[exim] Weird SPF rejection - what can be the cause of it? (buiilt-in SPF handler in exim)

Sebastian Nielsen via Exim-users Thu, 07 May 2020 15:37:50 -0700

I got the following weird SPF rejection in my logs (im using the built-in
SPF handler in exim):


2020-05-07 11:14:35 H=mxcluster2.lansforsakringar.se [194.16.160.133]
X=TLS1.2:ECDHE_SECP521R1__RSA_SHA512__AES_256_GCM:256 CV=no rejected MAIL
<[email protected]>: SPF check failed: sebbe.eu: domain of
lansforsakringar.se does not designate 194.16.160.133 as permitted sender


First tought it was lansforsakringar.se not having all their server in SPF,
but digging deeper:

root@sebastian-desktop:/var/log/exim# dig TXT lansforsakringar.se

; <<>> DiG 9.16.1-Ubuntu <<>> TXT lansforsakringar.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1663
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lansforsakringar.se.           IN      TXT

;; ANSWER SECTION:
lansforsakringar.se.    3296    IN      TXT     "JH4-GH3-AL4"
lansforsakringar.se.    3296    IN      TXT
"MS=B6AE9E26F69ADFDEFC61FEE14B7F3C9166F854FD"
lansforsakringar.se.    3296    IN      TXT
"citrix.mobile.ads.otp=kgghvt530f3b38s2x1kv"
lansforsakringar.se.    3296    IN      TXT
"MS=30F3DF063E79A0780EE3E42D22207B48CADDC091"
lansforsakringar.se.    3296    IN      TXT
"adobe-idp-site-verification=3da6237fa3e712d20f7c42a63ff3e68e02bd06e72c8aca4
6f22d7279b9227474"
lansforsakringar.se.    3296    IN      TXT     "MS=ms98894870"
lansforsakringar.se.    3296    IN      TXT     "v=spf1 mx -all"

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: fre maj 08 00:29:50 CEST 2020
;; MSG SIZE  rcvd: 397

root@sebastian-desktop:/var/log/exim#


According to their SPF, MX servers should be accepted.

Okay lets check MX:

root@sebastian-desktop:/var/log/exim# dig MX lansforsakringar.se

; <<>> DiG 9.16.1-Ubuntu <<>> MX lansforsakringar.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11521
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lansforsakringar.se.           IN      MX

;; ANSWER SECTION:
lansforsakringar.se.    3277    IN      MX      20
mxcluster2.lansforsakringar.se.
lansforsakringar.se.    3277    IN      MX      10
mxcluster3.lansforsakringar.se.
lansforsakringar.se.    3277    IN      MX      10
mxcluster1.lansforsakringar.se.
lansforsakringar.se.    3277    IN      MX      20
mxcluster4.lansforsakringar.se.

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: fre maj 08 00:30:19 CEST 2020
;; MSG SIZE  rcvd: 156

root@sebastian-desktop:/var/log/exim#

root@sebastian-desktop:/var/log/exim# dig A mxcluster2.lansforsakringar.se

; <<>> DiG 9.16.1-Ubuntu <<>> A mxcluster2.lansforsakringar.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8914
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mxcluster2.lansforsakringar.se.        IN      A

;; ANSWER SECTION:
mxcluster2.lansforsakringar.se. 3237 IN A       194.16.160.133

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: fre maj 08 00:30:59 CEST 2020
;; MSG SIZE  rcvd: 75

root@sebastian-desktop:/var/log/exim#


So whats the problem? Why are the mail rejected? Clearly 194.16.160.133 is
listed as authorized server.

smime.p7s
Description: S/MIME Cryptographic Signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Weird SPF rejection - what can be the cause of it? (buiilt-in SPF handler in exim)

Reply via email to