>Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com SPF
------------------------------------------------------------------------------------------
=item B<query_rr_types>
For which RR types to query when looking up and selecting SPF records. The
following values are supported:
=over
=item B<< Mail::SPF::Server->query_rr_type_all >>
Both C<TXT> and C<SPF> type RRs.
=item B<< Mail::SPF::Server->query_rr_type_txt >> (default)
C<TXT> type RRs only.
=item B<< Mail::SPF::Server->query_rr_type_spf >>
C<SPF> type RRs only.
=back
For years B<Mail::SPF> has defaulted to looking up both C<SPF> and C<TXT>
type
RRs as recommended by RFC 4408. Experience has shown, however, that a
significant portion of name servers suffer from serious brain damage with
regard to the handling of queries for RR types that are unknown to them,
such
as the C<SPF> RR type. Consequently B<Mail::SPF> now defaults to looking
up
only C<TXT> type RRs. This may be overridden by setting the
B<query_rr_types>
option.
See RFC 4408, 3.1.1, for a discussion of the topic, as well as the
description
of the L</select_record> method.
------------------------------------------------------------------------------------------
Seems your Mail::SPF module is outdated - use 2.009
ASSP uses the default.
Thomas
Von: "Andy Knuts" <a...@knuts.be>
An: "For Users of ASSP" <assp-user@lists.sourceforge.net>
Datum: 18.07.2016 19:27
Betreff: Re: [Assp-user] SPF_temperror,_why?
I'm stil wondering what's wrong with my DNS servers and ASSP. I installed
pdns-recorsor on the same host where ASSP is running and I have installed
bind on a second VM.
I tested those name server and they work as expected but ASSP still has
troubles with some request. Not always, but A LOT.
In my maillog.txt I see a lot of these: hotmail.com: Unknown error on DNS
'SPF' lookup of 'hotmail.com'
Sometimes it has the SPF records for hotmail.com, but many times it
doesn't. If I do "host -t txt hotmail.com 127.0.0.1" it always works. Same
for "host -t txt hotmail.com 10.1.1.11".
Here's an example in maillog.txt with SPFDebug enabled:
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> info: found message size announcement: 13.26 kByte
Jul-18-16 19:04:28 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> Message-Score: added -10 (tlsValencePB) for
SSL-TLS-connection-OK, total score for this message is now -10
Jul-18-16 19:04:28 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:28 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-question:
246.2.47.104.in-addr.arpa. IN PTR
Jul-18-16 19:04:28 [Worker_1] Cleanedup DNS-answer:
246.2.47.104.in-addr.arpa. 3600 IN PTR (
mail-db5eur01hn0246.outbound.protection.outlook.com. )
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
'ANY' to nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] Info: sent DNS query for 'hotmail.com' type
'ANY' to nameserver 10.1.1.11 ID 20981
Jul-18-16 19:04:28 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:28 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:28 [Worker_1] DNS-question was: hotmail.com. IN ANY
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 132 IN SOA (
ns1.msft.net. msnhst.microsoft.com.
2016070805 ;serial
7200 ;refresh
900 ;retry
2419200 ;expire
3600 ;minimum
)
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
ns1.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
ns3.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
ns4.msft.net.
Jul-18-16 19:04:28 [Worker_1] DNS-answer is: hotmail.com. 76269 IN NS
ns2.msft.net.
Jul-18-16 19:04:28 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 15404
Jul-18-16 19:04:28 [Worker_2] Connected: session:7F434211AA68
x.x.x.139:56018 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] [isbounce] x.x.x.139 bounce
message detected
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: the
connection will now be moved in to the Full-Transparent-Proxy mode
Jul-18-16 19:04:28 m1-61468-09511 [Worker_2] x.x.x.139 info: no (more)
data readable from x.x.x.139 (connection closed by peer) - Connection
reset by peer - last command was 'RCPT TO'
Jul-18-16 19:04:28 [Worker_2] Disconnected: session:7F434211AA68 x.x.x.139
- processing time 0 seconds
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added -2 for 65.54.190.0
in griplist (0.18), total score for this message is now -12
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] DKIM domain mismatch -
hotmail.com found in DKIMCache, but no DKIM-Signature found in mail header
(Cache)
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added 15 (dkimValencePB)
for DKIM domain mismatch - hotmail.com found in DKIMCache, but no
DKIM-Signature found in mail header, total score for this message is now 3
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: hotmail.com. IN
ANY
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN
MX 5 mx1.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN
A 65.55.77.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns4.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns3.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN
MX 5 mx4.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN
A 65.55.85.12
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns1.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 425 IN
TXT (
"v=spf1 include:spf-a.outlook.com
include:spf-b.outlook.com ip4:157.55.9.128/25
include:spf.protection.outlook.com include:spf-a.hotmail.com
include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
)
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN
MX 5 mx3.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN
A 157.55.152.112
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 86728
IN NS ns2.msft.net.
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 3019 IN
A 157.56.172.28
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: hotmail.com. 1596 IN
MX 5 mx2.hotmail.com.
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
_dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'_dmarc.hotmail.com' type 'TXT' to nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
_dmarc.hotmail.com. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'_dmarc.hotmail.com' type 'TXT' to nameserver 10.1.1.11 ID 52169
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was: _dmarc.hotmail.com. IN
TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is: _dmarc.hotmail.com. 2125 IN
TXT (
"v=DMARC1; p=none; pct=100;
rua=mailto:d...@rua.agari.com; ruf=mailto:d...@ruf.agari.com; fo=1"
)
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 21607
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [DKIM] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip info: domain hotmail.com has published a
DMARC record
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip strictspf Regex: strictSPFRe
'@hotmail.com'
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNSresolver
Jul-18-16 19:04:29 [Worker_1] SPF: SPFoverride for domain hotmail.com -
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com SPF
Jul-18-16 19:04:29 [Worker_1] Info: DNSResolverSend: caller:
Mail::SPF::Server, 564, hotmail.com TXT
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] spf_result:temperror
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip identity:st...@hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip scope:mfrom
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip spf_record:
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip local_exp:hotmail.com: Unknown error on
DNS 'SPF' lookup of 'hotmail.com'
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip received_spf:Received-SPF: temperror
(hotmail.com: Unknown error on DNS 'SPF' lookup of 'hotmail.com')
receiver=mx101.snip; identity=mailfrom; envelope-from="st...@hotmail.com";
helo=BAY004-OMC2S14.hotmail.com; client-ip=65.54.190.89
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip [scoring] SPF: temperror ip=65.54.190.89
mailfrom=st...@hotmail.com helo=BAY004-OMC2S14.hotmail.com
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip Message-Score: added 5 (spfeValencePB)
for SPF temperror, total score for this message is now 8
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] 65.54.190.89
<st...@hotmail.com> to: JMRP@snip DMARC: this mail breakes the DKIM
policies defined in the DMARC record for domain hotmail.com - there is no
DKIM-signature found in this mail for domain hotmail.com
Jul-18-16 19:04:29 [Worker_1] Info: cleanup existing DNS sockets - 2
Jul-18-16 19:04:29 [Worker_1] Info: cleanedup old data from DNS sockets
for 10.1.1.11
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-question: _dmarc.hotmail.com.
IN TXT
Jul-18-16 19:04:29 [Worker_1] Cleanedup DNS-answer: _dmarc.hotmail.com.
2125 IN TXT (
"v=DMARC1; p=none; pct=100;
rua=mailto:d...@rua.agari.com; ruf=mailto:d...@ruf.agari.com; fo=1"
)
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 127.0.0.1 -
89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 127.0.0.1 ID
54935
Jul-18-16 19:04:29 [Worker_1] Info: reuse DNS socket for 10.1.1.11 -
89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] Info: sent DNS query for
'89.190.54.65.sa.senderbase.org' type 'TXT' to nameserver 10.1.1.11 ID
43820
Jul-18-16 19:04:29 [Worker_1] Info: DNS query time 0.000 - 127.0.0.1
Jul-18-16 19:04:29 [Worker_1] Info: got DNS DATA answer from nameserver
127.0.0.1
Jul-18-16 19:04:29 [Worker_1] DNS-question was:
89.190.54.65.sa.senderbase.org. IN TXT
Jul-18-16 19:04:29 [Worker_1] DNS-answer is:
89.190.54.65.sa.senderbase.org. 19937 IN TXT (
"0-0=1|1=MICROSOFT
HOSTING|2=7.9|3=7.9|6=0|7=10|8=172544|9=7030|20=bay004-omc2s14.hotmail.com|21=msn.net|22=Y|23=7.1|24=7.2|25=0|40=5.0|41=5.1|43=5.3|44=3.9|45=N|46=19|48=24|50=San
Jose|51=CA|52=95141|53=US|54=-121.895|55=37.3394"
)
Jul-18-16 19:04:29 [Worker_1] Info: got valid DNS DATA answer from
nameserver 127.0.0.1 ID 54935
Jul-18-16 19:04:29 [Worker_2] Connected: session:7F4341FFBE08
85.158.211.232:34678 > x.x.x.234:25 > 127.0.0.1:125
Jul-18-16 19:04:29 m1-61468-07595 [Worker_1] [TLS-in] [MessageOK]
65.54.190.89 <st...@hotmail.com> to: JMRP@snip message ok [complaint about
message from 10 164 74 35]
any idea's?
----- Original Message -----
From: Thomas Eckardt
[mailto:thomas.ecka...@thockar.com]
To: For Users of ASSP
[mailto:assp-user@lists.sourceforge.net]
Sent: Mon, 18 Jul 2016 12:52:29
+0100
Subject: Re: [Assp-user] SPF_temperror,_why?
> >But why is this a temperror?
>
> assp was unable to get a qualified result for the query using Mail::SPF
-
> that's all
> most times this is caused by a DNS timeout
>
> Thomas
>
>
> Von: "Andy Knuts" <a...@knuts.be>
> An: assp-user@lists.sourceforge.net
> Datum: 18.07.2016 11:53
> Betreff: [Assp-user] SPF_temperror,_why?
>
>
>
> Many of the emails that passed ASSP have headers like this:
>
> X-Assp-Received-SPF: temperror ip=217.148.21.174
> mailfrom=rkvc...@stratics.addemar.com helo=vmta12.addemar.com
>
> But why is this a temperror?
>
>
> If I use 'spfquery' command line I get:
>
> # spfquery --mail-from rkvc...@stratics.addemar.com -i 217.148.21.174 -h
> vmta12.addemar.com
> pass
> Please see
>
http://www.openspf.org/why.html?sender=rkvcomm%40stratics.addemar.com&ip=217.148.21.174&receiver=spfquery:
>
> 217.148.21.128/25 contains 217.148.21.174
> spfquery: domain of rkvc...@stratics.addemar.com designates
217.148.21.174
> as permitted sender
> Received-SPF: pass (spfquery: domain of rkvc...@stratics.addemar.com
> designates 217.148.21.174 as permitted sender) client-ip=217.148.21.174;
> envelope-from=rkvc...@stratics.addemar.com; helo=vmta12.addemar.com;
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
