhost ([127.0.0.1])
        by kms01.snip with ESMTP
        for info@snip;
        Wed, 20 Jul 2016 06:39:07 +0200
Received: from cpanel.ieck.be (localhost [127.0.0.1])
        by mx101.snip (Postfix) with ESMTP id BE68FB1323
        for <info@snip>; Wed, 20 Jul 2016 06:39:04 +0200 (CEST)
Received: from cpanel.ieck.be ([194.42.98.110] helo=cpanel.ieck.be) by
        mx101.snip with SMTPS(TLSv1 DHE-RSA-AES128-SHA) (2.5.1); 20 Jul 2016 06:39:04 +0200
Received: from ip143.ip-176-31-66.eu ([176.31.66.143]:53940 helo=[192.168.110.3])
        by cpanel.ieck.be with esmtpa (Exim 4.87)
        (envelope-from <[hidden email]>)
        id 1bPjHj-0000pX-Ja
        for info@snip; Wed, 20 Jul 2016 06:39:03 +0200
Reply-To: <[hidden email]>
From:"Mobistar" <[hidden email]>
To: "info" <info@snip>
Subject: votre abonnement ete refuse
Message-ID: <89ef346a20c2e749b314fdb5b6c697e3@TS01>
Date: Wed, 20 Jul 2016 06:41:30 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_000_0001_C58C1F7C.844AAE4F"
X-Priority: 3
X-Mailer: Microsoft Office Outlook 12.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel.ieck.be
X-AntiAbuse: Original Domain - snip
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sudex.be
X-Get-Message-Sender-Via: cpanel.ieck.be: authenticated_id: [hidden email]
X-Authenticated-Sender: cpanel.ieck.be: [hidden email]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Assp-ID: mx101.snip m1-89544-11284
X-Assp-Session: 7F3475588B28 (mail 1)
X-Assp-Envelope-From: [hidden email]
X-Assp-Intended-For: info@snip
X-Assp-Version: 2.5.1(16177) on mx101.snip
X-Assp-Client-TLS: yes
X-Assp-Message-Score: -10 (SSL-TLS-connection-OK)
X-Assp-IP-Score: -10 (SSL-TLS-connection-OK)
X-Assp-Delay: not delayed (auto accepted); 20 Jul 2016 06:39:04 +0200
X-Assp-Message-Score: 10 (Message-ID not valid: '89ef346a20c2e749b314fdb5b6c697e3@TS01')
X-Assp-IP-Score: 10 (Message-ID not valid: '89ef346a20c2e749b314fdb5b6c697e3@TS01')
X-Assp-Received-SPF: none (cache) ip=194.42.98.110 mailfrom=[hidden email]
        helo=cpanel.ieck.be
X-Original-Authentication-Results: mx101.snip; spf=none
X-Assp-Message-Score: 10 (Foreign IP-Country LU (2, RUE L?ON LAVAL))
X-Assp-Spam-Level: ***


SPF didn't fail because sudex.be has no SPF records but it was sent with a from address @orange.be which forbids this IP address from sending email...



----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Wed, 20 Jul 2016 08:00:42
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I got the same error for hotmail.com DKIM signatures.
>
> hotmail.com _domainkey selector 1 is :
>
>  
> "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
> ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
> iKTsOP6A7vQxfSya9jg5"
>  
> "N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
> +Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"
>
>
> For what ever reason, Mail::DKIM is unable to fetch() the public key.
> There is nothing you can do.
>
> Thomas
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  20.07.2016 00:35
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> It looks like there's a problem with DNS in general but it's not always a
> problem:
>
> # grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not
> available'
>
> Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87
> <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature invalid) - public key: not available
> Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215
> <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature invalid) - public key: not available
> Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> <[hidden email]> to: [hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
> Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90
> <[hidden email]> to: [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> <[hidden email]> to:  [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35
> <[hidden email]> to:[hidden email] [scoring] (DKIM signature
> invalid) - public key: not available
>
>  The DNS servers also seem to work fine for every other services but as
> you can see, sometimes ASSP is unable to find the public key for
> hotmail.com ?
>
> I'm using Net::DNS 1.06. This version is okay, right?
>
> Regards
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[hidden email]]
> To:
> For Users of ASSP [mailto:[hidden email]]
> Sent: Wed, 20 Jul
> 2016 00:13:16 +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc -l
> > 444
> >
> > # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc -l
> > 258
> >
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep -i
> > hotmail
> > Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 5
> > Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> -6
> > Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> > <[hidden email]> to: [hidden email] Message-Score:
> added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> 10
> > Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 7
> > Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -8
> > Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 9
> > Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
> -6
> > Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now 8
> > Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now 8
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 20:08:54
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     "For Users of ASSP" <[hidden email]>
> > > Datum:  18.07.2016 19:56
> > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > I'm using 2.008  while ASSP says "2.007" is required.
> > > Should upgrading to 2.009 fix this issue?
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 19:49:45
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > =item B<query_rr_types>
> > > >
> > > > For which RR types to query when looking up and selecting SPF
> records.
> > > The
> > > > following values are supported:
> > > >
> > > > =over
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > > >
> > > > Both C<TXT> and C<SPF> type RRs.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > > >
> > > > C<TXT> type RRs only.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > > >
> > > > C<SPF> type RRs only.
> > > >
> > > > =back
> > > >
> > > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
> > > C<TXT>
> > > > type
> > > > RRs as recommended by RFC 4408.  Experience has shown, however, that
> a
> > > > significant portion of name servers suffer from serious brain damage
>
> > > with
> > > > regard to the handling of queries for RR types that are unknown to
> them,
> >
> > >
> > > > such
> > > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > > looking
> > > > up
> > > > only C<TXT> type RRs.  This may be overridden by setting the
> > > > B<query_rr_types>
> > > > option.
> > > >
> > > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
> > > > description
> > > > of the L</select_record> method.
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > >
> > > > Seems your Mail::SPF module is outdated - use 2.009
> > > >
> > > > ASSP uses the default.
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     "For Users of ASSP" <[hidden email]>
> > > > Datum:  18.07.2016 19:27
> > > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > > installed
> > > > pdns-recorsor on the same host where ASSP is running and I have
> > > installed
> > > > bind on a second VM.
> > > > I tested those name server and they work as expected but ASSP still
> has
> > > > troubles with some request. Not always, but A LOT.
> > > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error
> on
> > > DNS
> > > > 'SPF' lookup of 'hotmail.com'
> > > >
> > > > Sometimes it has the SPF records for hotmail.com, but many times it
> > > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always
> works.
> > > Same
> > > > for "host -t txt hotmail.com 10.1.1.11".
> > > >
> > > > Here's an example in maillog.txt with SPFDebug enabled:
> > > >
> > > >
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> info: found message size announcement: 13.26
> kByte
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > > SSL-TLS-connection-OK, total score for this message is now -10
> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > > >
> > > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA
>  (
> >
> > >
> > > > ns1.msft.net. msnhst.microsoft.com.
> > > >   2016070805             ;serial
> > > >   7200                           ;refresh
> > > >   900                            ;retry
> > > >   2419200                                ;expire
> > > >   3600                           ;minimum
> > > >                                  )
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns1.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns3.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns4.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
> NS
> > > > ns2.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139
> bounce
> >
> > >
> > > > message detected
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no
> (more)
> > > > data readable from x.x.x.139 (connection closed by peer) -
> Connection
> > > > reset by peer - last command was 'RCPT TO'
> > > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > > x.x.x.139
> > > > - processing time 0 seconds
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > > 65.54.190.0
> > > > in griplist (0.18), total score for this message is now -12
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
> > > > hotmail.com found in DKIMCache, but no DKIM-Signature found in mail
> > > header
> > > > (Cache)
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > > (dkimValencePB)
> > > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > > DKIM-Signature found in mail header, total score for this message is
> now
> >
> > > 3
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.
> IN
> > > > ANY
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx1.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.77.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns4.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns3.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx4.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.85.12
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns1.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425
> IN
> >
> > >
> > > >  TXT             (
> > > >                                  "v=spf1 include:spf-a.outlook.com
> > > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com
> ~all"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx3.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.55.152.112
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns2.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.56.172.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx2.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com.
> IN
> > > > TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.
> 2125
> > > IN
> > > >          TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has
> published
> >
> > > a
> > > > DMARC record
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > > '@hotmail.com'
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain
> hotmail.com -
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com TXT
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip spf_record:
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown
> error
> > > on
> > > > DNS 'SPF' lookup of 'hotmail.com'
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF:
> temperror
> > > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > > receiver=mx101.snip; identity=mailfrom;
> > > envelope-from="[hidden email]";
> > > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > > ip=65.54.190.89
> > > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip Message-Score: added 5
> (spfeValencePB)
> >
> > >
> > > > for SPF temperror, total score for this message is now 8
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the DKIM
> > > > policies defined in the DMARC record for domain hotmail.com - there
> is
> > > no
> > > > DKIM-signature found in this mail for domain hotmail.com
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > > _dmarc.hotmail.com.
> > > >  IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer:
> _dmarc.hotmail.com.
> > > > 2125             IN              TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1
> ID
> > > > 54935
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11
> ID
> > > > 43820
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > > >
> > > >                                  "0-0=1|1=MICROSOFT
> > > >
> > >
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > > >
> > > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
> > > > nameserver 127.0.0.1 ID 54935
> > > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok [complaint
>
> > > about
> > > > message from 10 164 74 35]
> > > >
> > > >
> > > > any idea's?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Thomas Eckardt
> > > > [mailto:[hidden email]]
> > > > To: For Users of ASSP
> > > > [mailto:[hidden email]]
> > > > Sent: Mon, 18 Jul 2016 12:52:29
> > > > +0100
> > > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > > > >But why is this a temperror?
> > > > >
> > > > > assp was unable to get a qualified result for the query using
> > > Mail::SPF
> > > > -
> > > > > that's all
> > > > > most times this is caused by a DNS timeout
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > > Von:    "Andy Knuts" <[hidden email]>
> > > > > An:     [hidden email]
> > > > > Datum:  18.07.2016 11:53
> > > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > > >
> > > > >
> > > > >
> > > > > Many of the emails that passed ASSP have headers like this:
> > > > >
> > > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > > >
> > > > > But why is this a temperror?
> > > > >
> > > > >
> > > > > If I use 'spfquery' command line I get:
> > > > >
> > > > > # spfquery --mail-from [hidden email] -i
> 217.148.21.174
> > > -h
> > > >
> > > > > vmta12.addemar.com
> > > > > pass
> > > > > Please see
> > > > >
> > > >
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> > >
> > > >
> > > > >
> > > > > 217.148.21.128/25 contains 217.148.21.174
> > > > > spfquery: domain of [hidden email] designates
> > > > 217.148.21.174
> > > > > as permitted sender
> > > > > Received-SPF: pass (spfquery: domain of
> [hidden email]
> > > > > designates 217.148.21.174 as permitted sender)
> > > client-ip=217.148.21.174;
> > > >
> > > > > envelope-from=[hidden email];
> helo=vmta12.addemar.com;
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
> and
> > > > > traffic
> > > > > patterns at an interface-level. Reveals which users, apps, and
> > > protocols
> > > >
> > > > > are
> > > > > consuming the most bandwidth. Provides multi-vendor support for
> > > NetFlow,
> > > >
> > > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > > planning
> > > > > reports.http://sdm.link/zohodev2dev
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [hidden email]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use of
> >
> > >
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should be
> no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
>
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> >
> > >
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > >
> > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the use
> of
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> legally
> > > privileged and protected in law and are intended solely for the use of
> the
> >
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> are
> >
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
In reply to this post by Andy Knuts
I just had a deeper look in to the code and results.
The problem is, that hotmail.com returns a CNAME as result for the
question about the selector 1. Mail::DKIM does not query the value
returned - the CNAME

> set type=txt
> selector1._domainkey.hotmail.com

answer:
selector1._domainkey.hotmail.com        canonical name =
selector1._domainkey.outbound.protection.outlook.com

selector1._domainkey.outbound.protection.outlook.com    text =

 
"v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
iKTsOP6A7vQxfSya9jg5"
 
"N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
+Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"

protection.outlook.com  nameserver = ns2-gtm.glbdns.o365filtering.com
protection.outlook.com  nameserver = ns1-gtm.glbdns.o365filtering.com


Currentyl I don't know if this is a mistake made by assp (which is doing
the DNS QUERY) or Mail::DKIM.

