Results 1 to 3 of 3

Thread: SPF_FAIL but shouldn't!

  1. #1
    maxxer's Avatar
    maxxer is offline Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default SPF_FAIL but shouldn't!

    Hi.
    I enabled SPF spam check on my zimbra server since long time, following the wiki article.
    It always worked great, but lately I get a lot of false positives, like a mail from italian Groupon was marked as spam [agreed that could be legitimate ].

    BTW I checked this mail:
    [...]
    Received: from pop3.mydomain.it [62.149.128.164]
    by quaglia.mydomain.it with POP3 (fetchmail-6.3.9-rc2)
    for <me@mydomain.it> (single-drop); Fri, 08 Jun 2012 13:10:52 +0200 (CEST)
    Received: (qmail 6935 invoked by uid 89); 8 Jun 2012 11:10:04 -0000
    Received: from unknown (HELO mxcmd05.ad.aruba.it) (10.10.10.72)
    by mxavas2.ad.aruba.it with SMTP; 8 Jun 2012 11:10:04 -0000
    Received: from mx27.group.fagms.net ([62.27.57.27])
    by mxcmd05.ad.aruba.it with bizsmtp
    id KnA41j00D0bEUie01nA4FN; Fri, 08 Jun 2012 13:10:04 +0200
    X-CSA-Complaints: whitelist-complaints@eco.de
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=news.groupon.it;
    b=jgtXdGGXZRQbOtrMbEc2/noNdrdVVDWdgdcICxVQHfJ5ChtZ0iDAOpw5Ie2BokQiwgV9c+M KTuwTJiJtjvnTJWpyXw3MtSlVf2ACn1wIWSM60j/ql1B9j4STAUteHDZFCCfjNDmuwPO+7+1n3kuzABW0lzHjQBP46 ZZcmAfrw/c=;
    h=X-EMID:X-EMMAIL:From:Reply-To:To:Subject:Content-Type:Message-Id:MIME-Versionate;
    X-EMID: 0AA030C0KEK1U54VM03R3K101DOBA6D
    From: "Groupon" <info@news.groupon.it>
    Reply-To: "Groupon" <info-EMID0AA030C0KEK1U54VM03R3K101DOBA6D@news.groupon.i t>
    To: me@mydomain.it
    Subject: [SPAM]Offerte in famiglia: aria di casa, viaggi e divertimento
    So I checked SPF records for news.groupon.it, and the result is:
    Code:
    Prefix	Type	Value	PrefixDesc	Description
    +	ip4	62.27.57.0/24	Pass	Match if IP is in the given range
    +	ip4	62.27.38.0/24	Pass	Match if IP is in the given range
    -	all		Fail	Always matches. It goes at the end of your record.
    but the first row matches the first Received line! So why is the mail marked SPF_FAIL?
    X-Spam-Status: Yes, score=10.152 tagged_above=-10 required=5
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001,
    RCVD_IN_BL_SPAMCOP_NET=1.347, RDNS_NONE=0.793, SPF_FAIL=10,
    T_FRT_POSSIBLE=0.01] autolearn=no
    I know I can lower the value of SPF_FAIL, but honestly I'd like to understand WHY it fails.

    I'm using Zimbra 7.1.4 on Ubuntu 10.04, using libmail-spf-query-perl 1:1.999.1-3.
    Thanks!
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    I don't know where you're getting those results from but the following sites show no SPF records for that server (62.27.57.27) or groupon.it:

    Beveridge Hosting DNS Lookup
    SPF Query Tool

    Code:
    dig groupon.it txt
    
    ; <<>> DiG 9.8.1-P1 <<>> groupon.it txt
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63024
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;groupon.it.                    IN      TXT
    
    ;; ANSWER SECTION:
    groupon.it.             300     IN      TXT     "google-site-verification=VmP9ndnjWFOVDnlQAfDMf3CTY16PG5elGBuoZhT1fUc"
    groupon.it.             300     IN      TXT     "google-site-verification:65PikelVlQAXl6U9sSYhGn7l5Xt6Ume36-Cz8qwVHvg"
    
    ;; Query time: 98 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Fri Jun  8 16:21:02 2012
    ;; MSG SIZE  rcvd: 190
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    maxxer's Avatar
    maxxer is offline Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default

    Code:
    dig news.groupon.it txt
    the mail comes from news.groupon.it not groupon.it
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. High rate of SPF_FAIL lately
    By maxxer in forum Users
    Replies: 0
    Last Post: 02-28-2012, 05:28 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •