I have a question concerning the spf

fakessh fakessh at fakessh.eu
Mon Aug 24 16:32:11 UTC 2009


I use bind, and I have a configuration that seems normal to me on my server

Here 
fakessh.eu.	        IN	MX	10    fakessh.eu.
fakessh.eu.	IN	TXT      "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all"

problem is when I'm trying to configure my mail server via 
check-auth at verifier.port25.com  and check-auth2 at verifier.port25.com

spf field is marked as neutral, also follows senderid as neutral

how to have the SPF OK, knowing that neutral is not really an answer

I have enclosed a return from this location check-auth2 at verifier.port25.com
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to
perform
a simple check of various sender authentication mechanisms.  It is
provided
free of charge, in the hope that it is useful to the email community.
 While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback at port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   pass
DKIM check:         pass
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  r13151.ovh.net
Source IP:      94.23.60.214
mail-from:      fakessh at fakessh.eu

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: Neutral)
ID(s) verified: smtp.mail=fakessh at fakessh.eu
DNS record(s):
    fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu
?all"
    fakessh.eu. 38400 IN MX 10 fakessh.eu.
    fakessh.eu. 38400 IN A 87.98.186.232
    fakessh.eu. 38400 IN MX 10 fakessh.eu.
    fakessh.eu. 38400 IN A 87.98.186.232

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: header.From=fakessh at fakessh.eu
DNS record(s):
    mail._domainkey.fakessh.eu. 38400 IN TXT
"k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB"

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: fakessh at fakessh.eu)
ID(s) verified: header.d=fakessh.eu
Canonicalized Headers:
    From:'20'"fakessh at fakessh.eu"'20'<fakessh at fakessh.eu>'0D''0A'
    To:'20'check-auth at verifier.port25.com,'0D''0A'
    '20'check-auth2 at verifier.port25.com'0D''0A'
    Date:'20'Mon,'20'24'20'Aug'20'2009'20'18:17:05'20'+0200'0D''0A'
    MIME-Version:'20'1.0'0D''0A'
    Content-Type:'20'text/plain;'0D''0A'
    '20''20'charset="us-ascii"'0D''0A'
    Content-Transfer-Encoding:'20'7bit'0D''0A'
    Message-Id:'20'<200908241817.06403.fakessh at fakessh.eu>'0D''0A'
   
DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple;'20'd=fakessh.eu;'20'h=from:to:date'0D''0A'
   
'09':mime-version:content-type:content-transfer-encoding:message-id;'0D''0A'
    '09''20's=mail;'20'bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;'20'b=

Canonicalized Body:
    '0D''0A'
    

DNS record(s):
    mail._domainkey.fakessh.eu. 38400 IN TXT
"k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: Neutral)
ID(s) verified: header.From=fakessh at fakessh.eu
DNS record(s):
    fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu
?all"
    fakessh.eu. 38400 IN MX 10 fakessh.eu.
    fakessh.eu. 38400 IN A 87.98.186.232
    fakessh.eu. 38400 IN MX 10 fakessh.eu.
    fakessh.eu. 38400 IN A 87.98.186.232

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result:         ham  (2.7 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 0.7 SPF_NEUTRAL            SPF: sender does not match SPF record
(neutral)
-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to
1%
                            [score: 0.0000]
 2.2 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
 1.8 MISSING_SUBJECT        Missing Subject: header
 1.4 EMPTY_MESSAGE          Message appears to have no textual parts
and no
                            Subject: text
-0.8 AWL                    AWL: From: address is in the auto
white-list

==========================================================
Explanation of the possible results (adapted from 
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the
authentication
        method has either an explicit or implicit policy which doesn't
require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was
unable
        to reach either a positive or a negative result about the
message.

"temperror"
        a temporary (recoverable) error occurred attempting to
authenticate
        the sender; either the process couldn't be completed locally,
or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final
result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be
completed
        locally, or there was a permanent failure retrieving data
required
        for the authentication.