Thomas







Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  20.07.2016 09:47
Betreff:        Re: [Assp-user] SPF_temperror,_why?



Okay. Thanks.

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Wed, 20 Jul 2016 08:00:42
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I got the same error for hotmail.com DKIM signatures.
>
> hotmail.com _domainkey selector 1 is :
>
>
>
"v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
>
ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
> iKTsOP6A7vQxfSya9jg5"
>
>
"N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
>
+Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"

>
>
> For what ever reason, Mail::DKIM is unable to fetch() the public key.
> There is nothing you can do.
>
> Thomas
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  20.07.2016 00:35
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> It looks like there's a problem with DNS in general but it's not always
a
> problem:
>
> # grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not
> available'
>
> Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91
> <[hidden email]> to: [hidden email] [scoring] (DKIM
signature
> invalid) - public key: not available
> Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87
> <[hidden email]> to: [hidden email] [scoring]
(DKIM
> signature invalid) - public key: not available
> Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215
> <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature invalid) - public key: not available
> Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39
> <[hidden email]> to: [hidden email] [scoring] (DKIM
signature
> invalid) - public key: not available
> Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> <[hidden email]> to: [hidden email] [scoring] (DKIM
signature
> invalid) - public key: not available
> Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90
> <[hidden email]> to: [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> <[hidden email]> to:  [hidden email]
> [scoring] (DKIM signature invalid) - public key: not available
> Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35
> <[hidden email]> to:[hidden email] [scoring] (DKIM signature

> invalid) - public key: not available
>
>  The DNS servers also seem to work fine for every other services but as
> you can see, sometimes ASSP is unable to find the public key for
> hotmail.com ?
>
> I'm using Net::DNS 1.06. This version is okay, right?
>
> Regards
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[hidden email]]
> To:
> For Users of ASSP [mailto:[hidden email]]
> Sent: Wed, 20 Jul
> 2016 00:13:16 +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc
-l
> > 444
> >
> > # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc
-l
> > 258
> >
> >
> > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep
-i
> > hotmail
> > Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
5
> > Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now

> -6
> > Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> > <[hidden email]> to: [hidden email] Message-Score:
> added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now

> 10
> > Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
7

> > Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> > <[hidden email]> to: [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -8
> > Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now -6
> > Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
9
> > Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now

> -6
> > Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> > <[hidden email]> to: [hidden email] Message-Score: added 5
> > (spfeValencePB) for SPF temperror, total score for this message is now
8

> > Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> > <[hidden email]> to:
> [hidden email]
> > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> for
> > this message is now 8
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: Thomas Eckardt
> > [mailto:[hidden email]]
> > To: For Users of ASSP
> > [mailto:[hidden email]]
> > Sent: Mon, 18 Jul 2016 20:08:54
> > +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von:    "Andy Knuts" <[hidden email]>
> > > An:     "For Users of ASSP" <[hidden email]>
> > > Datum:  18.07.2016 19:56
> > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > >
> > > I'm using 2.008  while ASSP says "2.007" is required.
> > > Should upgrading to 2.009 fix this issue?
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 19:49:45
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > >
> > > >
> > >
> >
>
------------------------------------------------------------------------------------------

> > > > =item B<query_rr_types>
> > > >
> > > > For which RR types to query when looking up and selecting SPF
> records.
> > > The
> > > > following values are supported:
> > > >
> > > > =over
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > > >
> > > > Both C<TXT> and C<SPF> type RRs.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > > >
> > > > C<TXT> type RRs only.
> > > >
> > > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > > >
> > > > C<SPF> type RRs only.
> > > >
> > > > =back
> > > >
> > > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and

> > > C<TXT>
> > > > type
> > > > RRs as recommended by RFC 4408.  Experience has shown, however,
that
> a
> > > > significant portion of name servers suffer from serious brain
damage
>
> > > with
> > > > regard to the handling of queries for RR types that are unknown to

> them,
> >
> > >
> > > > such
> > > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > > looking
> > > > up
> > > > only C<TXT> type RRs.  This may be overridden by setting the
> > > > B<query_rr_types>
> > > > option.
> > > >
> > > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the

> > > > description
> > > > of the L</select_record> method.
> > > >
> > >
> >
>
------------------------------------------------------------------------------------------

> > > >
> > > > Seems your Mail::SPF module is outdated - use 2.009
> > > >
> > > > ASSP uses the default.
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     "For Users of ASSP" <[hidden email]>
> > > > Datum:  18.07.2016 19:27
> > > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > > installed
> > > > pdns-recorsor on the same host where ASSP is running and I have
> > > installed
> > > > bind on a second VM.
> > > > I tested those name server and they work as expected but ASSP
still
> has
> > > > troubles with some request. Not always, but A LOT.
> > > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error

> on
> > > DNS
> > > > 'SPF' lookup of 'hotmail.com'
> > > >
> > > > Sometimes it has the SPF records for hotmail.com, but many times
it
> > > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always
> works.
> > > Same
> > > > for "host -t txt hotmail.com 10.1.1.11".
> > > >
> > > > Here's an example in maillog.txt with SPFDebug enabled:
> > > >
> > > >
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> info: found message size announcement: 13.26
> kByte
> > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > > SSL-TLS-connection-OK, total score for this message is now -10
> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets -
2

> > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > > >
> > > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1
-
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for
'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11
-
>
> > > > hotmail.com.             IN              ANY
> > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for
'hotmail.com'
>
> > > type
> > > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 -
127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN
ANY
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN
SOA

>  (
> >
> > >
> > > > ns1.msft.net. msnhst.microsoft.com.
> > > >   2016070805             ;serial
> > > >   7200                           ;refresh
> > > >   900                            ;retry
> > > >   2419200                                ;expire
> > > >   3600                           ;minimum
> > > >                                  )
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN

> NS
> > > > ns1.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN

> NS
> > > > ns3.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN

> NS
> > > > ns4.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN

> NS
> > > > ns2.msft.net.
> > > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from

> > > > nameserver 127.0.0.1 ID 15404
> > > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139
> bounce
> >
> > >
> > > > message detected
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no
> (more)
> > > > data readable from x.x.x.139 (connection closed by peer) -
> Connection
> > > > reset by peer - last command was 'RCPT TO'
> > > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > > x.x.x.139
> > > > - processing time 0 seconds
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > > 65.54.190.0
> > > > in griplist (0.18), total score for this message is now -12
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -

> > > > hotmail.com found in DKIMCache, but no DKIM-Signature found in
mail
> > > header
> > > > (Cache)
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > > (dkimValencePB)
> > > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > > DKIM-Signature found in mail header, total score for this message
is
> now
> >
> > > 3
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets -
2
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.

> IN
> > > > ANY
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx1.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.77.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns4.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns3.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx4.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               65.55.85.12
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns1.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
425
> IN
> >
> > >
> > > >  TXT             (
> > > >                                  "v=spf1 include:spf-a.outlook.com

> > > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com
> ~all"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx3.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.55.152.112
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 86728
> > > > IN               NS              ns2.msft.net.
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 3019
> > > IN
> > > >          A               157.56.172.28
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 1596
> > > IN
> > > >          MX              5 mx2.hotmail.com.
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1
-
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11
-
>
> > > > _dmarc.hotmail.com.              IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 -
127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
_dmarc.hotmail.com.

> IN
> > > > TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.
> 2125
> > > IN
> > > >          TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from

> > > > nameserver 127.0.0.1 ID 21607
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > 65.54.190.89
> > > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has
> published
> >
> > > a
> > > > DMARC record
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > > '@hotmail.com'
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain
> hotmail.com -
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > Mail::SPF::Server, 564, hotmail.com TXT
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip spf_record:
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown
> error
> > > on
> > > > DNS 'SPF' lookup of 'hotmail.com'
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF:
> temperror
> > > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > > receiver=mx101.snip; identity=mailfrom;
> > > envelope-from="[hidden email]";
> > > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > > ip=65.54.190.89
> > > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip Message-Score: added 5
> (spfeValencePB)
> >
> > >
> > > > for SPF temperror, total score for this message is now 8
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89

> > > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the
DKIM
> > > > policies defined in the DMARC record for domain hotmail.com -
there
> is
> > > no
> > > > DKIM-signature found in this mail for domain hotmail.com
> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets -
2

> > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> sockets
> > > > for 10.1.1.11
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > > _dmarc.hotmail.com.
> > > >  IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer:
> _dmarc.hotmail.com.
> > > > 2125             IN              TXT             (
> > > >                                  "v=DMARC1; p=none; pct=100;
> > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1
-
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver
127.0.0.1
> ID
> > > > 54935
> > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11
-
>
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver
10.1.1.11
> ID
> > > > 43820
> > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 -
127.0.0.1

> > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> nameserver
> > > > 127.0.0.1
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > > >
> > > >                                  "0-0=1|1=MICROSOFT
> > > >
> > >
> >
>
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > > >
> > > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > > >                                  )
> > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from

> > > > nameserver 127.0.0.1 ID 54935
> > > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok
[complaint

>
> > > about
> > > > message from 10 164 74 35]
> > > >
> > > >
> > > > any idea's?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Thomas Eckardt
> > > > [mailto:[hidden email]]
> > > > To: For Users of ASSP
> > > > [mailto:[hidden email]]
> > > > Sent: Mon, 18 Jul 2016 12:52:29
> > > > +0100
> > > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > > > >But why is this a temperror?
> > > > >
> > > > > assp was unable to get a qualified result for the query using
> > > Mail::SPF
> > > > -
> > > > > that's all
> > > > > most times this is caused by a DNS timeout
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > > Von:    "Andy Knuts" <[hidden email]>
> > > > > An:     [hidden email]
> > > > > Datum:  18.07.2016 11:53
> > > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > > >
> > > > >
> > > > >
> > > > > Many of the emails that passed ASSP have headers like this:
> > > > >
> > > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > > >
> > > > > But why is this a temperror?
> > > > >
> > > > >
> > > > > If I use 'spfquery' command line I get:
> > > > >
> > > > > # spfquery --mail-from [hidden email] -i
> 217.148.21.174
> > > -h
> > > >
> > > > > vmta12.addemar.com
> > > > > pass
> > > > > Please see
> > > > >
> > > >
> > >
> >
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:

>
> > >
> > > >
> > > > >
> > > > > 217.148.21.128/25 contains 217.148.21.174
> > > > > spfquery: domain of [hidden email] designates
> > > > 217.148.21.174
> > > > > as permitted sender
> > > > > Received-SPF: pass (spfquery: domain of
> [hidden email]
> > > > > designates 217.148.21.174 as permitted sender)
> > > client-ip=217.148.21.174;
> > > >
> > > > > envelope-from=[hidden email];
> helo=vmta12.addemar.com;
> > > > >
> > > > >
> > > >
> > >
> >
>
------------------------------------------------------------------------------
> > > > > What NetFlow Analyzer can do for you? Monitors network bandwidth

> and
> > > > > traffic
> > > > > patterns at an interface-level. Reveals which users, apps, and
> > > protocols
> > > >
> > > > > are
> > > > > consuming the most bandwidth. Provides multi-vendor support for
> > > NetFlow,
> > > >
> > > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > > planning
> > > > > reports.http://sdm.link/zohodev2dev
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [hidden email]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be
confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use of
> >
> > >
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should
be

> no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
>
------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
and

>
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> >
> > >
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > >
> > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the
use
> of
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be

> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
>
------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and

> > > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> > > are
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> > > J-Flow, sFlow and other flows. Make informed decisions using
capacity

> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> legally
> > > privileged and protected in law and are intended solely for the use
of
> the
> >
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be
no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> >
> >
>
------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and
protocols
> are
> >
> > consuming the most bandwidth. Provides multi-vendor support for
NetFlow,

>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
Hi Thomas,

I sent a new email earlier today with subject "Whitelistdb + Spam from gmail addresses?" and had a closer look at this now.
It turns out that it's related to the temperror failure too. Look:

Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] 69.50.198.77 <[hidden email]> to: [hidden email] DKIM-Signature found
Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] 69.50.198.77 <[hidden email]> to: [hidden email] info: domain gmail.com has published a DMARC record
Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] 69.50.198.77 <[hidden email]> to: [hidden email] strictspf Regex: strictSPFRe '@gmail.com'
Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] 69.50.198.77 <[hidden email]> to: [hidden email] [scoring] SPF: temperror ip=69.50.198.77 mailfrom=[hidden email] helo=qyani.com
Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] 69.50.198.77 <[hidden email]> to: [hidden email] Message-Score: added 5 (spfeValencePB) for SPF temperror, total score for this message is now 5
Jul-27-16 18:09:08 m1-35747-09642 [Worker_1] [MessageOK] 69.50.198.77 <[hidden email]> to: [hidden email] message ok - (whitelistdb) - [Re Where payment to be send my.user domain.com] -> /var/db/assp/notspam/Re_Where_payment_to_be_send_my.user_domain.com--14959.eml

I don't think it's normal for ASSP to fail on on looking up the SPF records many times a day while a simple "host -t txt domainexample.com" always works.

Do I need to increase some timeout value or anything? Or is there a bug in ASSP  or a module that needs fixing?

Thanks
Andy

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Fri, 22 Jul 2016 07:26:07
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?


> I just had a deeper look in to the code and results.
> The problem is, that hotmail.com returns a CNAME as result for the
> question about the selector 1. Mail::DKIM does not query the value
> returned - the CNAME
>
> > set type=txt
> > selector1._domainkey.hotmail.com
>
> answer:
> selector1._domainkey.hotmail.com        canonical name =
> selector1._domainkey.outbound.protection.outlook.com
>
> selector1._domainkey.outbound.protection.outlook.com    text =
>
>  
> "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
> ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
> iKTsOP6A7vQxfSya9jg5"
>  
> "N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
> +Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"
>
> protection.outlook.com  nameserver = ns2-gtm.glbdns.o365filtering.com
> protection.outlook.com  nameserver = ns1-gtm.glbdns.o365filtering.com
>
>
> Currentyl I don't know if this is a mistake made by assp (which is doing
> the DNS QUERY) or Mail::DKIM.
>
> Thomas
>
>
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  20.07.2016 09:47
> Betreff:        Re: [Assp-user] SPF_temperror,_why?
>
>
>
> Okay. Thanks.
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Wed, 20 Jul 2016 08:00:42
> +0100
> Subject: Re: [Assp-user] SPF_temperror,_why?
>
>
> > I got the same error for hotmail.com DKIM signatures.
> >
> > hotmail.com _domainkey selector 1 is :
> >
> >
> >
> "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWyktrIL8DO/+UGvMbv7cPd/Xogpbs7pgVw8y9ldO6AAMmg8+ij
> >
> ENl/c7Fb1MfKM7uG3LMwAr0dVVKyM+mbkoX2k5L7lsROQr0Z9gGSpu7xrnZOa58+/pIhd2Xk/DFPpa5+TKbWodbsSZPRN8z0RY5x59jdzSclXlEyN9mEZdmO
> > iKTsOP6A7vQxfSya9jg5"
> >
> >
> "N81dfNNvP7HnWejMMsKyIMrXptxOhIBuEYH67JDe98QgX14oHvGM2Uz53if/SW8MF09rYh9sp4ZsaWLIg6T343JzlbtrsGRGCDJ9JPpxRWZimtz
> >
> +Up/BlKzT6sCCrBihb/Bi3pZiEBB4Ui/vruL5RCQIDAQAB;n=2048,1452627113,1468351913"
> >
> >
> > For what ever reason, Mail::DKIM is unable to fetch() the public key.
> > There is nothing you can do.
> >
> > Thomas
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     "For Users of ASSP" <[hidden email]>
> > Datum:  20.07.2016 00:35
> > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> >
> >
> >
> > It looks like there's a problem with DNS in general but it's not always
> a
> > problem:
> >
> > # grep DKIM 16-07-19.maillog.txt|grep @hotmail|grep 'public key: not
> > available'
> >
> > Jul-19-16 00:21:04 m1-80462-07675 [Worker_1] [TLS-in] 65.54.190.91
> > <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature
> > invalid) - public key: not available
> > Jul-19-16 08:47:43 m1-10862-06664 [Worker_2] [TLS-in] 65.54.190.87
> > <[hidden email]> to: [hidden email] [scoring]
> (DKIM
> > signature invalid) - public key: not available
> > Jul-19-16 08:59:43 m1-11582-08285 [Worker_1] [TLS-in] 65.55.34.215
> > <[hidden email]> to: [hidden email] [scoring] (DKIM
> > signature invalid) - public key: not available
> > Jul-19-16 09:45:13 m1-14312-02896 [Worker_1] [TLS-in] 65.55.116.39
> > <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature
> > invalid) - public key: not available
> > Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> > <[hidden email]> to: [hidden email] [scoring] (DKIM
> signature
> > invalid) - public key: not available
> > Jul-19-16 15:58:58 m1-36736-07796 [Worker_5] [TLS-in] 65.54.190.90
> > <[hidden email]> to: [hidden email]
> > [scoring] (DKIM signature invalid) - public key: not available
> > Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> > <[hidden email]> to:  [hidden email]
> > [scoring] (DKIM signature invalid) - public key: not available
> > Jul-19-16 19:47:03 m1-50422-00530 [Worker_1] [TLS-in] 65.54.190.35
> > <[hidden email]> to:[hidden email] [scoring] (DKIM signature
>
> > invalid) - public key: not available
> >
> >  The DNS servers also seem to work fine for every other services but as
> > you can see, sometimes ASSP is unable to find the public key for
> > hotmail.com ?
> >
> > I'm using Net::DNS 1.06. This version is okay, right?
> >
> > Regards
> >
> >
> > ----- Original Message -----
> > From: Andy Knuts [mailto:[hidden email]]
> > To:
> > For Users of ASSP [mailto:[hidden email]]
> > Sent: Wed, 20 Jul
> > 2016 00:13:16 +0100
> > Subject: Re: [Assp-user] SPF_temperror,_why?
> >
> >
> > > I upgraded to Mail:SPF 2.9.0 as suggested but there's still an issue:
> > >
> > > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt | wc
> -l
> > > 444
> > >
> > > # grep hotmail.com 16-07-19.maillog.txt |grep -i "for SPF pass" | wc
> -l
> > > 258
> > >
> > >
> > > # grep '(spfeValencePB) for SPF temperror' 16-07-19.maillog.txt |grep
> -i
> > > hotmail
> > > Jul-19-16 07:45:11 m1-07110-04028 [Worker_2] [TLS-in] 65.54.190.99
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
> 5
> > > Jul-19-16 12:37:51 m1-24670-10746 [Worker_2] [TLS-in] 65.55.90.169
> > > <[hidden email]> to: [hidden email]
> > > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> > for
> > > this message is now -6
> > > Jul-19-16 12:39:49 m1-24788-06927 [Worker_2] [TLS-in] 65.54.51.96
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
>
> > -6
> > > Jul-19-16 12:51:11 m1-25471-04061 [Worker_2] [TLS-in] 157.55.1.140
> > > <[hidden email]> to: [hidden email] Message-Score:
> > added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
>
> > 10
> > > Jul-19-16 14:08:49 m1-30128-13259 [Worker_2] [TLS-in] 65.55.34.90
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
> 7
> > > Jul-19-16 17:15:12 m1-41310-11578 [Worker_1] [TLS-in] 65.55.90.39
> > > <[hidden email]> to:
> > [hidden email]
> > > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> > for
> > > this message is now -6
> > > Jul-19-16 17:16:33 m1-41391-04219 [Worker_1] [TLS-in] 65.55.34.80
> > > <[hidden email]> to: [hidden email]
> > > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> > for
> > > this message is now -8
> > > Jul-19-16 19:36:37 m1-49796-00753 [Worker_1] [TLS-in] 157.55.2.37
> > > <[hidden email]> to:
> > [hidden email]
> > > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> > for
> > > this message is now -6
> > > Jul-19-16 19:39:01 m1-49940-06640 [Worker_1] [TLS-in] 157.55.2.26
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
> 9
> > > Jul-19-16 20:15:13 m1-52113-02738 [Worker_2] [TLS-in] 157.55.1.160
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
>
> > -6
> > > Jul-19-16 20:50:24 m1-54224-10937 [Worker_2] [TLS-in] 157.55.0.224
> > > <[hidden email]> to: [hidden email] Message-Score: added 5
> > > (spfeValencePB) for SPF temperror, total score for this message is now
> 8
> > > Jul-19-16 23:44:38 m1-64678-08355 [Worker_1] [TLS-in] 157.55.0.233
> > > <[hidden email]> to:
> > [hidden email]
> > > Message-Score: added 5 (spfeValencePB) for SPF temperror, total score
> > for
> > > this message is now 8
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: Thomas Eckardt
> > > [mailto:[hidden email]]
> > > To: For Users of ASSP
> > > [mailto:[hidden email]]
> > > Sent: Mon, 18 Jul 2016 20:08:54
> > > +0100
> > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > >
> > >
> > > > http://cpansearch.perl.org/src/JMEHNLE/Mail-SPF-v2.9.0/CHANGES
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von:    "Andy Knuts" <[hidden email]>
> > > > An:     "For Users of ASSP" <[hidden email]>
> > > > Datum:  18.07.2016 19:56
> > > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > >
> > > > I'm using 2.008  while ASSP says "2.007" is required.
> > > > Should upgrading to 2.009 fix this issue?
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: Thomas Eckardt
> > > > [mailto:[hidden email]]
> > > > To: For Users of ASSP
> > > > [mailto:[hidden email]]
> > > > Sent: Mon, 18 Jul 2016 19:49:45
> > > > +0100
> > > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > > >
> > > >
> > > > > >Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > > =item B<query_rr_types>
> > > > >
> > > > > For which RR types to query when looking up and selecting SPF
> > records.
> > > > The
> > > > > following values are supported:
> > > > >
> > > > > =over
> > > > >
> > > > > =item B<< Mail::SPF::Server->query_rr_type_all >>
> > > > >
> > > > > Both C<TXT> and C<SPF> type RRs.
> > > > >
> > > > > =item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
> > > > >
> > > > > C<TXT> type RRs only.
> > > > >
> > > > > =item B<< Mail::SPF::Server->query_rr_type_spf >>
> > > > >
> > > > > C<SPF> type RRs only.
> > > > >
> > > > > =back
> > > > >
> > > > > For years B<Mail::SPF> has defaulted to looking up both C<SPF> and
>
> > > > C<TXT>
> > > > > type
> > > > > RRs as recommended by RFC 4408.  Experience has shown, however,
> that
> > a
> > > > > significant portion of name servers suffer from serious brain
> damage
> >
> > > > with
> > > > > regard to the handling of queries for RR types that are unknown to
>
> > them,
> > >
> > > >
> > > > > such
> > > > > as the C<SPF> RR type.  Consequently B<Mail::SPF> now defaults to
> > > > looking
> > > > > up
> > > > > only C<TXT> type RRs.  This may be overridden by setting the
> > > > > B<query_rr_types>
> > > > > option.
> > > > >
> > > > > See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
>
> > > > > description
> > > > > of the L</select_record> method.
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > >
> > > > > Seems your Mail::SPF module is outdated - use 2.009
> > > > >
> > > > > ASSP uses the default.
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Von:    "Andy Knuts" <[hidden email]>
> > > > > An:     "For Users of ASSP" <[hidden email]>
> > > > > Datum:  18.07.2016 19:27
> > > > > Betreff:        Re: [Assp-user] SPF_temperror,_why?
> > > > >
> > > > >
> > > > >
> > > > > I'm stil wondering what's wrong with my DNS servers and ASSP. I
> > > > installed
> > > > > pdns-recorsor on the same host where ASSP is running and I have
> > > > installed
> > > > > bind on a second VM.
> > > > > I tested those name server and they work as expected but ASSP
> still
> > has
> > > > > troubles with some request. Not always, but A LOT.
> > > > > In my maillog.txt I see a lot of these: hotmail.com: Unknown error
>
> > on
> > > > DNS
> > > > > 'SPF' lookup of 'hotmail.com'
> > > > >
> > > > > Sometimes it has the SPF records for hotmail.com, but many times
> it
> > > > > doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always
> > works.
> > > > Same
> > > > > for "host -t txt hotmail.com 10.1.1.11".
> > > > >
> > > > > Here's an example in maillog.txt with SPFDebug enabled:
> > > > >
> > > > >
> > > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> info: found message size announcement: 13.26
> > kByte
> > > > > Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> Message-Score: added -10 (tlsValencePB) for
> > > > > SSL-TLS-connection-OK, total score for this message is now -10
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets -
> 2
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS
> > sockets
> > > > > for 10.1.1.11
> > > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
> > > > > 246.2.47.104.in-addr.arpa.               IN              PTR
> > > > > Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
> > > > > 246.2.47.104.in-addr.arpa.               3600            IN PTR (
> > > > >
> > > > >  mail-db5eur01hn0246.outbound.protection.outlook.com. )
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1
> -
> >
> > > > > hotmail.com.             IN              ANY
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for
> 'hotmail.com'
> >
> > > > type
> > > > > 'ANY' to nameserver 127.0.0.1 ID 15404
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11
> -
> >
> > > > > hotmail.com.             IN              ANY
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for
> 'hotmail.com'
> >
> > > > type
> > > > > 'ANY' to nameserver 10.1.1.11 ID 20981
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 -
> 127.0.0.1
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from
> > nameserver
> > > > > 127.0.0.1
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN
> ANY
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN
> SOA
> >  (
> > >
> > > >
> > > > > ns1.msft.net. msnhst.microsoft.com.
> > > > >   2016070805             ;serial
> > > > >   7200                           ;refresh
> > > > >   900                            ;retry
> > > > >   2419200                                ;expire
> > > > >   3600                           ;minimum
> > > > >                                  )
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
>
> > NS
> > > > > ns1.msft.net.
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
>
> > NS
> > > > > ns3.msft.net.
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
>
> > NS
> > > > > ns4.msft.net.
> > > > > Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
>
> > NS
> > > > > ns2.msft.net.
> > > > > Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
>
> > > > > nameserver 127.0.0.1 ID 15404
> > > > > Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
> > > > > x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
> > > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139
> > bounce
> > >
> > > >
> > > > > message detected
> > > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
