Sam Varshavchik <[EMAIL PROTECTED]> writes:
> Lloyd Zusman writes:
>>
>> [ ... ]
>>
>> But what about case 2? The message won't be sent to the courierfilter,
>> so is there then a possibility that the SPF fail will cause a 517
>> message to be returned to the sender, after all?
>
> No. Either SPF checking accepts the message or rejects it. One or the
> other. If an SPF check results in an unacceptable status code, the
> message gets rejected by a 417 or 517 code (depending on the setting of
> BOFHSPFHARDERROR).
>
> If an SPF check results in an acceptable status code, the message passes
> SPF checking, and normal processing continues, which may or may not
> involve courierfilters, depending on other factors. SPF is now
> completely out of the picture, and no longer has any bearing on the
> eventual outcome (except for the presence of a few additional headers
> that record the results of the SPF check).
>
> Once SPF checking is complete, subsequent processing is no different
> than what would've happened if SPF checking wasn't enabled at all.
OK. Thanks. I have double, triple, and quadruple checked whitespace
and other similar issues ... but everything looks correct.
And here's some new data: the same sender has recently sent identical
email to another address on my server. And although SPF fails, the
messages get properly sent to the courierfilter instead of being
rejected. HOWEVER, this 417/517 rejection continues to occur when the
messages are sent to the original recipient.
So, what's the difference between the two recipient accounts?
Recipient account 1:
- SPF fails
- Message gets sent to courierfilter
- Account has no local maildrop rules
Recpient account 2:
- SPF fails in the same way
- Message does not get sent to courierfilter, but gets
rejected with a 417 or 517 error, depending on the
setting of BOFHSPFHARDERROR
- Account has local maildrop rules which automatically cause
messages from this sender to be whitelisted
At first, I thought that the maildrop rules might be affecting this in
some way. But they look like this:
Contents of .mailfilters/rcptfilter-default for the user that gets
the 417/517 failures ("Recpient account 2") ...
import SENDER
BLACKLIST=.mailfilters/.blacklist
if (lookup($SENDER, $BLACKLIST))
{
EXITCODE=77
echo "571 invalid address."
exit
}
The sender is definitely not in the .blacklist file. And in any case,
the error returned when the SPF fails is not "571 invalid address", but
a 417 or 517 error with an SPF failure message.
Does this new data shed any light on the problem?
--
Lloyd Zusman
[EMAIL PROTECTED]
God bless you.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
