Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Broken SPF on LEB
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Broken SPF on LEB

rm_rm_ IPv6 Advocate, Veteran
edited August 2018 in General

I was wondering why I don't receive mention notifications and subscribed threads anymore:

Aug 17 07:29:20 postfix/smtpd[28248]: connect from smtp1b.lowendbox.com[198.23.141.195]  
Aug 17 07:29:20 policyd-spf[28252]: None; identity=helo; client-ip=198.23.141.195;
 helo=smtp1b.lowendbox.com; [email protected]; [email protected]  
Aug 17 07:29:20 policyd-spf[28252]: Permerror; identity=mailfrom; client-ip=198.23.141.195;
 helo=smtp1b.lowendbox.com; [email protected]; [email protected]  
Aug 17 07:29:20 postfix/smtpd[28248]: NOQUEUE: reject: RCPT from smtp1b.lowendbox.com[198.23.141.195]:
 550 5.7.1 : Recipient address rejected: Message rejected due to: SPF Permanent Error: Two or more type TXT spf records found..
 Please see http://www.openspf.net/Why?s=mfrom;[email protected];ip=198.23.141.195;[email protected];
 from=< [email protected] > to=< [email protected] > proto=ESMTP helo=< smtp1b.lowendbox.com >  
Aug 17 07:29:20 postfix/smtpd[28248]: disconnect from smtp1b.lowendbox.com[198.23.141.195]

Funnily enough the referenced URL doesn't catch the error, but we can see that's indeed the case:

$ host -t TXT lowendbox.com
lowendbox.com descriptive text "v=spf1 ip4:198.23.141.192/29 ~all"
lowendbox.com descriptive text "v=spf1 ip4:198.12.124.96/28 ~all"

That's not allowed, both IPs need to be within one record, e.g.:

v=spf1 ip4:198.23.141.192/29 ip4:198.12.124.96/28 ~all

As for time to react on things like these, I suppose this will get fixed sometime within the next few years (feel free to surprise me :).

Comments

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited August 2018

    @rm_ actually there is a new guy doing a lot of work, he is trying to do it in the least disruptive way, LEB itself has actually been completely replaced and is working in staging but in a way that it can actually be updated, the cluster will be a thing of the past soon as well.

    I will let him know about this, also things should start happening in weeks now rather than years.

  • NickNick Member, Patron Provider

    dun dun dunnnnn!

    Thanked by 2JackH HyperSpeed
  • FrankZFrankZ Veteran
    edited August 2018

    @rm_ That's why I switched to acme.com/software/spfmilter and now all my lowend email arrives without issue. [tic]

    From [email protected] Thu Aug 16 05:14:16 2018

    Received-SPF: pass ([mailserver]: domain of [email protected] designates 198.23.141.195 as permitted sender) receiver=[mailserver]; client-ip=198.23.141.195; helo=smtp1b.lowendbox.com; [email protected]; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;

  • rm_rm_ IPv6 Advocate, Veteran

    FrankZ said: all my lowend email arrives without issue

    So it's less strict in following standards, and will accept mail from invalid sources without complaint? I'm not sure that's really a sign of better software.

  • I didn't say it was better software, just that it would fix the specific problem you mentioned, as opposed to:

    rm_ said: I suppose this will get fixed sometime within the next few years

    It was also said [tongue in cheek].

  • AnthonySmithAnthonySmith Member, Patron Provider

    @rm_ should be fixed now.

  • rm_rm_ IPv6 Advocate, Veteran

    it would fix the specific problem you mentioned, as opposed to

    Well, disabling SPF validation altogether would also fix it, but doesn't mean that's a good fix.

  • rm_rm_ IPv6 Advocate, Veteran

    AnthonySmith said: @rm_ should be fixed now.

    Yeah, this very mention came through fine to my mail, thanks!

  • FrankZFrankZ Veteran
    edited August 2018

    198.23.141.195 is within 198.23.141.192/29 so it is not an invalid source.
    But hey whatever I'll get out of your thread.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2018

    it is not an invalid source.

    Invalid as in having invalid SPF. It is of course debatable whether or not these should be considered a fail. I'd say in this case yes they should. There's no telling, for example, which of the records your software was reading (I really doubt it was auto-merging both, or processing them one by one -- which would bring a ton of non-obvious "what to do if" questions), so it's pure luck you got mail from a server listed in the record that it looked at. If they also send from the other one, you would randomly lose half of the mail. Surely it's better to catch this situation as early as possible, and that's what my filter helped to do.

Sign In or Register to comment.