subject:"started getting 550 #5.7.1 SPF unauthorized mail"

Re: started getting 550 #5.7.1 SPF unauthorized mail

2022-10-26 Thread Wietse Venema

Dominic Raferd:
> On 25/08/2022 04:41, li...@sbt.net.au wrote:
> > I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email
> > to several recipients, that's been in use since long time.
> >
> > today noticed one of these addresses started bouncing with '5.7.1 SPF
> > unauthorized mail' since just today:

One or more of the following has changed:

- The owner of the envelope sender domain changed their SPF policy
  in DNS,

- The receiving SMTP server uses different SPF enforcement settings.

- The sending SMTP client uses a different SMTP client IP address,

- The sending SMTP client sends a different ehlo command (default:
  smtp_helo_name = $myhostname),

- The sending SMTP client sends a different envelope sender address
  (logged by qmgr, but may be changed with smtp_generic_maps).

Wietse

Re: started getting 550 #5.7.1 SPF unauthorized mail

2022-10-26 Thread Dominic Raferd


On 25/08/2022 04:41, li...@sbt.net.au wrote:

I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email
to several recipients, that's been in use since long time.

today noticed one of these addresses started bouncing with '5.7.1 SPF
unauthorized mail' since just today:

what am I doing wrong ?

worked:

Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9,
delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok:  Message 199653922
accepted)

no longer:

Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9,
delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64,
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

looking at the log is see:

# grep 4678220053B  /var/log/maillog

Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B:
client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49]
Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B:
message-id=
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse
authentication-results: header field
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring
Authentication-Results at 1 from geko.sbt.net.au
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom):
tld.com.au pass
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none
Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B:
from=, size=629054, nrcpt=8 (queue active)

Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 
-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9,
4939 ms

Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as 5C7FE2004D9)

Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed
#


# grep 5C7FE2004D9  /var/log/maillog

Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9:
client=localhost[127.0.0.1]
Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9:
message-id=
Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9:
from=, size=629970, nrcpt=1 (queue active)
Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 
-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9,
4939 ms
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as 5C7FE2004D9)
Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64,
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))
Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender
non-delivery notification: 0C96B21C52C
Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed


mail_version = 3.7.2

SPF works by checking the SPF record for the domain specified in the 
mail *envelope*. If the IP from which the email has been received does 
not meet the SPF record criteria, it is an SPF fail. My impression is 
that a number of email providers (including Gmail) have become much 
stickier about refusing emails that fail SPF testing of late, and it 
seems that tpg.com.au is one of them.


When you relay an incoming mail out to your mailing list subscribers you 
are retaining the original mail return address in the header, but the 
mail is coming from your IP, not the original sender's. For this sender 
it will result in an SPF failure because their SPF record (tld.com.au) 
at the time of writing is 'v=spf1 include:spf.protection.outlook.com -all'.


A

Re: started getting 550 #5.7.1 SPF unauthorized mail

2022-08-29 Thread Matus UHLAR - fantomas


On 25.08.22 13:41, li...@sbt.net.au wrote:

I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email
to several recipients, that's been in use since long time.



Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B: 
client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49]
Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B: 
message-id=
Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B: from=, 
size=629054, nrcpt=8 (queue active)
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, 
orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, 
delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 
250 2.0.0 Ok: queued as 5C7FE2004D9)



Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9: 
client=localhost[127.0.0.1]
Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9: 
message-id=
Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9: from=, 
size=629970, nrcpt=1 (queue active)
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, 
orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, 
delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 
250 2.0.0 Ok: queued as 5C7FE2004D9)
Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, 
relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, 
dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF 
unauthorized mail is prohibited. (in reply to DATA command))
Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender non-delivery 
notification: 0C96B21C52C
Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed


- you accept mail from b...@tld.com.au to ct...@sbt.net.au
- you forward the mail to g...@tpg.com.au, from address is b...@tld.com.au

- destination mail server  asav.tpg.com.au refuses mail from @tld.com.au 
  because your server is not allowed to send mail from @tld.com.au


I see a few possible solutions:
- use real mailing list software like mailman, it will rewrite the sender 
  address

- set expand_owner_alias=yes and create owner-g...@tpg.com.au in aliases:
  http://www.postfix.org/postconf.5.html#expand_owner_alias
  I guess the g...@tpg.com.au is defined in alias_maps, not 
  virtual_alias_maps


- use SRS scheme to rewrite sender addresses for forwarded mail.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

Re: started getting 550 #5.7.1 SPF unauthorized mail

2022-08-25 Thread Bill Cole


On 2022-08-24 at 23:41:06 UTC-0400 (Thu, 25 Aug 2022 13:41:06 +1000)
 
is rumored to have said:

I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends 
email

to several recipients, that's been in use since long time.

today noticed one of these addresses started bouncing with '5.7.1 SPF
unauthorized mail' since just today:


SPF is a tool for sanity-checking the SMTP envelope sender address 
against the sending IP. It is rare for sites to absolutely reject mail 
for SPF failures, but some do. This looks like it COULD be a changed 
config on one machine (asav.tpg.com.au) to enforce SPF.


Simple alias expansion (and ~/.forward forwarding) is intrinsically 
incompatible with SPF enforcement. This is why people use full mailing 
list management software like Mailman.



what am I doing wrong ?


You're sending out mail using an IP that's not in the SPF record for the 
envelope sender. If this is simple alias expansion, your system retains 
the original envelope sender on forwarded messages and SPF will fail (if 
there's a SPF record for the original sender) at every step in the 
delivery after that.


It seems that all of your failures are when sending via asav.tpg.com.au. 
You may be able to get help from whoever decided to strictly enforce SPF 
on that machine.





worked:

Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, 
delay=1.9,
delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok:  Message 
199653922

accepted)

no longer:

Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, 
delay=1.9,

delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, 
delay=0.64,

delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

looking at the log is see:

# grep 4678220053B  /var/log/maillog

Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B:
client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49]
Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B:
message-id=
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse
authentication-results: header field
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification 
successful

Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring
Authentication-Results at 1 from geko.sbt.net.au
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom):
tld.com.au pass
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none
Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B:
from=, size=629054, nrcpt=8 (queue active)

Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 


-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 
5C7FE2004D9,

4939 ms

Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 
250

2.0.0 Ok: queued as 5C7FE2004D9)

Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed
#


# grep 5C7FE2004D9  /var/log/maillog

Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9:
client=localhost[127.0.0.1]
Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9:
message-id=
Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9:
from=, size=629970, nrcpt=1 (queue active)
Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 


-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 
5C7FE2004D9,

4939 ms
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 
250

2.0.0 Ok: queued as 5C7FE2004D9)
Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, 
delay=0.64,

delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF

started getting 550 #5.7.1 SPF unauthorized mail

2022-08-24 Thread lists

I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email
to several recipients, that's been in use since long time.

today noticed one of these addresses started bouncing with '5.7.1 SPF
unauthorized mail' since just today:

what am I doing wrong ?

worked:

Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9,
delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok:  Message 199653922
accepted)

no longer:

Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9,
delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection
established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64,
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))

looking at the log is see:

# grep 4678220053B  /var/log/maillog

Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B:
client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49]
Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B:
message-id=
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse
authentication-results: header field
Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring
Authentication-Results at 1 from geko.sbt.net.au
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom):
tld.com.au pass
Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none
Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B:
from=, size=629054, nrcpt=8 (queue active)

Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 
-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9,
4939 ms

Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as 5C7FE2004D9)

Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed
#


# grep 5C7FE2004D9  /var/log/maillog

Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9:
client=localhost[127.0.0.1]
Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9:
message-id=
Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9:
from=, size=629970, nrcpt=1 (queue active)
Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN
{RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] 
-> , Queue-ID: 4678220053B, Message-ID:
,
mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9,
4939 ms
Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250
2.0.0 Ok: queued as 5C7FE2004D9)
Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9:
to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64,
delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host
asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is
prohibited. (in reply to DATA command))
Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender
non-delivery notification: 0C96B21C52C
Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed


mail_version = 3.7.2

Re: started getting 550 #5.7.1 SPF unauthorized mail

Re: started getting 550 #5.7.1 SPF unauthorized mail

Re: started getting 550 #5.7.1 SPF unauthorized mail

Re: started getting 550 #5.7.1 SPF unauthorized mail

started getting 550 #5.7.1 SPF unauthorized mail

5 matches

Site Navigation

Mail list logo

Footer information