==========================================================
Original Email
==========================================================

Return-Path: <fakessh at fakessh.eu>
Received: from r13151.ovh.net (94.23.60.214) by verifier.port25.com
(PowerMTA(TM) v3.6a1) id hiatp40hse82 for <check-auth at verifier.port25.com>;
Mon, 24 Aug 2009 12:10:50 -0400 (envelope-from <fakessh at fakessh.eu>)
Authentication-Results: verifier.port25.com smtp.mail=fakessh at fakessh.eu;
mfrom=neutral (SPF-Result: Neutral);
Authentication-Results: verifier.port25.com header.From=fakessh at fakessh.eu;
domainkeys=pass;
Authentication-Results: verifier.port25.com header.d=fakessh.eu; dkim=pass
(matches From: fakessh at fakessh.eu);
Authentication-Results: verifier.port25.com header.From=fakessh at fakessh.eu;
pra=neutral (SPF-Result: Neutral);
Received: from localhost (localhost.localdomain [127.0.0.1])
        by r13151.ovh.net (Postfix) with ESMTP id 0F93D9972;
        Mon, 24 Aug 2009 18:17:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at r13151.ovh.net
Received: from r13151.ovh.net ([127.0.0.1])
        by localhost (r13151.ovh.net [127.0.0.1]) (amavisd-new,
port 10024)
        with LMTP id GHwyD7PGOlaP; Mon, 24 Aug 2009 18:17:33 +0200
(CEST)
Received: from r13151.ovh.net (localhost.localdomain [127.0.0.1])
        by r13151.ovh.net (Postfix) with ESMTP id 0A89B1825D;
        Mon, 24 Aug 2009 18:17:33 +0200 (CEST)
Authentication-Results: r13151.ovh.net; sender-id=neutral
header.from=fakessh at fakessh.eu; spf=neutral smtp.mfrom=fakessh at fakessh.eu
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=fakessh.eu; h=from:to:date
        :mime-version:content-type:content-transfer-encoding:message-id;
         s=mail; bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;
b=A9vyWnRnZqLhwe0rp+a4
        QTYXHHjwALuLRS0lMddk9TJsE0QRO2QaTV/fS162hnEIt571OsSshPE5aUCHNPvu
        E724T5qLnghIdt/JMmXdy/jVd/kl+wnXAAxvlecGEMXrl2YmyFgTzgMy0W5BirqQ
        q2DB0shhXBPv9Fz8S9boxQc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=fakessh.eu; h=from:to:date
        :mime-version:content-type:content-transfer-encoding:message-id;
         q=dns; s=mail;
b=lqmEzfU8bkaBQJGlbgUw/IpFE3U1hZoirFnEXXKJhBjmED
        w9fFq1swTkvZ7mxeOjteajJk+85o04mOGqdQv9Ae6NrVvKmOsGmnZgvmjtM5MxFQ
        Qc7bvznxxYXJbfLuFUeoD10Gqq317UXzCYQ6h5cwSODa1GwMNeelNkRRf3FfA=
Received: from your-ab6cd29f8e (ABayonne-257-1-80-29.w92-136.abo.wanadoo.fr
[92.136.247.29])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        (Authenticated sender: fakessh at r13151.ovh.net)
        by r13151.ovh.net (Postfix) with ESMTPSA id 966BD9972;
        Mon, 24 Aug 2009 18:17:32 +0200 (CEST)
Authentication-Results: r13151.ovh.net; sender-id=neutral
header.from=fakessh at fakessh.eu; auth=pass (LOGIN); spf=neutral
smtp.mfrom=fakessh at fakessh.eu
From: "fakessh at fakessh.eu" <fakessh at fakessh.eu>
To: check-auth at verifier.port25.com,
 check-auth2 at verifier.port25.com
Date: Mon, 24 Aug 2009 18:17:05 +0200
User-Agent: KMail/1.9.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200908241817.06403.fakessh at fakessh.eu>




More information about the bind-users mailing list