You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jim Hermann - UUN Hostmaster <ho...@uuism.net> on 2006/06/24 17:14:44 UTC
SPF_SOFTFAIL not working properly
How do I debug the SPF Module during SA Operations?
I have had another email marked as SPF_SOFTFAIL during the first receipt and
the From domain does not have a TXT SPF record. When I isolated the message
and ran it again, it was processed without any errors.
I suspect that there is a problem with the timeout routines in
Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When I increased the
spf_timeout to 15, I did not have any false positives.
When spf_timeout is set to 5 (default), during the initial email receipt, I
think that Mail::SPF::Query exceeds the timeout and the timeout routine does
not work properly. The timeout error causes Mail::Spamassassin::Plugin::SPF
to classify the result as SPF_SOFTFAIL without a value for $comment. The
Spamassassin Report displays the SPF_SOFTFAIL result with [SPF failed: ]
because the $comment was blank.
When the test file is run through spamassassin again, the DNS communication
responds more quickly and the test file is processed without any errors. If
a wait a few days and run the test file again, I can get spamassassin to
reproduce the same SPF_SOFTFAIL error on the first test run. Subsequent
test runs process the test file without errors.
Jim
Here are the headers:
>From xxxx@fastmail.fm Sat Jun 24 09:32:34 2006
Return-Path: <xx...@fastmail.fm>
Received: from host.uuserver.net (root@localhost)
by xxxx.com (8.12.11/8.12.11) with ESMTP id k5OBxg3c032238
for <xx...@xxxx.com>; Sat, 24 Jun 2006 07:00:02 -0500
X-ClientAddr: 66.111.4.27
Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com
[66.111.4.27])
by host.uuserver.net (8.12.11/8.12.11) with ESMTP id k5OBqWLP021609
for <xx...@xxxx.com>; Sat, 24 Jun 2006 06:53:00 -0500
Received: from frontend3.internal (frontend3.internal [10.202.2.152])
by frontend1.messagingengine.com (Postfix) with ESMTP id
2BED8D85DE7;
Sat, 24 Jun 2006 07:50:46 -0400 (EDT)
Received: from heartbeat1.messagingengine.com ([10.202.2.160])
by frontend3.internal (MEProxy); Sat, 24 Jun 2006 07:50:46 -0400
X-Sasl-enc: ATgT0Nv4Jo+WFvJ7myAgVLgA0CEeqr7KPDXi5TOdhNv2 1151149773
Received: from Timscomputer (d47-69-233-212.try.wideopenwest.com
[69.47.212.233])
by mail.messagingengine.com (Postfix) with ESMTP id 512F56008;
Sat, 24 Jun 2006 07:49:33 -0400 (EDT)
From: <xx...@fastmail.fm>
To: <xx...@xxxx.com>
Subject: FW: This is a car .. Swiss style..enjoy
Date: Sat, 24 Jun 2006 06:49:50 -0500
Message-ID: <00...@Timscomputer>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0073_01C6975A.64AB3330"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Thread-Index: AcaXHSu4jkOXsMTeSRGYxKoIMbX5wAAZv4Nw
X-UUN-MailScanner-Information: Please contact hostmaster@uuism.net
X-UUN-MailScanner: Found to be clean
X-UUN-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.964,
required 5, BAYES_40 0.70, HTML_90_100 0.11, HTML_MESSAGE 0.00,
RAZOR2_CF_RANGE_00_01 0.01, SPF_SOFTFAIL 0.14)
X-MailScanner-From: xxxx@fastmail.fm
X-Spam-Status: No
Re: SPF_SOFTFAIL not working properly
Posted by Michael Monnerie <mi...@it-management.at>.
On Samstag, 24. Juni 2006 17:14 Jim Hermann - UUN Hostmaster wrote:
> When spf_timeout is set to 5 (default), during the initial email
> receipt, I think that Mail::SPF::Query exceeds the timeout and the
> timeout routine does not work properly. The timeout error causes
> Mail::Spamassassin::Plugin::SPF to classify the result as
> SPF_SOFTFAIL without a value for $comment. The Spamassassin Report
> displays the SPF_SOFTFAIL result with [SPF failed: ] because the
> $comment was blank.
If none of the devs gives an answer here, open a bug. :-|
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
RE: SPF_SOFTFAIL not working properly
Posted by Jim Hermann - UUN Hostmaster <ho...@uuism.net>.
> > On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote:
> > > How do I debug the SPF Module during SA Operations?
> > >
> > > I have had another email marked as SPF_SOFTFAIL during the
> > first receipt and
> > > the From domain does not have a TXT SPF record. When I
> > isolated the message
> > > and ran it again, it was processed without any errors.
> > >
> > > I suspect that there is a problem with the timeout routines in
> > > Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When
> > I increased the
> > > spf_timeout to 15, I did not have any false positives.
> >
> > 5 seconds is a long time to do the DNS queries for just an
> SPF check.
> > Any time the timeout is exceeded we explicitly treat this as
> > a SOFTFAIL.
> > Perhaps we'd be better off just having no result at all.
>
> Considering that SOFTFAIL has a score, I recommend that a SPF
> timeout be
> something other than SOFTFAIL, probably the same as none. It
> needs it's own
> comment too. Users need to know what happened.
>
I changed lines 318-319 in SPF.pm to:
$result ||= 'error'; # changed from softfail to error - jwh
6/24/06
$comment ||= 'lookup failed'; # added comment for error - jwh 6/24/06
Here is the result for my test file with the timeout set to the default of 5
seconds:
[25710] dbg: spf: checking EnvelopeFrom (helo=BABY, ip=125.214.61.195,
envfrom=marileestewart@relmaxtop.com)
| relmaxtop.com new: ipv4=125.214.61.195,
sender=marileestewart@relmaxtop.com, helo=BABY
| marileestewart relmaxtop.com localpart is marileestewart
|| marileestewart relmaxtop.com DirectiveSet->new(): doing TXT query
on relmaxtop.com
|| marileestewart relmaxtop.com myquery: doing TXT query on
relmaxtop.com
[25710] dbg: spf: query for
marileestewart@relmaxtop.com/125.214.61.195/BABY: result: error, comment:
lookup failed
It works for me.
Jim
RE: SPF_SOFTFAIL not working properly
Posted by Jim Hermann - UUN Hostmaster <ho...@uuism.net>.
> On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote:
> > How do I debug the SPF Module during SA Operations?
> >
> > I have had another email marked as SPF_SOFTFAIL during the
> first receipt and
> > the From domain does not have a TXT SPF record. When I
> isolated the message
> > and ran it again, it was processed without any errors.
> >
> > I suspect that there is a problem with the timeout routines in
> > Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When
> I increased the
> > spf_timeout to 15, I did not have any false positives.
>
> 5 seconds is a long time to do the DNS queries for just an SPF check.
> Any time the timeout is exceeded we explicitly treat this as
> a SOFTFAIL.
> Perhaps we'd be better off just having no result at all.
Considering that SOFTFAIL has a score, I recommend that a SPF timeout be
something other than SOFTFAIL, probably the same as none. It needs it's own
comment too. Users need to know what happened.
Jim
Re: SPF_SOFTFAIL not working properly
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote:
> How do I debug the SPF Module during SA Operations?
>
> I have had another email marked as SPF_SOFTFAIL during the first receipt and
> the From domain does not have a TXT SPF record. When I isolated the message
> and ran it again, it was processed without any errors.
>
> I suspect that there is a problem with the timeout routines in
> Mail::SPF::Query and Mail::Spamassassin::Plugin::SPF. When I increased the
> spf_timeout to 15, I did not have any false positives.
>
> When spf_timeout is set to 5 (default), during the initial email receipt, I
> think that Mail::SPF::Query exceeds the timeout and the timeout routine does
> not work properly. The timeout error causes Mail::Spamassassin::Plugin::SPF
> to classify the result as SPF_SOFTFAIL without a value for $comment. The
> Spamassassin Report displays the SPF_SOFTFAIL result with [SPF failed: ]
> because the $comment was blank.
5 seconds is a long time to do the DNS queries for just an SPF check.
Any time the timeout is exceeded we explicitly treat this as a SOFTFAIL.
Perhaps we'd be better off just having no result at all.
my $timer = Mail::SpamAssassin::Timeout->new({ secs => $timeout });
my $err = $timer->run_and_catch(sub {
($result, $comment) = $query->result();
});
if ($err) {
chomp $err;
warn("spf: lookup failed: $err\n");
return 0;
}
$result ||= 'softfail';
$comment ||= '';
Daryl