SPF check

SPF check

Postby sjoram » Mon May 09, 2011 11:49 am

Hi guys,
Sent an email to info@ sometime last week, not sure if it got through so posting here too:

Hi guys,

I've finally managed to get on to my server to upgrade AMS to the latest version, and it's started returning results for SPF checks on emails (the old version would always return NONE or UNKNOWN)
However it seems that the majority of messages are producing a SOFT-FAIL on any messages outbound from my mail server. If I use an external tester however (check-auth@verifier.port25.com) it will produce a result of PASS.
Any suggestions as to whats going on?
I've had to turn off tagging on the subject lines of SOFT-FAILs for now....

Example:
Domains with SPF records are (removed for web posting - included in email) and (removed for web posting - included in email) - headers for some test messages below

From (removed for web posting - included in email) to (removed for web posting - included in email) (both domains use forwarders to addresses on my AMS) - via webmail from internet


Received: from amber.srv2.com ([62.149.36.18]) by (removed for web posting - included in email) with SMTP (Code-Crafters Ability Mail Server 2.72);
Thu, 05 May 2011 17:56:48 +0100
Received: from (removed for web posting - included in email) by amber.srv2.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from (removed for web posting - included in email)) id 1QI1r9-0000A0-Bw
for(removed for web posting - included in email); Thu, 05 May 2011 17:56:51 +0100
Received: from (removed for web posting - included in email) with HTTP (Code-Crafters Ability Mail Server 2.72);
Thu, 05 May 2011 17:56:45 +0100
From: (removed for web posting - included in email)
Reply-To: (removed for web posting - included in email)
To: (removed for web posting - included in email)
Subject: spf test
Date: Thu, 05 May 2011 17:56:45 +0100
Message-ID: <4088949799.20110505175645@(removed for web posting - included in email)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="R7eMqPYHQ56dPyn4ZfYhkXczCqgJhrXJ6pfM02M5JcfEA====="
X-Originating-IP:(removed for web posting - included in email)
X-Mailer: Ability Mail Server 2.72 WebMail (by Code-Crafters)
X-Bayes-Score: 27.72
X-SPF-Result: SOFTFAIL
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - amber.srv2.com
X-AntiAbuse: Original Domain - (removed for web posting - included in email)
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - (removed for web posting - included in email)
X-Antivirus: AVG for E-mail 10.0.1209 [1500/3617]
X-AVG-ID: ID644D7868-3F97C487
From (removed for web posting - included in email)
to (removed for web posting - included in email)
(both domains use forwarders to addresses on my AMS) - via webmail from the LAN


Received: from amber.srv2.com ([62.149.36.18]) by (removed for web posting - included in email)
with SMTP (Code-Crafters Ability Mail Server 2.72);
Thu, 05 May 2011 18:02:29 +0100
Received: from (removed for web posting - included in email)
by amber.srv2.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from (removed for web posting - included in email)
)
id 1QI1wd-0000LT-Tk
for (removed for web posting - included in email)
; Thu, 05 May 2011 18:02:31 +0100
Received: from (removed for web posting - included in email)
([10.0.0.140]) by (removed for web posting - included in email)
with HTTP (Code-Crafters Ability Mail Server 2.72);
Thu, 05 May 2011 18:02:26 +0100
From: (removed for web posting - included in email)
Reply-To: (removed for web posting - included in email)
To: (removed for web posting - included in email)
Subject: spf test
Date: Thu, 05 May 2011 18:02:26 +0100
Message-ID: <2889723337.20110505180226@(removed for web posting - included in email)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="RExTvC3kVSjJGSKiGzrX9ywHLKN0FBvq6K6NOjJ0DH8jU====="
X-Originating-IP: [10.0.0.140]
X-Mailer: Ability Mail Server 2.72 WebMail (by Code-Crafters)
X-Bayes-Score: 27.81
X-SPF-Result: SOFTFAIL
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - amber.srv2.com
X-AntiAbuse: Original Domain - (removed for web posting - included in email)
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - (removed for web posting - included in email)
X-Antivirus: AVG for E-mail 10.0.1209 [1500/3617]
X-AVG-ID: ID6E90764-661E63F7
From (removed for web posting - included in email)
to(removed for web posting - included in email)
via the Internet


Received: from indigo.srv2.com ([62.149.36.26]) by (removed for web posting - included in email)
with SMTP (Code-Crafters Ability Mail Server 2.72);
Mon, 18 Apr 2011 21:15:28 +0100
Received: from (removed for web posting - included in email)
by indigo.srv2.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from (removed for web posting - included in email)
id 1QBuqu-0008Gx-GG
for (removed for web posting - included in email)
; Mon, 18 Apr 2011 21:15:20 +0100
Received: from Inbox (removed for web posting - included in email)
by (removed for web posting - included in email)
with SMTP (Code-Crafters Ability Mail Server 2.72);
Mon, 18 Apr 2011 21:15:18 +0100
MIME-Version: 1.0
content-class:
From: (removed for web posting - included in email)
Subject: RE: <SPF-WARNING> <SPF-WARNING> CNC Servers Network Config
Date: Mon, 18 Apr 2011 21:17:44 +0100
Importance: normal
X-Priority: 3
To: (removed for web posting - included in email)
Content-Type: multipart/alternative;
boundary="_D5048D6F-00CA-9D0E-3B34-BAF0509CF6E2_"
X-Bayes-Score: 0.00
X-SPF-Result: SOFTFAIL
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - indigo.srv2.com
X-AntiAbuse: Original Domain - (removed for web posting - included in email)
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - (removed for web posting - included in email)
sjoram
 
Posts: 37
Joined: Fri Sep 26, 2008 10:45 pm

Re: SPF check

Postby Code Crafters » Tue May 10, 2011 7:41 am

A Soft-Fail means Sending IP May Not Be Permitted and isn't a full fail. Many have soft fail as a default if a fail or pass couldn't be determined. If you believe AMS is determining the wrong result. Send me an example of one and I'll have a look and see what the result should be.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: SPF check

Postby sjoram » Tue May 10, 2011 8:11 pm

Chris,
I have re-sent my email to you (chris@) which has all the details.
Can you let me know if you don't receive and I will re-send from my work address.
Assuming you do receive my email, my AMS instance should have added a header to the message with the SPF result from its check.
Could you also check it from your end?
sjoram
 
Posts: 37
Joined: Fri Sep 26, 2008 10:45 pm

Re: SPF check

Postby Code Crafters » Wed May 11, 2011 6:27 am

The email reached me fine. The SPF record in the attachment was:

"v=spf1 ... various a and ip4 matches ... ~all"

The end bit means if no match to the a and IP4 bits then default to soft-fail (~). However, since our mail server doesn't take action against soft-fail results I don't know what the result was from our mail server. However, if your mail server is running on one of the a or IP4 records in the SPF record then it should pass and be accepted by any receiving mail server with SPF checks.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: SPF check

Postby sjoram » Wed May 11, 2011 4:59 pm

Hi all,
Just needed a fresh pair of eyes to spot the issue! :D
Rather than mail coming directly into AMS, they get forwarded by my domain provider to a different address on AMS i.e. address@domain.com mail gets forwarded to address@amsdomain.com
The SPF is failing because I haven't added to my SPF record the IP address/hostname of the server inbetween the external SMTP server and my AMS.
I'm going to fix this by getting the MX records on my domains amended to point at AMS directly to remove the forwarding operation, now that I know my way around AMS a bit better and can sort out getting the mails received correctly by AMS.
sjoram
 
Posts: 37
Joined: Fri Sep 26, 2008 10:45 pm

Re: SPF check

Postby Code Crafters » Mon May 16, 2011 8:18 am

You can add the forwarding mail server as an SPF safe IP or even SPAM white list it altogether. This will allow the mail server to skip SPF or the entire SPAM filtering section altogether allowing mail from it to be delivered.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: SPF check

Postby sjoram » Wed May 18, 2011 8:22 am

Hi Chris,
Thanks for this post and your emails.
In respect of adding the hostname/IP as a safe entry, as ALL inbound email comes via this mail server (due to its forwarder function) wouldn't this result in ALL inbound email being whitelisted from AMS' perspective, thus defeating the point of SPF?

For the benefit of others reading this, the only issue I have with not setting my primary MX record to point at AMS is that I have some forwarders on my domain that point to external addresses for when AMS is down and pointing the MX record away would lose this. However thinking about it if the forwarding server stays as my "backup" MX record, that should kick in and use the forwarders when AMS is down?
sjoram
 
Posts: 37
Joined: Fri Sep 26, 2008 10:45 pm

Re: SPF check

Postby Code Crafters » Fri May 20, 2011 8:41 am

You can't use SPF safe IPs if the forwarder is where all your mail comes from. However, you can still use SPAM white listing to white list certain sending domains if you dont have control over their SPF records. Obviously, if you do control the SPF records it's better to add the forwarding mail server to the SPF record so AMS knows this IP is authorised to send mail for that domain.

As for the MX records, you can use AMS as the primary MX and another mail server as a backup MX to pickup any mail when AMS is down and forward back to AMS for a few days to give time for AMS to come back online and receive the emails. We have a system like this that forwards for 5 days in the case of our main AMS being offline for any reason (e.g. ISP issues / maintenance).
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm


Return to General

Who is online

Users browsing this forum: No registered users and 33 guests

cron