Re: started getting 550 #5.7.1 SPF unauthorized mail

Thu, 25 Aug 2022 09:37:15 -0700 

On 2022-08-24 at 23:41:06 UTC-0400 (Thu, 25 Aug 2022 13:41:06 +1000)
 <li...@sbt.net.au>
is rumored to have said:
I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email 
to several recipients, that's been in use since long time.

today noticed one of these addresses started bouncing with '5.7.1 SPF
unauthorized mail' since just today:
SPF is a tool for sanity-checking the SMTP envelope sender address against the sending IP. It is rare for sites to absolutely reject mail for SPF failures, but some do. This looks like it COULD be a changed config on one machine (asav.tpg.com.au) to enforce SPF.
Simple alias expansion (and ~/.forward forwarding) is intrinsically incompatible with SPF enforcement. This is why people use full mailing list management software like Mailman. 


what am I doing wrong ?
You're sending out mail using an IP that's not in the SPF record for the envelope sender. If this is simple alias expansion, your system retains the original envelope sender on forwarded messages and SPF will fail (if there's a SPF record for the original sender) at every step in the delivery after that.
It seems that all of your failures are when sending via asav.tpg.com.au. You may be able to get help from whoever decided to strictly enforce SPF on that machine. 




worked:

Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F:
to=<g...@tpg.com.au>, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok: Message 199653922 
accepted)

no longer:

Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B:
to=<g...@tpg.com.au>, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, 
delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=<g...@tpg.com.au>, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, 
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

looking at the log is see:

# grep 4678220053B  /var/log/maillog

Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B:
client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49]
Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B:
message-id=<sy6pr01mb8444a26323ea227ec9bf1407f4...@sy6pr01mb8444.ausprd01.prod.outlook.com>
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse
authentication-results: header field
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful 
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring
Authentication-Results at 1 from geko.sbt.net.au
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom):
tld.com.au pass
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none
Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B:
from=<b...@tld.com.au>, size=629054, nrcpt=8 (queue active)

Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] <b...@tld.com.au> 
-> <g...@tpg.com.au>, Queue-ID: 4678220053B, Message-ID:
<sy6pr01mb8444a26323ea227ec9bf1407f4...@sy6pr01mb8444.ausprd01.prod.outlook.com>,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 
4939 ms

Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=<g...@tpg.com.au>, orig_to=<ct...@sbt.net.au>,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 
2.0.0 Ok: queued as 5C7FE2004D9)

Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed
#


# grep 5C7FE2004D9  /var/log/maillog

Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9:
client=localhost[127.0.0.1]
Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9:
message-id=<sy6pr01mb8444a26323ea227ec9bf1407f4...@sy6pr01mb8444.ausprd01.prod.outlook.com>
Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9:
from=<b...@tld.com.au>, size=629970, nrcpt=1 (queue active)
Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] <b...@tld.com.au> 
-> <g...@tpg.com.au>, Queue-ID: 4678220053B, Message-ID:
<sy6pr01mb8444a26323ea227ec9bf1407f4...@sy6pr01mb8444.ausprd01.prod.outlook.com>,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 
4939 ms
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=<g...@tpg.com.au>, orig_to=<ct...@sbt.net.au>,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 
2.0.0 Ok: queued as 5C7FE2004D9)
Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=<g...@tpg.com.au>, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, 
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))
Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender
non-delivery notification: 0C96B21C52C
Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed


mail_version = 3.7.2



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Reply via email to