Incorrectly Blocked by SPF?

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-25 05:43

mxtoolbox says my SPF record passes for the IP/domain combination (67.14.194.186 / ouachitacounty.org)
but hMailServer 5.6.8 is flagging it as spam. The issue also existed in 5.6.6.




Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Tue, 24 Apr 2018 21:45:27 -0500
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Tue, 24 Apr 2018 21:45:28 -0500
Message-ID: <D39D8B531CDC425F8BB5FDE846CCBE96@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test3
Date: Tue, 24 Apr 2018 21:45:28 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_001D_01D3DC15.8FB0D0F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-2: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5




"DEBUG" 3664 "2018-04-24 21:45:26.918" "Creating session 16936"
"DEBUG" 3664 "2018-04-24 21:45:26.919" "TCP connection started for session 16935"
"SMTPD" 3664 16935 "2018-04-24 21:45:26.919" "67.14.194.186" "SENT: 220 mail.******.com ESMTP"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "RECEIVED: STARTTLS"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "SENT: 220 Ready to start TLS"
"DEBUG" 3708 "2018-04-24 21:45:27.019" "Performing SSL/TLS handshake for session 16935. Verify certificate: False"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.242" "67.14.194.186" "RECEIVED: MAIL FROM:<spf@ouachitacounty.org>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.244" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.291" "67.14.194.186" "RECEIVED: RCPT TO:<spf@*****.com>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.293" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "RECEIVED: DATA"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "SENT: 354 OK, send."
"DEBUG" 3692 "2018-04-24 21:45:27.628" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:27.628" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:30.181" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 3208 "2018-04-24 21:45:30.197" "Spam test: SpamTestMXRecords, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Spam test: SpamTestSPF, Score: 3"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Total spam score: 5"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Spam test: SpamTestDKIM, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Total spam score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3208 "2018-04-24 21:45:30.334" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 3208 16935 "2018-04-24 21:45:30.334" "67.14.194.186" "SENT: 250 Queued (2.976 seconds)"
"DEBUG" 3488 "2018-04-24 21:45:30.335" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Delivering message..."
"APPLICATION" 3528 "2018-04-24 21:45:30.335" "SMTPDeliverer - Message 17769: Delivering message from spf@ouachitacounty.org to spf@******.com. File: C:\Program Files (x86)\hMailServer\Data\{646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Performing local delivery"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.337" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.338" "Local delivery completed"
"APPLICATION" 3528 "2018-04-24 21:45:30.338" "SMTPDeliverer - Message 17769: Message delivery thread completed."
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "RECEIVED: QUIT"
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "SENT: 221 goodbye"
"DEBUG" 3692 "2018-04-24 21:45:30.380" "Ending session 16935"

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-25 23:32

I think that is correctly blocked

Your spf says "v=spf1 mx -all"

Your mx record points to
mail.ouachitacounty.org. 3600 CNAME ip.ouachitacounty.org.

And then ip.... points to
ip.ouachitacounty.org. 1800 A 67.14.194.186

From what I can see your sending IP doesn't match your mx record, and you have spf set to -all (hard fail)

What have I missed?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-25 23:52

Are you saying that 67.14.194.186 is not my sending IP,
or that the sender can't have a MX record that points to a CNAME?

User avatar
jimimaseye
Moderator
Moderator
Posts: 7520
Joined: 2011-09-08 17:48

Re: Incorrectly Blocked by SPF?

Post by jimimaseye » 2018-04-25 23:55

[MX record that points to a CNAME?
This is definitely against RFC and if you have it as such may well be causing you problems. Mx records must have their own A record and not be CNAME.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-26 14:40

ok I changed ouachitacounty.org's MX record to point directly to their A record.
I also added the IP to the SPF record.

hMailServer is still failing the SPF test.




Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Thu, 26 Apr 2018 07:34:37 -0500
dkim-signature: v=1; a=rsa-sha256; d=ouachitacounty.org; s=dkim-oc; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=xWDBWcs1Pyig7yIEPTKwZYFvKd8NLZkBwiFVysOTK0w=;
b=IOOr6UGctiInWSZNRxDhJALZk9UbkIoMJwLtxgYUYh2SFyPH+mtzm2Z3Hx5zHv2bWjFpwrXYdhNOZpiKKG5/7hdUMyzbdJY97/Bv8KSqwxXYjUs6yXQ63X0jg/wEc5WauI93Q7a5O5Ui2HKb7tke08fWg/qmhSBpiNv0SvOJhbM=
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Thu, 26 Apr 2018 07:34:40 -0500
Message-ID: <2316F616BF3B41E283C8231C7DFF6674@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test
Date: Thu, 26 Apr 2018 07:34:39 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01D3DD31.0886E2F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-3: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-27 01:03

If you open a command prompt ON THE MACHINE with hMailsevrer installed and type

'nslookup -type=txt ouachitacounty.org' without the quotes, what is the response?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1053
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Incorrectly Blocked by SPF?

Post by Dravion » 2018-04-27 01:56

Host resolves to:
ouachitacounty.org 184.168.221.26

Your SPF Record points to
"v=spf1 mx ip4:67.14.194.186 -all"

which is wrong, your SPF needs to point to 184.168.221.26
My x64-Bit builds of hMailserver

hMailServer-5.6.8-B2426-x64.msi (LibreSSL)
hMailServer-5.6.8-B2426-x64.exe (OpenSSL)

Downloads:
https://github.com/hMailServer-ComDevs/hmailserver/releases

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-27 02:48

mattg wrote:
2018-04-27 01:03
If you open a command prompt ON THE MACHINE with hMailsevrer installed and type

'nslookup -type=txt ouachitacounty.org' without the quotes, what is the response?
Server: dns.quad9.net
Address: 9.9.9.9
Non-authoritative answer:
ouachitacounty.org text =
"v=spf1 mx ip4:67.14.194.186 -all"

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-27 02:53

Dravion wrote:
2018-04-27 01:56
Host resolves to:
ouachitacounty.org 184.168.221.26

Your SPF Record points to
"v=spf1 mx ip4:67.14.194.186 -all"

which is wrong, your SPF needs to point to 184.168.221.26
184.168.221.26 is the A record isn't it?
And that's not where the mail is coming from, why should that be in the spf record?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-27 02:56

Dravion wrote:
2018-04-27 01:56
Host resolves to:
ouachitacounty.org 184.168.221.26

Your SPF Record points to
"v=spf1 mx ip4:67.14.194.186 -all"

which is wrong, your SPF needs to point to 184.168.221.26
Yes, the A record points to 184.168.221.26 but the MX record points to 67.14.194.186, and since my SPF record contains "mx" then it should match and hMailServer shouldn't flag it as spam, right? Yahoo's SPF system does not flag it as spam.

Also, my mail doesn't come from 184.168.221.26, it comes from 67.14.194.186.

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-27 02:57

jshipp wrote:
2018-04-27 02:48
mattg wrote:
2018-04-27 01:03
If you open a command prompt ON THE MACHINE with hMailsevrer installed and type

'nslookup -type=txt ouachitacounty.org' without the quotes, what is the response?
Server: dns.quad9.net
Address: 9.9.9.9
Non-authoritative answer:
ouachitacounty.org text =
"v=spf1 mx ip4:67.14.194.186 -all"
That looks correct to me

There is something we are missing, perhaps an incoming relay...
run this please and post the results >> viewtopic.php?f=20&t=30914
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-27 03:34

YES!! There is an incoming relay range that includes the IP of the sender. Why would this matter? What if the sender was also one of my backup MX servers?

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-27 04:01

So hMailserver sees the IP address in the received header that matches the address in the incoming relay and ignores that header completely, looks for the next 'received' header and sees the LAN ip address of Server1, which doesn't match the the SPF record and fails the mail....

If that server is also a backup mx for you, then to me the obvious path is that you whitelist that sender's domain. I'm guessing that you trust them to not spam you?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jshipp
New user
New user
Posts: 7
Joined: 2018-04-25 05:19

Re: Incorrectly Blocked by SPF?

Post by jshipp » 2018-04-27 04:21

I see now! THANK YOU so much for solving the mystery!!!

User avatar
mattg
Moderator
Moderator
Posts: 19101
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Incorrectly Blocked by SPF?

Post by mattg » 2018-04-27 04:36

No trouble, thanks for posting back

@Dravion - I think it was the A record IP address that confused me yesterday too
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply