my mistake. seems orange.es is using a HUGE a record list.
you might want to check your dns servers. make sure they can pass dns
records in tcp.
(if result is 'huge' (> 255 bytes)) dns will NOT use udp port 53, but
tcp port 53.
do a 'host -t a spf.oriange.es' on the server running spamassassin. see
if you don't get something like this:
host -t a spf.orange.es
;; Truncated, retrying in TCP mode.
spf.orange.es has address 83.231.36.67
spf.orange.es has address 62.36.20.139
spf.orange.es has address 62.36.20.140
spf.orange.es has address 62.36.20.169
spf.orange.es has address 62.36.20.170
spf.orange.es has address 62.36.20.201
spf.orange.es has address 62.36.20.202
spf.orange.es has address 62.36.20.203
spf.orange.es has address 62.36.20.204
spf.orange.es has address 62.36.20.205
spf.orange.es has address 62.36.20.206
spf.orange.es has address 62.36.20.207
spf.orange.es has address 62.36.20.208
spf.orange.es has address 62.36.20.209
spf.orange.es has address 62.36.20.210
spf.orange.es has address 62.36.20.211
spf.orange.es has address 62.36.20.212
Michael Scheidell wrote:
Alvaro Marín wrote:
Hello,
I'm having problems using whitelist_from_spf to whitelist a domain.
no, the sender is having problems using spf :-(
orange.es publishes this as their spf records:
host -t txt orange.es
orange.es descriptive text "v=spf1 mx a:spf.orange.es
ip4:213.143.52.0/24 -all"
this email APPEARS to come from ip:
62.36.20.210
which does NOT match the above.
so, spf fails. according to orange.es, that email did not originate
from their approved servers.
spf did what it was programmed to do. prevent 'forgeries'.
Now, you say, wait, that isn't a forgery. yes it it... according to
spf records it is.
you need to check with orange.es, ask if that ip is really one of
there ip's, or check with sender, find out why they are violating the
spf records.
hint: your answer is already in your email:
result: fail, comment: Please see
http://www.openspf.org/Why?s=mfrom;id=xxx%40orange.es;ip=62.36.20.210;r=relay09.dns-servicios.com,
text: Mechanism '-all' matched
So, which is the purpose of this whitelist feature? If the SPF check fails,
it can't do whitelist?
the purpose is to whitelist email addresses that pass spf checks.
Thanks!
Regards,
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