> > > > > connection will now be moved in to the Full-Transparent-Proxy mode
> > > > > Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no
> > (more)
> > > > > data readable from x.x.x.139 (connection closed by peer) -
> > Connection
> > > > > reset by peer - last command was 'RCPT TO'
> > > > > Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68
> > > > x.x.x.139
> > > > > - processing time 0 seconds
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip Message-Score: added -2 for
> > > > 65.54.190.0
> > > > > in griplist (0.18), total score for this message is now -12
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > > 65.54.190.89
> > > > > <[hidden email]> to: JMRP@snip [scoring] DKIM domain mismatch -
>
> > > > > hotmail.com found in DKIMCache, but no DKIM-Signature found in
> mail
> > > > header
> > > > > (Cache)
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip Message-Score: added 15
> > > > (dkimValencePB)
> > > > > for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
> > > > > DKIM-Signature found in mail header, total score for this message
> is
> > now
> > >
> > > > 3
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets -
> 2
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> > sockets
> > > > > for 10.1.1.11
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com.
>
> > IN
> > > > > ANY
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 1596
> > > > IN
> > > > >          MX              5 mx1.hotmail.com.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 3019
> > > > IN
> > > > >          A               65.55.77.28
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 86728
> > > > > IN               NS              ns4.msft.net.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 86728
> > > > > IN               NS              ns3.msft.net.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 1596
> > > > IN
> > > > >          MX              5 mx4.hotmail.com.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 3019
> > > > IN
> > > > >          A               65.55.85.12
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 86728
> > > > > IN               NS              ns1.msft.net.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> 425
> > IN
> > >
> > > >
> > > > >  TXT             (
> > > > >                                  "v=spf1 include:spf-a.outlook.com
>
> > > > > include:spf-b.outlook.com ip4:157.55.9.128/25
> > > > > include:spf.protection.outlook.com include:spf-a.hotmail.com
> > > > > include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com
> > ~all"
> > > > >                                  )
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 1596
> > > > IN
> > > > >          MX              5 mx3.hotmail.com.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 3019
> > > > IN
> > > > >          A               157.55.152.112
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 86728
> > > > > IN               NS              ns2.msft.net.
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 3019
> > > > IN
> > > > >          A               157.56.172.28
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com.
> > 1596
> > > > IN
> > > > >          MX              5 mx2.hotmail.com.
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1
> -
> >
> > > > > _dmarc.hotmail.com.              IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11
> -
> >
> > > > > _dmarc.hotmail.com.              IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > > '_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 -
> 127.0.0.1
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> > nameserver
> > > > > 127.0.0.1
> > > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> _dmarc.hotmail.com.
> > IN
> > > > > TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com.
> > 2125
> > > > IN
> > > > >          TXT             (
> > > > >                                  "v=DMARC1; p=none; pct=100;
> > > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > > >                                  )
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
>
> > > > > nameserver 127.0.0.1 ID 21607
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM]
> > > > 65.54.190.89
> > > > > <[hidden email]> to: JMRP@snip info: domain hotmail.com has
> > published
> > >
> > > > a
> > > > > DMARC record
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip strictspf Regex: strictSPFRe
> > > > > '@hotmail.com'
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
> > > > > Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain
> > hotmail.com -
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > > Mail::SPF::Server, 564, hotmail.com SPF
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
> > > > > Mail::SPF::Server, 564, hotmail.com TXT
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip [scoring] spf_result:temperror
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip identity:[hidden email]
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip scope:mfrom
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip spf_record:
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip local_exp:hotmail.com: Unknown
> > error
> > > > on
> > > > > DNS 'SPF' lookup of 'hotmail.com'
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip received_spf:Received-SPF:
> > temperror
> > > > > (hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
> > > > > receiver=mx101.snip; identity=mailfrom;
> > > > envelope-from="[hidden email]";
> > > > > helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip [scoring] SPF: temperror
> > > > ip=65.54.190.89
> > > > > mailfrom=[hidden email] helo=BAY004-OMC2S14.hotmail.com
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip Message-Score: added 5
> > (spfeValencePB)
> > >
> > > >
> > > > > for SPF temperror, total score for this message is now 8
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
>
> > > > > <[hidden email]> to: JMRP@snip DMARC: this mail breakes the
> DKIM
> > > > > policies defined in the DMARC record for domain hotmail.com -
> there
> > is
> > > > no
> > > > > DKIM-signature found in this mail for domain hotmail.com
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets -
> 2
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS
> > sockets
> > > > > for 10.1.1.11
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question:
> > > > _dmarc.hotmail.com.
> > > > >  IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer:
> > _dmarc.hotmail.com.
> > > > > 2125             IN              TXT             (
> > > > >                                  "v=DMARC1; p=none; pct=100;
> > > > > rua=mailto:[hidden email]; ruf=mailto:[hidden email]; fo=1"
> > > > >                                  )
