On 07/05/2020 23:34, Sebastian Nielsen via Exim-users wrote:
> I got the following weird SPF rejection in my logs (im using the built-in
> SPF handler in exim):
>
> 2020-05-07 11:14:35 H=mxcluster2.lansforsakringar.se [194.16.160.133]
> X=TLS1.2:ECDHE_SECP521R1__RSA_SHA512__AES_256_GCM:256 CV=no rejected MAIL
> <noreply@???>: SPF check failed: sebbe.eu: domain of
> lansforsakringar.se does not designate 194.16.160.133 as permitted sender
Running a query for that under the testsuite, and with debug, it seems
to pass:
╭considering: ${lookup {noreply@???} spf {194.16.160.133}}
╭considering: noreply@???} spf {194.16.160.133}}
├──expanding: noreply@???
╰─────result: noreply@???
╭considering: 194.16.160.133}}
├──expanding: 194.16.160.133
╰─────result: 194.16.160.133
search_open: spf "194.16.160.133"
spf_compile.c:523 Debug: Parsing macro starting at Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
spf_compile.c:1210 Debug: Compiling record v=spf1
search_find: file="194.16.160.133"
key="noreply@???" partial=-1 affix=NULL starflags=0 opts=NULL
LRU list:
internal_search_find: file="194.16.160.133"
type=spf key="noreply@???" opts=NULL
file lookup required for noreply@???
in 194.16.160.133
spf_dns.c:52 Debug: DNS[cache] lookup: lansforsakringar.se SPF (99)
spf_dns.c:52 Debug: DNS[exim] lookup: lansforsakringar.se SPF (99)
spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: SPF (99)
spf_dns.c:70 Debug: TTL: 0 RR found: 0 herrno: 4 source: exim
spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: SPF (99)
spf_dns.c:70 Debug: TTL: 0 RR found: 0 herrno: 4 source: exim
spf_server.c:370 Debug: get_record(lansforsakringar.se): NO_DATA
spf_dns.c:52 Debug: DNS[cache] lookup: lansforsakringar.se TXT (16)
spf_dns.c:52 Debug: DNS[exim] lookup: lansforsakringar.se TXT (16)
DNS lookup of lansforsakringar.se (TXT) using fakens
fresh-exec forking for fakens-search
postfork: fakens-search
fresh-exec forked for fakens-search: 176697
fakens returned PASS_ON
passing lansforsakringar.se on to res_search()
DNS lookup of lansforsakringar.se (TXT) succeeded
spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: TXT (16)
spf_dns.c:70 Debug: TTL: 3377 RR found: 1 herrno: 0 source: exim
spf_dns.c:94 Debug: - TXT: v=spf1 mx -all
spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: TXT (16)
spf_dns.c:70 Debug: TTL: 3377 RR found: 1 herrno: 0 source: exim
spf_dns.c:94 Debug: - TXT: v=spf1 mx -all
spf_server.c:412 Debug: get_record(lansforsakringar.se): NETDB_SUCCESS
spf_server.c:457 Debug: found SPF record: v=spf1 mx -all
spf_compile.c:1210 Debug: Compiling record v=spf1 mx -all
spf_compile.c:1314 Debug: Name starts at mx -all
spf_compile.c:1407 Debug: Adding mechanism type 2
spf_compile.c:846 Debug: SPF_c_mech_add: type=2, value= -all
spf_compile.c:1314 Debug: Name starts at all
spf_compile.c:1407 Debug: Adding mechanism type 8
spf_compile.c:846 Debug: SPF_c_mech_add: type=8, value=
spf_dns.c:52 Debug: DNS[cache] lookup: lansforsakringar.se MX (15)
spf_dns.c:52 Debug: DNS[exim] lookup: lansforsakringar.se MX (15)
DNS lookup of lansforsakringar.se (MX) using fakens
fresh-exec forking for fakens-search
postfork: fakens-search
fresh-exec forked for fakens-search: 176698
fakens returned PASS_ON
passing lansforsakringar.se on to res_search()
DNS lookup of lansforsakringar.se (MX) succeeded
spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: MX (15)
spf_dns.c:70 Debug: TTL: 3377 RR found: 4 herrno: 0 source: exim
spf_dns.c:90 Debug: - MX: mxcluster2.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster1.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster4.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster3.lansforsakringar.se
spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:67 Debug: DOMAIN: lansforsakringar.se TYPE: MX (15)
spf_dns.c:70 Debug: TTL: 3377 RR found: 4 herrno: 0 source: exim
spf_dns.c:90 Debug: - MX: mxcluster2.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster1.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster4.lansforsakringar.se
spf_dns.c:90 Debug: - MX: mxcluster3.lansforsakringar.se
spf_interpret.c:823 Debug: found 4 MX records for lansforsakringar.se (herrno: 0)
spf_dns.c:52 Debug: DNS[cache] lookup: mxcluster2.lansforsakringar.se A (1)
spf_dns.c:52 Debug: DNS[exim] lookup: mxcluster2.lansforsakringar.se A (1)
DNS lookup of mxcluster2.lansforsakringar.se (A) using fakens
fresh-exec forking for fakens-search
postfork: fakens-search
fresh-exec forked for fakens-search: 176699
fakens returned PASS_ON
passing mxcluster2.lansforsakringar.se on to res_search()
DNS lookup of mxcluster2.lansforsakringar.se (A) succeeded
spf_dns.c:66 Debug: DNS[exim] found record
spf_dns.c:67 Debug: DOMAIN: mxcluster2.lansforsakringar.se TYPE: A (1)
spf_dns.c:70 Debug: TTL: 3378 RR found: 1 herrno: 0 source: exim
spf_dns.c:80 Debug: - A: 194.16.160.133
spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:67 Debug: DOMAIN: mxcluster2.lansforsakringar.se TYPE: A (1)
spf_dns.c:70 Debug: TTL: 3378 RR found: 1 herrno: 0 source: exim
spf_dns.c:80 Debug: - A: 194.16.160.133
spf_interpret.c:854 Debug: 0: found 1 A records for mxcluster2.lansforsakringar.se (herrno: 0)
spf_interpret.c:489 Debug: ip_match: 194.16.160.133 == 194.16.160.133 (/32 255.255.255.255): 1
(no errors)
lookup yielded: pass
├──expanding: ${lookup {noreply@???} spf {194.16.160.133}}
╰─────result: pass
pass
How does the equivalent debug look on your system? If it is materially different,
how?
$ exim -d-all+expand+lookup+dns -be '${lookup {noreply@???} spf {194.16.160.133}}'
--
Cheers,
Jeremy
