Incorrectly Blocked by SPF?
Incorrectly Blocked by SPF?
mxtoolbox says my SPF record passes for the IP/domain combination (67.14.194.186 / ouachitacounty.org)
but hMailServer 5.6.8 is flagging it as spam. The issue also existed in 5.6.6.
Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Tue, 24 Apr 2018 21:45:27 -0500
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Tue, 24 Apr 2018 21:45:28 -0500
Message-ID: <D39D8B531CDC425F8BB5FDE846CCBE96@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test3
Date: Tue, 24 Apr 2018 21:45:28 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_001D_01D3DC15.8FB0D0F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-2: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5
"DEBUG" 3664 "2018-04-24 21:45:26.918" "Creating session 16936"
"DEBUG" 3664 "2018-04-24 21:45:26.919" "TCP connection started for session 16935"
"SMTPD" 3664 16935 "2018-04-24 21:45:26.919" "67.14.194.186" "SENT: 220 mail.******.com ESMTP"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "RECEIVED: STARTTLS"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "SENT: 220 Ready to start TLS"
"DEBUG" 3708 "2018-04-24 21:45:27.019" "Performing SSL/TLS handshake for session 16935. Verify certificate: False"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.242" "67.14.194.186" "RECEIVED: MAIL FROM:<spf@ouachitacounty.org>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.244" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.291" "67.14.194.186" "RECEIVED: RCPT TO:<spf@*****.com>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.293" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "RECEIVED: DATA"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "SENT: 354 OK, send."
"DEBUG" 3692 "2018-04-24 21:45:27.628" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:27.628" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:30.181" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 3208 "2018-04-24 21:45:30.197" "Spam test: SpamTestMXRecords, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Spam test: SpamTestSPF, Score: 3"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Total spam score: 5"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Spam test: SpamTestDKIM, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Total spam score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3208 "2018-04-24 21:45:30.334" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 3208 16935 "2018-04-24 21:45:30.334" "67.14.194.186" "SENT: 250 Queued (2.976 seconds)"
"DEBUG" 3488 "2018-04-24 21:45:30.335" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Delivering message..."
"APPLICATION" 3528 "2018-04-24 21:45:30.335" "SMTPDeliverer - Message 17769: Delivering message from spf@ouachitacounty.org to spf@******.com. File: C:\Program Files (x86)\hMailServer\Data\{646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Performing local delivery"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.337" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.338" "Local delivery completed"
"APPLICATION" 3528 "2018-04-24 21:45:30.338" "SMTPDeliverer - Message 17769: Message delivery thread completed."
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "RECEIVED: QUIT"
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "SENT: 221 goodbye"
"DEBUG" 3692 "2018-04-24 21:45:30.380" "Ending session 16935"
but hMailServer 5.6.8 is flagging it as spam. The issue also existed in 5.6.6.
Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Tue, 24 Apr 2018 21:45:27 -0500
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Tue, 24 Apr 2018 21:45:28 -0500
Message-ID: <D39D8B531CDC425F8BB5FDE846CCBE96@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test3
Date: Tue, 24 Apr 2018 21:45:28 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_001D_01D3DC15.8FB0D0F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-2: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5
"DEBUG" 3664 "2018-04-24 21:45:26.918" "Creating session 16936"
"DEBUG" 3664 "2018-04-24 21:45:26.919" "TCP connection started for session 16935"
"SMTPD" 3664 16935 "2018-04-24 21:45:26.919" "67.14.194.186" "SENT: 220 mail.******.com ESMTP"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:26.974" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "RECEIVED: STARTTLS"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.018" "67.14.194.186" "SENT: 220 Ready to start TLS"
"DEBUG" 3708 "2018-04-24 21:45:27.019" "Performing SSL/TLS handshake for session 16935. Verify certificate: False"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "RECEIVED: EHLO ip.ouachitacounty.org"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.196" "67.14.194.186" "SENT: 250-mail.******.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.242" "67.14.194.186" "RECEIVED: MAIL FROM:<spf@ouachitacounty.org>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.244" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.291" "67.14.194.186" "RECEIVED: RCPT TO:<spf@*****.com>"
"SMTPD" 3692 16935 "2018-04-24 21:45:27.293" "67.14.194.186" "SENT: 250 OK"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "RECEIVED: DATA"
"SMTPD" 3708 16935 "2018-04-24 21:45:27.339" "67.14.194.186" "SENT: 354 OK, send."
"DEBUG" 3692 "2018-04-24 21:45:27.628" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:27.628" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3208 "2018-04-24 21:45:30.181" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 3208 "2018-04-24 21:45:30.197" "Spam test: SpamTestMXRecords, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Spam test: SpamTestSPF, Score: 3"
"DEBUG" 3208 "2018-04-24 21:45:30.331" "Total spam score: 5"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Spam test: SpamTestDKIM, Score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Total spam score: 0"
"DEBUG" 3208 "2018-04-24 21:45:30.332" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3208 "2018-04-24 21:45:30.334" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 3208 16935 "2018-04-24 21:45:30.334" "67.14.194.186" "SENT: 250 Queued (2.976 seconds)"
"DEBUG" 3488 "2018-04-24 21:45:30.335" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Delivering message..."
"APPLICATION" 3528 "2018-04-24 21:45:30.335" "SMTPDeliverer - Message 17769: Delivering message from spf@ouachitacounty.org to spf@******.com. File: C:\Program Files (x86)\hMailServer\Data\{646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.335" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Performing local delivery"
"DEBUG" 3528 "2018-04-24 21:45:30.336" "Applying rules"
"DEBUG" 3528 "2018-04-24 21:45:30.337" "Saving message: {646F0D20-FA96-4A5E-81D8-4F280FD1F87D}.eml"
"DEBUG" 3528 "2018-04-24 21:45:30.338" "Local delivery completed"
"APPLICATION" 3528 "2018-04-24 21:45:30.338" "SMTPDeliverer - Message 17769: Message delivery thread completed."
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "RECEIVED: QUIT"
"SMTPD" 3668 16935 "2018-04-24 21:45:30.379" "67.14.194.186" "SENT: 221 goodbye"
"DEBUG" 3692 "2018-04-24 21:45:30.380" "Ending session 16935"
Re: Incorrectly Blocked by SPF?
I think that is correctly blocked
Your spf says "v=spf1 mx -all"
Your mx record points to
mail.ouachitacounty.org. 3600 CNAME ip.ouachitacounty.org.
And then ip.... points to
ip.ouachitacounty.org. 1800 A 67.14.194.186
From what I can see your sending IP doesn't match your mx record, and you have spf set to -all (hard fail)
What have I missed?
Your spf says "v=spf1 mx -all"
Your mx record points to
mail.ouachitacounty.org. 3600 CNAME ip.ouachitacounty.org.
And then ip.... points to
ip.ouachitacounty.org. 1800 A 67.14.194.186
From what I can see your sending IP doesn't match your mx record, and you have spf set to -all (hard fail)
What have I missed?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Incorrectly Blocked by SPF?
Are you saying that 67.14.194.186 is not my sending IP,
or that the sender can't have a MX record that points to a CNAME?
or that the sender can't have a MX record that points to a CNAME?
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Incorrectly Blocked by SPF?
This is definitely against RFC and if you have it as such may well be causing you problems. Mx records must have their own A record and not be CNAME.[MX record that points to a CNAME?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Incorrectly Blocked by SPF?
ok I changed ouachitacounty.org's MX record to point directly to their A record.
I also added the IP to the SPF record.
hMailServer is still failing the SPF test.
Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Thu, 26 Apr 2018 07:34:37 -0500
dkim-signature: v=1; a=rsa-sha256; d=ouachitacounty.org; s=dkim-oc; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=xWDBWcs1Pyig7yIEPTKwZYFvKd8NLZkBwiFVysOTK0w=;
b=IOOr6UGctiInWSZNRxDhJALZk9UbkIoMJwLtxgYUYh2SFyPH+mtzm2Z3Hx5zHv2bWjFpwrXYdhNOZpiKKG5/7hdUMyzbdJY97/Bv8KSqwxXYjUs6yXQ63X0jg/wEc5WauI93Q7a5O5Ui2HKb7tke08fWg/qmhSBpiNv0SvOJhbM=
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Thu, 26 Apr 2018 07:34:40 -0500
Message-ID: <2316F616BF3B41E283C8231C7DFF6674@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test
Date: Thu, 26 Apr 2018 07:34:39 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01D3DD31.0886E2F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-3: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5
I also added the IP to the SPF record.
hMailServer is still failing the SPF test.
Return-Path: spf@ouachitacounty.org
Received: from ip.ouachitacounty.org (67-14-194-186.static.sat-co.net [67.14.194.186])
by mail.******.com with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Thu, 26 Apr 2018 07:34:37 -0500
dkim-signature: v=1; a=rsa-sha256; d=ouachitacounty.org; s=dkim-oc; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=xWDBWcs1Pyig7yIEPTKwZYFvKd8NLZkBwiFVysOTK0w=;
b=IOOr6UGctiInWSZNRxDhJALZk9UbkIoMJwLtxgYUYh2SFyPH+mtzm2Z3Hx5zHv2bWjFpwrXYdhNOZpiKKG5/7hdUMyzbdJY97/Bv8KSqwxXYjUs6yXQ63X0jg/wEc5WauI93Q7a5O5Ui2HKb7tke08fWg/qmhSBpiNv0SvOJhbM=
Received: from SERVER1 (SERVER1.ouachita2 [127.0.0.1]) by ip.ouachitacounty.org with
ESMTPA ; Thu, 26 Apr 2018 07:34:40 -0500
Message-ID: <2316F616BF3B41E283C8231C7DFF6674@ouachita2>
From: "SPF" <spf@ouachitacounty.org>
To: <spf@******.com>
Subject: [SPAM] test
Date: Thu, 26 Apr 2018 07:34:39 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01D3DD31.0886E2F0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-hMailServer-Spam: YES
X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-3: Blocked by SPF () - (Score: 3)
X-hMailServer-Reason-Score: 5
Re: Incorrectly Blocked by SPF?
If you open a command prompt ON THE MACHINE with hMailsevrer installed and type
'nslookup -type=txt ouachitacounty.org' without the quotes, what is the response?
'nslookup -type=txt ouachitacounty.org' without the quotes, what is the response?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Incorrectly Blocked by SPF?
Host resolves to:
ouachitacounty.org 184.168.221.26
Your SPF Record points to
"v=spf1 mx ip4:67.14.194.186 -all"
which is wrong, your SPF needs to point to 184.168.221.26
ouachitacounty.org 184.168.221.26
Your SPF Record points to
"v=spf1 mx ip4:67.14.194.186 -all"
which is wrong, your SPF needs to point to 184.168.221.26
Re: Incorrectly Blocked by SPF?
Server: dns.quad9.net
Address: 9.9.9.9
Non-authoritative answer:
ouachitacounty.org text =
"v=spf1 mx ip4:67.14.194.186 -all"
Re: Incorrectly Blocked by SPF?
184.168.221.26 is the A record isn't it?
And that's not where the mail is coming from, why should that be in the spf record?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Incorrectly Blocked by SPF?
Yes, the A record points to 184.168.221.26 but the MX record points to 67.14.194.186, and since my SPF record contains "mx" then it should match and hMailServer shouldn't flag it as spam, right? Yahoo's SPF system does not flag it as spam.
Also, my mail doesn't come from 184.168.221.26, it comes from 67.14.194.186.
Re: Incorrectly Blocked by SPF?
That looks correct to me
There is something we are missing, perhaps an incoming relay...
run this please and post the results >> viewtopic.php?f=20&t=30914
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Incorrectly Blocked by SPF?
YES!! There is an incoming relay range that includes the IP of the sender. Why would this matter? What if the sender was also one of my backup MX servers?
Re: Incorrectly Blocked by SPF?
So hMailserver sees the IP address in the received header that matches the address in the incoming relay and ignores that header completely, looks for the next 'received' header and sees the LAN ip address of Server1, which doesn't match the the SPF record and fails the mail....
If that server is also a backup mx for you, then to me the obvious path is that you whitelist that sender's domain. I'm guessing that you trust them to not spam you?
If that server is also a backup mx for you, then to me the obvious path is that you whitelist that sender's domain. I'm guessing that you trust them to not spam you?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Incorrectly Blocked by SPF?
I see now! THANK YOU so much for solving the mystery!!!
Re: Incorrectly Blocked by SPF?
No trouble, thanks for posting back
@Dravion - I think it was the A record IP address that confused me yesterday too
@Dravion - I think it was the A record IP address that confused me yesterday too
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation