SPF question (2) - VMS

This is a discussion on SPF question (2) - VMS ; My previous question was because, in a simple test that I'm doing, I get: X-PMDF-SPF: (recv=mx2.isti.cnr.it, send-ip=209.85.200.173) Could not find a valid SPF record when the message came from: Return-path: From: xxxxx and by dig gmail.com txt I get ;; ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SPF question (2)

  1. SPF question (2)

    My previous question was because, in a simple test that I'm doing, I get:

    X-PMDF-SPF: (recv=mx2.isti.cnr.it, send-ip=209.85.200.173) Could not find a
    valid SPF record

    when the message came from:

    Return-path:
    From: xxxxx

    and by
    dig gmail.com txt I get

    ;; ANSWER SECTION:
    gmail.com. 190 IN TXT "v=spf1 redirect=_spf.google.com"

    and I have the following entry in the FROM_ACCESS table

    TCP|*|25|*|*|SMTP|*|tcp_local|*@*|* $C$[PMDF_SPF_LIBRARY,spf_lookup,\
    $1,$4@$5,$5,X-PMDF-SPF]$E

    So, I suspect that there is something of wrong in my configuration.

    Francesco

  2. Re: SPF question (2)

    A question about checking incoming messages that could involve SPF.

    It could be useful to check if the source IP of an incoming
    SMTP connection is one of the IP addresses (or also subnets)
    of the hosts listed in the MX records for the domain in the "SMTP mail from:"

    You could argue that this is possible (simply) by inserting the correct SPF record in
    the source domain, and that there is no guarantee that a site uses the same
    IP addresses to receive and to send messages, but it is also true
    that if I get such match I could have a feeling that the incoming message
    could not be a spam. This is particolary true when I trust the source
    organization (and .... the source organization has no SPF records).

    My question is:
    - is it possible to have the above check (check if the incomig IP address
    matches one IP address of the MX nodes) in PMDF also when the source domain
    has no SPF records?

    Francesco

    > > Which are the DNS records that the PMDF SPF routine search for?


    > > SPF ?
    > > TXT ?


    > SPF information is stored in a TXT record.


    > > and I have the following entry in the FROM_ACCESS table


    > > TCP|*|25|*|*|SMTP|*|tcp_local|*@*|* $C$[PMDF_SPF_LIBRARY,spf_lookup,\
    > > $1,$4@$5,$5,X-PMDF-SPF]$E


    > > So, I suspect that there is something of wrong in my configuration.


    > The second use of "$5" is not what you want. That parameter specifies
    > the domain name that appears in the Received-SPF: header and
    > designates the local system. What you have wouldn't cause what you're
    > seeing, but it would generated a header that would show, in this case,
    > "gmail.com" where it would normally show your hostname.


    > I tried your mapping on my VMS system and had no trouble performing
    > the lookup and getting the Received-SPF: header.


    > You may want to turn on PMDF debugging and define this environment
    > variable to get some SPF debugging output:


    > PMDF_SPF_LOOKUP_DEBUG 1


    > My ignorance of UNIX will show here, as I'm not sure how you define
    > that so that it's defined for the PMDF processes.


    > Hunter
    > ------
    > Hunter Goatley, Process Software, http://www.process.com/
    > goathunter@GOATLEY.COM http://www.goatley.com/hunter/


  3. Re: SPF question (2)

    > It could be useful to check if the source IP of an incoming
    > SMTP connection is one of the IP addresses (or also subnets)
    > of the hosts listed in the MX records for the domain in the "SMTP mail from:"

    [...]

    > but it is also true
    > that if I get such match I could have a feeling that the incoming message
    > could not be a spam.


    Careful, there. That's one of the false impressions most people have
    about SPF itself. A lot of people think that if the message passes
    the SPF check, then it's not spam. That's not true at all. Spammers
    were among the first sites to deploy SPF records. An SPF "pass" is
    only meaningful when you know the domain and trust its SPF records.
    The same thing would be true here: just because it comes from one of
    the MX systems for the domain does *not* mean it's not spam.

    > This is particolary true when I trust the source
    > organization (and .... the source organization has no SPF records).


    > My question is:
    > - is it possible to have the above check (check if the incomig IP address
    > matches one IP address of the MX nodes) in PMDF also when the source domain
    > has no SPF records?


    That's a feature that could be added; it's not there currently. I'll
    look into it....

    Thanks.

    Hunter
    ------
    Hunter Goatley, Process Software, http://www.process.com/
    goathunter@GOATLEY.COM http://www.goatley.com/hunter/

  4. Re: SPF question (2)

    > > It could be useful to check if the source IP of an incoming
    > > SMTP connection is one of the IP addresses (or also subnets)
    > > of the hosts listed in the MX records for the domain in the "SMTP mail from:"

    > [...]


    > > but it is also true
    > > that if I get such match I could have a feeling that the incoming message
    > > could not be a spam.


    > Careful, there. That's one of the false impressions most people have
    > about SPF itself. A lot of people think that if the message passes
    > the SPF check, then it's not spam. That's not true at all. Spammers
    > were among the first sites to deploy SPF records. An SPF "pass" is
    > only meaningful when you know the domain and trust its SPF records.
    > The same thing would be true here: just because it comes from one of
    > the MX systems for the domain does *not* mean it's not spam.


    Yes, I know very well all of this, but it is always useful to clarify. Thanks.

    Infact I was speaking about trusted sites (and... that I could have
    a good feeling....), where for any reasons I'm not able to contact the admin
    to ask for an SPF record addition.
    So, in this cases I would prefer an higher risk to receive spam (from
    site that I trust), but to reduce (next to 0) the risk to have false positive!

    > > This is particolary true when I trust the source
    > > organization (and .... the source organization has no SPF records).


    > > My question is:
    > > - is it possible to have the above check (check if the incomig IP address
    > > matches one IP address of the MX nodes) in PMDF also when the source domain
    > > has no SPF records?


    > That's a feature that could be added; it's not there currently. I'll
    > look into it....


    That could be a good idea.
    And I hope to see soon the enanchment... ;-)

    Thanks,
    Francesco

    > Thanks.


    > Hunter
    > ------
    > Hunter Goatley, Process Software, http://www.process.com/
    > goathunter@GOATLEY.COM http://www.goatley.com/hunter/


+ Reply to Thread