I've got this SPF rejection and I'm still confused as to exactly what gets trigerred. Obviously the message is rejected before I get to see any headers that would give me a better clue. The envelope sender domain SPF does include this IP 64.74.157.52 but the From: domain does not so I think my question is, that with my bofh SPF rules, how come BOFHSPFMAILFROM didn't give me a pass?
Feb 9 07:47:38 mail courieresmtpd: error,relay=::ffff:64.74.157.52, from=<[email protected]>: 517 SPF fail [email protected]: Address does not pass the Sender Policy Framework courier-mta 0.60.0 opt BOFHSPFHELO=pass,none,neutral,softfail,unknown,error opt BOFHSPFMAILFROM=pass,none,neutral,softfail,unknown,error opt BOFHSPFFROM=pass,none,neutral,softfail,unknown,error,mailfromok opt BOFHSPFTRUSTME=1 First the From: domain... ~ dig +short txt morningstar.com "v=spf1 a:spfmailer.morningstar.com -all" ~ dig +short a spfmailer.morningstar.com 66.35.231.16 66.35.231.15 216.228.234.30 216.228.233.9 216.228.233.10 216.228.228.165 216.228.228.164 216.228.228.163 216.228.228.162 216.228.228.161 216.228.228.160 216.228.224.50 216.228.224.34 216.228.224.33 216.228.224.32 210.193.131.12 12.43.226.3 66.35.231.18 66.35.231.17 No 64.74.157.52 above. Then the sender envelope domain... ~ dig +short txt bounce2.pobox.com "v=spf1 redirect=pobox.com" I presume the above means to now look at the TXT record for pobox.com ~ dig +short txt pobox.com "v=spf1 mx mx:fallback-relay.%{d} a:webmail.%{d} a:smtp.%{d} a:outgoing.smtp.%{d} a:discard-reports.%{d} a:discards.%{d}" ~ dig +short mx pobox.com 10 mx-3.pobox.com. 10 mx-2.pobox.com. 10 mx-6.pobox.com. 10 mx-1.pobox.com. 10 mx-4.pobox.com. 10 mx-5.pobox.com. 10 mx-7.pobox.com. 10 mx-all.pobox.com. And we have a winner!... ~ dig +short a mx-4.pobox.com 64.74.157.52 64.74.157.52 64.74.157.52 64.74.157.52 64.74.157.52 64.74.157.52 64.74.157.52 64.74.157.52 --markc ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
