Re: [exim] SPF issue: acting like -all when ~all

Top Page
Delete this message
Reply to this message
Author: Sander Smeenk
Date:  
To: exim-users
Subject: Re: [exim] SPF issue: acting like -all when ~all
Quoting Jonathan Gilpin via Exim-users (exim-users@???):

> 2017-12-14 13:09:26 H=smtp1.galacsys.net [217.24.81.209]
> X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no
> F=<VillaManagement@???> rejected RCPT <jana@???>: SPF
> check failed


Even though this was already tracked back to a broken SPF-record
include, i'd like to share this piece of information on list for
those who run in to SPF-issues at a later date.

In Debian/Ubuntu like installs, you can install the 'spfquery' package,
which brings the tools from http://www.libspf2.org/ to your system.

One of which is 'spfquery.libspf2':
| $ spfquery.libspf2 -d -i 217.24.81.209 -s 'VillaManagement@???'


This spits out loads of debugging and makes tracing SPF errors much
easier, especially with all these includes including includes from
other includes....

| [ ... ]
| spf_interpret.c:1087 Debug: include/redirect: got SPF record: Could not find a valid SPF record
| --vv--
| Context: Main query
| Response result: permerror
| Response reason: none
| Response err: Could not find a valid SPF record
| StartError
| ErrorCode: (2) Could not find a valid SPF record
| Error: No DNS data for 'galacsys.net'.
| EndError
| --^^--
| StartError
| Context: Failed to query MAIL-FROM
| ErrorCode: (2) Could not find a valid SPF record
| Error: No DNS data for 'galacsys.net'.
| EndError
| permerror


It is the first thing i use when someone tells me SPF is failing...

HTH,
-Sndr.
--
| The world is so full of these wonderful things,
| i'm sure we should all be as happy as kings.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2