I'm stil wondering what's wrong with my DNS servers and ASSP. I installed
pdns-recorsor on the same host where ASSP is running and I have installed bind
on a second VM.
I tested those name server and they work as expected but ASSP still has
troubles with some request. Not always, but A LOT.
In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS 'SPF'
lookup of 'hotmail.com'
Sometimes it has the SPF records for hotmail.com, but many times it doesn't. If
I do "host -t txt hotmail.com 127.0.0.1" it always works. Same for "host -t txt
hotmail.com 10.1.1.11".
Here's an example in maillog.txt with SPFDebug enabled:
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> info: found message size announcement: 13.26 kByte
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> Message-Score: added -10 (tlsValencePB) for
SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets for
10.1.1.11
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
246.2.47.104.in-addr.arpa. IN PTR
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer: 246.2.47.104.in-addr.arpa.
3600 IN PTR (
mail-db5eur01hn0246.outbound.protection.outlook.com. )
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type 'ANY'
to nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type 'ANY'
to nameserver 10.1.1.11 ID 20981
Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN
SOA ( ns1.msft.net. msnhst.microsoft.com.
2016070805 ;serial
7200 ;refresh
900 ;retry
2419200 ;expire
3600 ;minimum
)
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS ns1.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS ns3.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS ns4.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN
NS ns2.msft.net.
Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from nameserver
127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68 x.x.x.139:56018 >
x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
message detected
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the connection
will now be moved in to the Full-Transparent-Proxy mode
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more) data
readable from x.x.x.139 (connection closed by peer) - Connection reset by peer
- last command was 'RCPT TO'
Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139 -
processing time 0 seconds
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added -2 for 65.54.190.0 in
griplist (0.18), total score for this message is now -12
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] DKIM domain mismatch - hotmail.com
found in DKIMCache, but no DKIM-Signature found in mail header (Cache)
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added 15 (dkimValencePB) for
DKIM domain mismatch - hotmail.com found in DKIMCache, but no DKIM-Signature
found in mail header, total score for this message is now 3
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets for
10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com. IN
ANY
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN MX 5 mx1.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN A 65.55.77.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns4.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns3.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN MX 5 mx4.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN A 65.55.85.12
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns1.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425
IN TXT (
"v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com
ip4:157.55.9.128/25 include:spf.protection.outlook.com
include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com
include:_spf-ssg-c.microsoft.com ~all"
)
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN MX 5 mx3.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN A 157.55.152.112
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns2.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019
IN A 157.56.172.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596
IN MX 5 mx2.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
_dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '_dmarc.hotmail.com'
type 'TXT' to nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
_dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for '_dmarc.hotmail.com'
type 'TXT' to nameserver 10.1.1.11 ID 52169
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com. IN
TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com. 2125
IN TXT (
"v=DMARC1; p=none; pct=100; rua=mailto:d...@rua.agari.com;
ruf=mailto:d...@ruf.agari.com; fo=1"
)
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from nameserver
127.0.0.1 ID 21607
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip info: domain hotmail.com has published a
DMARC record
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip strictspf Regex: strictSPFRe '@hotmail.com'
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: Mail::SPF::Server,
564, hotmail.com SPF
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller: Mail::SPF::Server,
564, hotmail.com TXT
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] spf_result:temperror
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip identity:st...@hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip scope:mfrom
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip spf_record:
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip local_exp:hotmail.com: Unknown error on DNS
'SPF' lookup of 'hotmail.com'
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip received_spf:Received-SPF: temperror
(hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
receiver=mx101.snip; identity=mailfrom; envelope-from="st...@hotmail.com";
helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89
mailfrom=st...@hotmail.com helo=BAY004-OMC2S14.hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added 5 (spfeValencePB) for
SPF temperror, total score for this message is now 8
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip DMARC: this mail breakes the DKIM policies
defined in the DMARC record for domain hotmail.com - there is no DKIM-signature
found in this mail for domain hotmail.com
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets for
10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com.
IN TXT
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com. 2125
IN TXT (
"v=DMARC1; p=none; pct=100; rua=mailto:d...@rua.agari.com;
ruf=mailto:d...@ruf.agari.com; fo=1"
)
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID 43820
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: 89.190.54.65.sa.senderbase.org.
IN TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: 89.190.54.65.sa.senderbase.org.
19937 IN TXT (
"0-0=1|1=MICROSOFT
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
)
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from nameserver
127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip message ok [complaint about message from 10
164 74 35]
any idea's?
----- Original Message -----
From: Thomas Eckardt
[mailto:thomas.ecka...@thockar.com]
To: For Users of ASSP
[mailto:assp-user@lists.sourceforge.net]
Sent: Mon, 18 Jul 2016 12:52:29
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?
> >But why is this a temperror?
>
> assp was unable to get a qualified result for the query using Mail::SPF -
> that's all
> most times this is caused by a DNS timeout
>
> Thomas
>
>
> Von: "Andy Knuts" <a...@knuts.be>
> An: assp-user@lists.sourceforge.net
> Datum: 18.07.2016 11:53
> Betreff: [Assp-user] SPF_temperror,_why?
>
>
>
> Many of the emails that passed ASSP have headers like this:
>
> X-Assp-Received-SPF: temperror ip=217.148.21.174
> mailfrom=rkvc...@stratics.addemar.com helo=vmta12.addemar.com
>
> But why is this a temperror?
>
>
> If I use 'spfquery' command line I get:
>
> # spfquery --mail-from rkvc...@stratics.addemar.com -i 217.148.21.174 -h
> vmta12.addemar.com
> pass
> Please see
> http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> 217.148.21.128/25 contains 217.148.21.174
> spfquery: domain of rkvc...@stratics.addemar.com designates 217.148.21.174
> as permitted sender
> Received-SPF: pass (spfquery: domain of rkvc...@stratics.addemar.com
> designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
> envelope-from=rkvc...@stratics.addemar.com; helo=vmta12.addemar.com;
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
