Anyone using postfix-policyd-spf-perl?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Anyone using postfix-policyd-spf-perl?

Paul Hutchings
It's a long shot and tbh I'm hoping someone may have encountered this to
save me a signup to the SPF lists..

Using Postfix and postfix-policyd-spf-perl (2.005) and this last couple
of weeks I've been experiencing messages from @tiscali.co.uk being
bounced for failing SPF policy.  

Problem is whenever I use any online tester and enter the MTA and IP's
etc. they say it passes the policy, so now I'm a little unclear if it
could be something at my end, or a transient error with Tiscali's DNS or
MTAs (and I suspect trying to speak to anyone at Tiscali would take so
long it's simpler to just white list them).

This is an example of the rejection:

http://www.openspf.org/Why?s=helo&id=mk-filter-2-a-4.mail.uk.tiscali.com
&ip=212.74.100.53&r=relay.mira.co.uk

It only seems to happen with Tiscali.

Any suggestions or is it off to the SPF list I go...

TIA
Paul
Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:[hidden email]


--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


Reply | Threaded
Open this post in threaded view
|

Re: Anyone using postfix-policyd-spf-perl?

Robert Schetterer
Paul Hutchings schrieb:

> It's a long shot and tbh I'm hoping someone may have encountered this to
> save me a signup to the SPF lists..
>
> Using Postfix and postfix-policyd-spf-perl (2.005) and this last couple
> of weeks I've been experiencing messages from @tiscali.co.uk being
> bounced for failing SPF policy.  
>
> Problem is whenever I use any online tester and enter the MTA and IP's
> etc. they say it passes the policy, so now I'm a little unclear if it
> could be something at my end, or a transient error with Tiscali's DNS or
> MTAs (and I suspect trying to speak to anyone at Tiscali would take so
> long it's simpler to just white list them).
>
> This is an example of the rejection:
>
> http://www.openspf.org/Why?s=helo&id=mk-filter-2-a-4.mail.uk.tiscali.com
> &ip=212.74.100.53&r=relay.mira.co.uk
>
> It only seems to happen with Tiscali.
>
> Any suggestions or is it off to the SPF list I go...
>
> TIA
> Paul
> Paul Hutchings
> Network Administrator, MIRA Ltd.
> Tel: 44 (0)24 7635 5378
> Fax: 44 (0)24 7635 8378
> mailto:[hidden email]
>
>
Hi,
is see no problem with spf txt in dns,
anyway ,why not whitelist in your spfcheck, use soma access table for that

tiscali.co.uk.          3585    IN      TXT     "Abuse reports to
[hidden email]"
tiscali.co.uk.          3585    IN      TXT     "v=spf1 mx
ip4:212.74.100.0/24 ip4:212.74.96.0/24 ip4:212.74.112.0/24
ip4:212.74.114.0/24 ptr:mail.uk.tiscali.com include:as9105.com -all"

212.74.100.53 should be included, so no alarm should happen

perhaps they had another range in spf dns, and your dns cache is still
checking the old values?

dns gurus might have better answers
--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: Anyone using postfix-policyd-spf-perl?

Scott Kitterman-4
In reply to this post by Paul Hutchings
On Thu, 17 Jul 2008 13:25:39 +0100 "Paul Hutchings"
<[hidden email]> wrote:

>It's a long shot and tbh I'm hoping someone may have encountered this to
>save me a signup to the SPF lists..
>
>Using Postfix and postfix-policyd-spf-perl (2.005) and this last couple
>of weeks I've been experiencing messages from @tiscali.co.uk being
>bounced for failing SPF policy.  
>
>Problem is whenever I use any online tester and enter the MTA and IP's
>etc. they say it passes the policy, so now I'm a little unclear if it
>could be something at my end, or a transient error with Tiscali's DNS or
>MTAs (and I suspect trying to speak to anyone at Tiscali would take so
>long it's simpler to just white list them).
>
>This is an example of the rejection:
>
>http://www.openspf.org/Why?s=helo&id=mk-filter-2-a-4.mail.uk.tiscali.com
>&ip=212.74.100.53&r=relay.mira.co.uk
>
>It only seems to happen with Tiscali.
>
>Any suggestions or is it off to the SPF list I go...

It's more on topic there, so I'd suggest go ahead and I'll continue the conversation there.  
Their SPF record is valid.  What do your logs say?  By default
postfix-policyd-spf-perl logs using syslog.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Anyone using postfix-policyd-spf-perl?

Reinaldo Gil Lima de Carvalho
In reply to this post by Paul Hutchings
>  This is an example of the rejection:
>
>  http://www.openspf.org/Why?s=helo&id=mk-filter-2-a-4.mail.uk.tiscali.com
>  &ip=212.74.100.53&r=relay.mira.co.uk
>

This is a SPF problem. The policyd is checking spf from HELO.

# host -t txt mk-filter-2-a-4.mail.uk.tiscali.com
"v=spf1 a -all"

# host mk-filter-2-a-4.mail.uk.tiscali.com
212.74.100.41

The server 212.74.100.53 sent ehlo
mk-filter-2-a-4.mail.uk.tiscali.com, the spf record permit only (A)
for this host. But A record point to 212.74.100.41.

--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net