SPF checks on Mailscanner

Pramod Daya pramod at mindspring.co.za
Sun Feb 20 20:45:39 UTC 2022


As a follow up, I found a difference in the way that my Mailscanner implementation was behaving, vs a mailborder implementation.   With Mailscanner, the mail was accepted, and then handed over to spamasassin, where the spamassassin rules would trigger and then cause the email to be tagged as spam.  In the case of Mailborder, as soon as the “From:” point in the protocol was reached, the process would stop and the mail got rejected. I was trying to understand why they were behaving differently; but the Spamassassin approach works so I guess I found a solution, and learned a bit more about SPF in the process.  Hopefully this will help someone else.

Here’s the transcript of what happens:


I was running a hand crafted SMTP transaction to test whether SPF tests were being implemented correctly on two different servers. The server I was testing from is not allowed to send mail for this domain (mindspring.co.za) via either server, i.e. mailmaster.mindspring.co.za, or mb1.mindspring.co.za. In the case of the mailmaster server, the mail is accepted by postfix, even though it fails SPF checks.  For the second server, viz. mb1.mindspring.co.za, as soon as I submit the "From", it gets rejected by SPF.    Is this possibly the mb1 servers is using a newer version of SPF or is this a configuration issue ?



I did subsequently find that the SPF checks are working on the first server that seemed to accept the mail (mailmaster.mindspring.co.za), but it got handed to Spamassassin that then rejected the mail because of SPF.



============ Start of transaction on Server Running Mailscanner ===================

$ telnet mailmaster.mindspring.co.za 25

Trying 197.155.22.89...

Connected to mailmaster.mindspring.co.za.

Escape character is '^]'.

220 mailmaster.mindspring.co.za ESMTP Postfix

ehlo mindspring.co.za

250-mailmaster.mindspring.co.za

250-PIPELINING

250-SIZE 20971520

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

mail from: user at mindspring.co.za<mailto:user at mindspring.co.za>

250 2.1.0 Ok

rcpt to: user at mindspring.co.za<mailto:user at mindspring.co.za>

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

subject: test

1

.

250 2.0.0 Ok: queued as D6A1743AD04A

quit

221 2.0.0 Bye

Connection closed by foreign host.

============ End of transaction on Server Running Mailscanner ===================









============ Start of transaction on Server Running Mailborder ===================

telnet mb1.mindspring.co.za 25

Trying 178.79.131.19...

Connected to mb1.mindspring.co.za.

Escape character is '^]'.

220 mail.mb1.mindspring.co.za ESMTP

ehlo mindspring.co.za

250-mail.mb1.mindspring.co.za

250-PIPELINING

250-SIZE 52428800

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250-DSN

250 SMTPUTF8

mail from: user at mindspring.co.za<mailto:user at mindspring.co.za>

250 2.1.0 Ok

rcpt to: user at mindspring.co.za<mailto:user at mindspring.co.za>

550 5.7.23 <user at mindspring.co.za<mailto:user at mindspring.co.za>>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Whys=helo;id=mindspring.co.za;ip=88.80.187.207;r=<UNKNOWN<http://www.openspf.net/Whys=helo;id=mindspring.co.za;ip=88.80.187.207;r=%3cUNKNOWN>>

============ End of transaction on Server Running Mailscanner ===================



From: MailScanner <mailscanner-bounces+pramod=mindspring.co.za at lists.mailscanner.info> On Behalf Of Shawn Iverson via MailScanner
Sent: Saturday, 05 February 2022 21:36
To: mailscanner at lists.mailscanner.info
Cc: Shawn Iverson <shawniverson at summitgrid.com>
Subject: Re: SPF checks on Mailscanner


Since this is concerning pypolicyd-spf and python-pyspf, unless somehow MailScanner is at play here, I don't think this is a MailScanner issue.  Can you bypass MailScanner and test again?
On 2/5/22 11:13, Pramod Daya via MailScanner wrote:
Hi Folks,

Running MailScanner 5.3.4-3 on Centos 7, I’m using, for SPF checking:

pypolicyd-spf-1.3.2-5.el7.noarch
python-pyspf-2.0.14-13.el7.noarch

Using these policyd-spf.conf settings:

debugLevel = 2
defaultSeedOnly = 1
HELO_reject = SPF_Not_pass
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1


Which seems to work fine, as it issues warnings to servers that aren’t authorised to send for domains that don’t have SPF records set up correctly.  However, when I do a command line test from a remote (unauthorised) server to send mail through this server, it happily accepts the mail, even though the unauthorised server is not in the SPF list.  The sending server is not whitelisted, I can’t understand why it doesn’t get rejected by the SPF check.

Some advice or pointers would be greatly appreciated.

Thank you.
___________________________________________________
Pramod Daya (CEO)
M.Sc. Computer Science (U. of Oregon)
Unit 5, Melomed Office Park
Punters Way, Kenilworth
Cape Town, South Africa 7708
www.mindspring.co.za<http://www.mindspring.co.za/>
            [cid:image001.png at 01D826AB.2ABF8FD0]
Work:  +27 21 657 1780
Fax:  +27 21 671 7599
  Cell:  +27 83 675 0367
pramod at mindspring.co.za<mailto:pramod at mindspring.co.za>








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220220/e2c076c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5989 bytes
Desc: image001.png
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220220/e2c076c5/attachment.png>


More information about the MailScanner mailing list