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1
> -
> >
> > > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver
> 127.0.0.1
> > ID
> > > > > 54935
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11
> -
> >
> > > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
> > > > > '89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver
> 10.1.1.11
> > ID
> > > > > 43820
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 -
> 127.0.0.1
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from
> > nameserver
> > > > > 127.0.0.1
> > > > > Jul-18-16 19:04:29 [Worker_1] DNS-question was:
> > > > > 89.190.54.65.sa.senderbase.org.          IN              TXT
> > > > > Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
> > > > > 89.190.54.65.sa.senderbase.org.          19937           IN TXT (
> > > > >
> > > > >                                  "0-0=1|1=MICROSOFT
> > > > >
> > > >
> > >
> >
> HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
> > > > >
> > > > > Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
> > > > >                                  )
> > > > > Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
>
> > > > > nameserver 127.0.0.1 ID 54935
> > > > > Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
> > > > > 85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
> > > > > Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
> > > > > 65.54.190.89 <[hidden email]> to: JMRP@snip message ok
> [complaint
> >
> > > > about
> > > > > message from 10 164 74 35]
> > > > >
> > > > >
> > > > > any idea's?
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: Thomas Eckardt
> > > > > [mailto:[hidden email]]
> > > > > To: For Users of ASSP
> > > > > [mailto:[hidden email]]
> > > > > Sent: Mon, 18 Jul 2016 12:52:29
> > > > > +0100
> > > > > Subject: Re: [Assp-user] SPF_temperror,_why?
> > > > >
> > > > >
> > > > > > >But why is this a temperror?
> > > > > >
> > > > > > assp was unable to get a qualified result for the query using
> > > > Mail::SPF
> > > > > -
> > > > > > that's all
> > > > > > most times this is caused by a DNS timeout
> > > > > >
> > > > > > Thomas
> > > > > >
> > > > > >
> > > > > > Von:    "Andy Knuts" <[hidden email]>
> > > > > > An:     [hidden email]
> > > > > > Datum:  18.07.2016 11:53
> > > > > > Betreff:        [Assp-user] SPF_temperror,_why?
> > > > > >
> > > > > >
> > > > > >
> > > > > > Many of the emails that passed ASSP have headers like this:
> > > > > >
> > > > > > X-Assp-Received-SPF: temperror ip=217.148.21.174
> > > > > > mailfrom=[hidden email] helo=vmta12.addemar.com
> > > > > >
> > > > > > But why is this a temperror?
> > > > > >
> > > > > >
> > > > > > If I use 'spfquery' command line I get:
> > > > > >
> > > > > > # spfquery --mail-from [hidden email] -i
> > 217.148.21.174
> > > > -h
> > > > >
> > > > > > vmta12.addemar.com
> > > > > > pass
> > > > > > Please see
> > > > > >
> > > > >
> > > >
> > >
> >
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> >
> > > >
> > > > >
> > > > > >
> > > > > > 217.148.21.128/25 contains 217.148.21.174
> > > > > > spfquery: domain of [hidden email] designates
> > > > > 217.148.21.174
> > > > > > as permitted sender
> > > > > > Received-SPF: pass (spfquery: domain of
> > [hidden email]
> > > > > > designates 217.148.21.174 as permitted sender)
> > > > client-ip=217.148.21.174;
> > > > >
> > > > > > envelope-from=[hidden email];
> > helo=vmta12.addemar.com;
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
>
> > and
> > > > > > traffic
> > > > > > patterns at an interface-level. Reveals which users, apps, and
> > > > protocols
> > > > >
> > > > > > are
> > > > > > consuming the most bandwidth. Provides multi-vendor support for
> > > > NetFlow,
> > > > >
> > > > > > J-Flow, sFlow and other flows. Make informed decisions using
> > capacity
> > > > > > planning
> > > > > > reports.http://sdm.link/zohodev2dev
> > > > > > _______________________________________________
> > > > > > Assp-user mailing list
> > > > > > [hidden email]
> > > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > DISCLAIMER:
> > > > > > *******************************************************
> > > > > > This email and any files transmitted with it may be
> confidential,
> > > > > legally
> > > > > > privileged and protected in law and are intended solely for the
> > use of
> > >
> > > >
> > > > > the
> > > > > >
> > > > > > individual to whom it is addressed.
> > > > > > This email was multiple times scanned for viruses. There should
> be
> > no
> > > > > > known virus in this email!
> > > > > > *******************************************************
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > > What NetFlow Analyzer can do for you? Monitors network bandwidth
> and
> >
> > > > > traffic
> > > > > patterns at an interface-level. Reveals which users, apps, and
> > protocols
> > >
> > > >
> > > > > are
> > > > > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > >
> > > >
> > > > > J-Flow, sFlow and other flows. Make informed decisions using
> > capacity
> > > > > planning
> > > > > reports.http://sdm.link/zohodev2dev
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [hidden email]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use
> > of
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should be
>
> > no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------
> > > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
>
> > > > traffic
> > > > patterns at an interface-level. Reveals which users, apps, and
> > protocols
> > > > are
> > > > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > > > J-Flow, sFlow and other flows. Make informed decisions using
> capacity
> > > > planning
> > > > reports.http://sdm.link/zohodev2dev
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [hidden email]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > legally
> > > > privileged and protected in law and are intended solely for the use
> of
> > the
> > >
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> > are
> > >
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> >
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SPF_temperror,_why?

Thomas Eckardt/eck
In reply to this post by Thomas Eckardt/eck
_netblocks.google.com   text is the used spf record

69.50.198.77

This IP is not allowed to be used for gmail.com.

I use 2.5.2 build 16207, which contains a TCP DNS fix - but TCP is not
used to resolve the SPF records from gmail.com.

Forwarding from external accounts to assp can require a very complex
setup. Collecting via POP3 (assp_pop3.pl) is much more easy. In either
case, ISPHostNames and ISPIP has to be configured correctly!


Thomas


DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user