Re: [exim-dev] SPF not working properly

2019-12-20 Thread Heiko Schlittermann via Exim-dev 
David Saez Padros via Exim-dev  (Fr 20 Dez 2019 08:46:10 
CET):
> Hi
>
> i'm a bit confused, exim is using libspf2 like spfquery.libspf2
> does and both return different results, not sure why exim is doing
> dns queries itself to interpret spf, the libspf2 documentation gives
> a very simple example while exim's spf.c looks more complex

Exim intercepts the DNS queries made from libspf2.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -


signature.asc
Description: PGP signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] SPF not working properly

2019-12-20 Thread David Saez Padros via Exim-dev 

Hi

i'm a bit confused, exim is using libspf2 like spfquery.libspf2
does and both return different results, not sure why exim is doing
dns queries itself to interpret spf, the libspf2 documentation gives
a very simple example while exim's spf.c looks more complex

El 19/12/2019 a las 15:14, Jeremy Harris via Exim-dev escribió:

On 19/12/2019 10:54, David Saez Padros via Exim-dev wrote:

On the new release i get a lot of spf failures that make me have to
disable spf.


Thanks for the debug info.  This looks like a variant of
bug 2499.



--
Best regards ...


   David Saez
   On-Line Services 2000 S.L.
   http://www.ols.es





--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] SPF not working properly

2019-12-19 Thread Jeremy Harris via Exim-dev 
On 19/12/2019 10:54, David Saez Padros via Exim-dev wrote:
> On the new release i get a lot of spf failures that make me have to
> disable spf.

Thanks for the debug info.  This looks like a variant of
bug 2499.
-- 
Cheers,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] SPF not working properly

2019-12-19 Thread David Saez Padros via Exim-dev 

Hi

On the new release i get a lot of spf failures that make me have to 
disable spf. I tried to debug this spf rejection:


2019-12-19 11:09:33 H=mta-90-197.sparkpostmail.com [192.174.90.197] 
Warning: SPF msprvs1=18256LU-Q9YGR=bounces-23293-11...@spmailtechnol.com 
mta-90-197.sparkpostmail.com a.mx.olsns.net: transitioning domain of 
spmailtechnol.com does not designate 192.174.90.197 as permitted sender


but spquery gives a different result:

# spfquery.libspf2 -i 192.174.90.197 -s 
msprvs1=18256LU-Q9YGR=bounces-23293-11...@spmailtechnol.com

pass

spfquery: domain of spmailtechnol.com designates 192.174.90.197 as 
permitted sender
Received-SPF: pass (spfquery: domain of spmailtechnol.com designates 
192.174.90.197 as permitted sender) client-ip=192.174.90.197; 
envelope-from=msprvs1=18256LU-Q9YGR=bounces-23293-11...@spmailtechnol.com;


but exim seems to do something wrong (it found the proper record but it
just ignored it):

11:43:00 32431 spf_process
spf_dns.c:54 Debug: DNS[cache] lookup: spmailtechnol.com TXT (16)
spf_dns.c:54 Debug: DNS[exim] lookup: spmailtechnol.com TXT (16)
11:43:00 32431 SPF_dns_exim_lookup
11:43:00 32431 DNS lookup of spmailtechnol.com (TXT) succeeded
spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:69 Debug: DOMAIN: spmailtechnol.com  TYPE: TXT (16)
spf_dns.c:76 Debug: TTL: 300  RR found: 1  herrno: 0 
source: exim
spf_dns.c:94 Debug: - TXT: v=spf1 
exists:%{i}._spf.sparkpostmail.com ~all

spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:69 Debug: DOMAIN: spmailtechnol.com  TYPE: TXT (16)
spf_dns.c:76 Debug: TTL: 300  RR found: 1  herrno: 0 
source: exim
spf_dns.c:94 Debug: - TXT: v=spf1 
exists:%{i}._spf.sparkpostmail.com ~all

spf_server.c:402 Debug: get_record(spmailtechnol.com): NETDB_SUCCESS
spf_server.c:443 Debug: found SPF record: v=spf1 
exists:%{i}._spf.sparkpostmail.com ~all
spf_compile.c:1210   Debug: Compiling record v=spf1 
exists:%{i}._spf.sparkpostmail.com ~all
spf_compile.c:1314   Debug: Name starts at 
exists:%{i}._spf.sparkpostmail.com ~all

spf_compile.c:1408   Debug: Adding mechanism type 7
spf_compile.c:847Debug: SPF_c_mech_add: type=7, 
value=:%{i}._spf.sparkpostmail.com ~all
spf_compile.c:689Debug: Parsing domainspec starting at 
%{i}._spf.sparkpostmail.com ~all, cidr is forbidden
spf_compile.c:523Debug: Parsing macro starting at 
%{i}._spf.sparkpostmail.com ~all

spf_compile.c:1314   Debug: Name starts at  all
spf_compile.c:1408   Debug: Adding mechanism type 8
spf_compile.c:847Debug: SPF_c_mech_add: type=8, value=
spf_dns.c:54 Debug: DNS[cache] lookup: 
192.174.90.197._spf.sparkpostmail.com A (1)
spf_dns.c:54 Debug: DNS[exim] lookup: 
192.174.90.197._spf.sparkpostmail.com A (1)

11:43:00 32431 SPF_dns_exim_lookup
11:43:00 32431 DNS lookup of 192.174.90.197._spf.sparkpostmail.com (A) 
succeeded

spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:69 Debug: DOMAIN: (null)  TYPE: ANY (255)
spf_dns.c:76 Debug: TTL: 86400  RR found: 0  herrno: 1 
source: exim

spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:69 Debug: DOMAIN: (null)  TYPE: ANY (255)
spf_dns.c:76 Debug: TTL: 86400  RR found: 0  herrno: 1 
source: exim
spf_interpret.c:1231 Debug: found 0 A records for 
192.174.90.197._spf.sparkpostmail.com  (herrno: 1)

11:43:00 32431 SPF result is softfail (4)

--
Best regards ...


   David Saez
   On-Line Services 2000 S.L.
   http://www.ols.es




--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##