Re: [exim] Help to install exim with SPF

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: SODATONOU Dodji Comlan Samuel
Data:  
Para: exim-users
Assunto: Re: [exim] Help to install exim with SPF

> exim -bh 74.125.44.152
> ...
> HELO yx-out-1718.google.com
> ...
> MAIL FROM:<example@???>
> ...
> RCPT TO:<valid@???>
> ...
> >>> processing "deny"
> >>> check hosts = !+relay_from_hosts
> >>> host in "!+relay_from_hosts"? yes (end of list)
> >>> check !authenticated = *
> >>> check spf = fail
> >>> SPF result is pass (2)
> >>> deny: condition test failed
>
> Perhaps it is causing an error without the HELO/EHLO string. I can't
> test that easily right now. It shouldn't need to be in the RCPT ACL
> either, the MAIL FROM one I think should be fine, but that's another
> thing to check.
>


We have the error "SPF result is unknown (permanent error)" during an smtp connection
via telnet session on the server.


A forgery mail sending via option bh or a smtp connection to linuxwan.net give the
following log


13:53:02  3767 SMTP>> 220 annuaire.trstech.net ESMTP Exim 4.68 Tue, 15 Jul 2008 
13:53:02 +0000
13:53:02  3767 Process 3767 is ready for new message
13:53:02  3767 smtp_setup_msg entered
13:53:20  3767 SMTP<< helo togo.togotel.net.tg
13:53:20  3767 togo.togotel.net.tg in helo_lookup_domains? no (end of list)
13:53:20  3767 sender_fullhost = (togo.togotel.net.tg) [192.168.1.14]
13:53:20  3767 sender_rcvhost = [192.168.1.14] (helo=togo.togotel.net.tg)
13:53:20  3767 set_process_info:  3767 handling incoming connection from 
(togo.togotel.net.tg) [192.168.1.14]
13:53:20  3767 SMTP>> 250 annuaire.trstech.net Hello togo.togotel.net.tg [192.168.1.14]
13:53:44  3767 SMTP<< mail from: totovi@???
13:53:44  3767 SMTP>> 250 OK
13:53:56  3767 SMTP<< rcpt to: geek@???
13:53:56  3767 using ACL "acl_check_rcpt"
13:53:56  3767 processing "accept"
13:53:56  3767 check hosts = :
13:53:56  3767 host in ":"? no (end of list)
13:53:56  3767 accept: condition test failed
13:53:56  3767 processing "deny"
13:53:56  3767 check domains = +local_domains
13:53:56  3767 annuaire.trstech.net in "annuaire.trstech.net"? yes 
(matched "annuaire.trstech.net")
13:53:56  3767 annuaire.trstech.net in "+local_domains"? yes (matched "+local_domains")
13:53:56  3767 check local_parts = ^[.] : ^.*[@%!/|]
13:53:56  3767 geek in "^[.] : ^.*[@%!/|]"? no (end of list)
13:53:56  3767 deny: condition test failed
13:53:56  3767 processing "deny"
13:53:56  3767 check domains = !+local_domains
13:53:56  3767 cached yes match for +local_domains
13:53:56  3767 cached lookup data = NULL
13:53:56  3767 annuaire.trstech.net in "!+local_domains"? no (matched "!
+local_domains" - cached)
13:53:56  3767 deny: condition test failed
13:53:56  3767 processing "accept"
13:53:56  3767 check local_parts = postmaster
13:53:56  3767 geek in "postmaster"? no (end of list)
13:53:56  3767 accept: condition test failed
13:53:56  3767 processing "require"
13:53:56  3767 check verify = sender
13:53:56  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:53:56  3767 Verifying totovi@???
13:53:56  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:53:56  3767 Considering totovi@???
13:53:56  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:53:56  3767 routing totovi@???
13:53:56  3767 --------> dnslookup router <--------
13:53:56  3767 local_part=totovi domain=linuxwan.net
13:53:56  3767 checking domains
13:53:56  3767 linuxwan.net in "annuaire.trstech.net"? no (end of list)
13:53:56  3767 linuxwan.net in "! +local_domains"? yes (end of list)
13:53:56  3767 calling dnslookup router
13:53:56  3767 dnslookup router called for totovi@???
13:53:56  3767   domain = linuxwan.net
13:54:05  3767 DNS lookup of linuxwan.net (MX) succeeded
13:54:06  3767 DNS lookup of mail.linuxwan.net (A) succeeded
13:54:06  3767 218.214.45.165 in "0.0.0.0 : 127.0.0.0/8"? no (end of list)
13:54:06  3767 Actual local interface address is 127.0.0.1 (lo)
13:54:06  3767 Actual local interface address is 192.168.1.10 (eth0)
13:54:06  3767 fully qualified name = linuxwan.net
13:54:06  3767 host_find_bydns yield = HOST_FOUND (2); returned hosts:
13:54:06  3767   mail.linuxwan.net 218.214.45.165 MX=10
13:54:06  3767 set transport remote_smtp
13:54:06  3767 queued for remote_smtp transport: local_part = totovi
13:54:06  3767 domain = linuxwan.net
13:54:06  3767   errors_to=NULL
13:54:06  3767   domain_data=NULL localpart_data=NULL
13:54:06  3767 routed by dnslookup router
13:54:06  3767   envelope to: totovi@???
13:54:06  3767   transport: remote_smtp
13:54:06  3767   host mail.linuxwan.net [218.214.45.165] MX=10
13:54:06  3767 ----------- end verify ------------
13:54:06  3767 sender totovi@??? verified ok
13:54:06  3767 require: condition test succeeded
13:54:06  3767 processing "accept"
13:54:06  3767 check hosts = +relay_from_hosts
13:54:06  3767 host in "127.0.0.1"? no (end of list)
13:54:06  3767 host in "+relay_from_hosts"? no (end of list)
13:54:06  3767 accept: condition test failed
13:54:06  3767 processing "accept"
13:54:06  3767 check authenticated = *
13:54:06  3767 accept: condition test failed
13:54:06  3767 processing "require"
13:54:06  3767 check domains = +local_domains : +relay_to_domains
13:54:06  3767 cached yes match for +local_domains
13:54:06  3767 cached lookup data = NULL
13:54:06  3767 annuaire.trstech.net in "+local_domains : +relay_to_domains"? yes 
(matched "+local_domains" - cached)
13:54:06  3767 require: condition test succeeded
13:54:06  3767 processing "require"
13:54:06  3767 check verify = recipient
13:54:06  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:54:06  3767 Verifying geek@???
13:54:06  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:54:06  3767 Considering geek@???
13:54:06  3767 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
13:54:06  3767 routing geek@???
13:54:06  3767 --------> dnslookup router <--------
13:54:06  3767 local_part=geek domain=annuaire.trstech.net
13:54:06  3767 checking domains
13:54:06  3767 cached yes match for +local_domains
13:54:06  3767 cached lookup data = NULL
13:54:06  3767 annuaire.trstech.net in "! +local_domains"? no (matched "! 
+local_domains" - cached)
13:54:06  3767 dnslookup router skipped: domains mismatch
13:54:06  3767 --------> system_aliases router <--------
13:54:06  3767 local_part=geek domain=annuaire.trstech.net
13:54:06  3767 calling system_aliases router
13:54:06  3767 rda_interpret (string): ${lookup{$local_part}lsearch{/etc/aliases}}
13:54:06  3767 expanding: $local_part
13:54:06  3767    result: geek
13:54:06  3767 expanding: /etc/aliases
13:54:06  3767    result: /etc/aliases
13:54:06  3767 search_open: lsearch "/etc/aliases"
13:54:06  3767 search_find: file="/etc/aliases"
13:54:06  3767   key="geek" partial=-1 affix=NULL starflags=0
13:54:06  3767 LRU list:
13:54:06  3767   :/etc/aliases
13:54:06  3767   End
13:54:06  3767 internal_search_find: file="/etc/aliases"
13:54:06  3767   type=lsearch key="geek"
13:54:06  3767 file lookup required for geek
13:54:06  3767   in /etc/aliases
13:54:06  3767 lookup failed
13:54:06  3767 expanding: ${lookup{$local_part}lsearch{/etc/aliases}}
13:54:06  3767    result:
13:54:06  3767 expanded:
13:54:06  3767 file is not a filter file
13:54:06  3767 parse_forward_list:
13:54:06  3767 system_aliases router declined for geek@???
13:54:06  3767 --------> userforward router <--------
13:54:06  3767 local_part=geek domain=annuaire.trstech.net
13:54:06  3767 userforward router skipped: verify 2 0 0
13:54:06  3767 --------> localuser router <--------
13:54:06  3767 local_part=geek domain=annuaire.trstech.net
13:54:06  3767 checking for local user
13:54:06  3767 seeking password data for user "geek": cache not available
13:54:06  3767 getpwnam() succeeded uid=500 gid=500
13:54:06  3767 calling localuser router
13:54:06  3767 localuser router called for geek@???
13:54:06  3767   domain = annuaire.trstech.net
13:54:06  3767 set transport local_delivery
13:54:06  3767 queued for local_delivery transport: local_part = geek
13:54:06  3767 domain = annuaire.trstech.net
13:54:06  3767   errors_to=NULL
13:54:06  3767   domain_data=NULL localpart_data=NULL
13:54:06  3767 routed by localuser router
13:54:06  3767   envelope to: geek@???
13:54:06  3767   transport: local_delivery
13:54:06  3767 ----------- end verify ------------
13:54:06  3767 require: condition test succeeded
13:54:06  3767 processing "deny"
13:54:06  3767 check spf = fail
13:54:25  3767 SPF result is fail (3)
13:54:25  3767 expanding: $sender_host_address is not allowed to send mail from 
$sender_address_domain. Message blocked - Please check settings
13:54:25  3767    result: 192.168.1.14 is not allowed to send mail from linuxwan.net. 
Message blocked - Please check settings
13:54:25  3767 deny: condition test succeeded
13:54:25  3767 SMTP>> 550-192.168.1.14 is not allowed to send mail from linuxwan.net. 
Message blocked
13:54:25  3767 SMTP>> 550 - Please check settings


After this test we can say that our installation of exim with spf support is good.


All this confirm that the HELO/EHLO string is very important during exim vs SPF test.


Thanks all for your helps


--sam

--
TRS - Technologies Reseaux & Solutions (http://www.trstech.net)