On Thu 12/Nov/2015 17:04:29 +0100 Sam Varshavchik wrote: > Alessandro Vesely writes: > >> I received a bunch of spam marked like this: >> >> Return-Path: <zl...@tana.it> >> Received: from [210.205.1.118] (softdnserr [210.205.1.118]) >> by wmail.tana.it with ESMTP; Thu, 12 Nov 2015 09:55:57 +0100 >> id 00000000005DC042.0000000056445431.00005BFC >> Received-SPF: error (Address does not pass the Sender Policy Framework) >> SPF=MAILFROM; >> sender=zl...@tana.it; >> remoteip=210.205.1.118; >> remotehost=softdnserr; >> helo=[210.205.1.118]; >> receiver=wmail.tana.it; >> >> The "softdnserr" presumably came from DNS outage. The NS was disconnected >> for >> quite some time, so only internal stuff was being resolved during reception. >> Thus, Courier could get a -all SPF record for tana.it, but not the reverse IP >> for that Korean address. > > A failed SPF DNS lookup results in a status of "error". > > Check your "error" status handling. If you have "error" included in the > BOFHSPF > settings, it is considered a pass.
Yup, you nailed it. I have: opt BOFHSPFHELO=pass,none,neutral,softfail,unknown,error,fail opt BOFHSPFMAILFROM=allowok,pass,none,neutral,softfail,unknown,error opt BOFHSPFFROM=all In fact, I could not reproduced it because I tried from the internal network, which can be resolved locally even if the NS is disconnected. Today I tried from an external IP and obtained the same result as the spammer quoted above. I'm still somewhat puzzled because my SPF record requires a further (external) lookup which fails silently, while the reverse IP lookup doesn't seem to be related to SPFMAILFROM at a first glance. I'll look deeper after I upgrade Courier... Thank you for putting me on the right track Ale ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
