Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"The Computer made me do it."


computers / comp.mail.pine / Re: SPF failure messages

SubjectAuthor
* SPF failure messagesAdam H. Kerman
+- Re: SPF failure messagesJ.O. Aho
+* Re: SPF failure messagesJohn Levine
|`* Re: SPF failure messagesAdam H. Kerman
| `* Re: SPF failure messagesCarlos E.R.
|  `* Re: SPF failure messagesAdam H. Kerman
|   +* Re: SPF failure messagesCarlos E.R.
|   |`* Re: SPF failure messagesAdam H. Kerman
|   | `* Re: SPF failure messagesCarlos E.R.
|   |  `* Re: SPF failure messagesAdam H. Kerman
|   |   +* Re: SPF failure messagesJohn Levine
|   |   |`* Re: SPF failure messagesAdam H. Kerman
|   |   | `* Re: SPF failure messagesJohn Levine
|   |   |  `- Re: SPF failure messagesAdam H. Kerman
|   |   `* Re: SPF failure messagesCarlos E.R.
|   |    `* Re: SPF failure messagesJ.O. Aho
|   |     +- Re: SPF failure messagesCarlos E.R.
|   |     `* Re: SPF failure messagesAdam H. Kerman
|   |      +* Re: SPF failure messagesCarlos E.R.
|   |      |`* Re: SPF failure messagesAdam H. Kerman
|   |      | +* Re: SPF failure messagesCarlos E.R.
|   |      | |`* Re: SPF failure messagesAdam H. Kerman
|   |      | | `- Re: SPF failure messagesCarlos E.R.
|   |      | `- Re: SPF failure messagesJ.O. Aho
|   |      `* Re: SPF failure messagesJ.O. Aho
|   |       `* Re: SPF failure messagesAdam H. Kerman
|   |        `- Re: SPF failure messagesJ.O. Aho
|   `* Re: SPF failure messagesJ.O. Aho
|    `* Re: SPF failure messagesAdam H. Kerman
|     `* Re: SPF failure messagesJ.O. Aho
|      `* Re: SPF failure messagesAdam H. Kerman
|       `* Re: SPF failure messagesJ.O. Aho
|        `- Re: SPF failure messagesAdam H. Kerman
`* Re: SPF failure messagesHenning Hucke
 `* Re: SPF failure messagesAdam H. Kerman
  `* Re: SPF failure messagesHenning Hucke
   +* Re: SPF failure messagesCarlos E.R.
   |+* Re: SPF failure messagesJ.O. Aho
   ||`- Re: SPF failure messagesCarlos E.R.
   |`- Re: SPF failure messagesAdam H. Kerman
   `- Re: SPF failure messagesAdam H. Kerman

Pages:12
Re: SPF failure messages

<tr6ivm$2t9ud$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=511&group=comp.mail.pine#511

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 19:55:34 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 50
Message-ID: <tr6ivm$2t9ud$1@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <k3n236F6vd0U2@mid.individual.net> <tr69fa$2rkg7$1@dont-email.me> <29piajx9ip.ln2@Telcontar.valinor>
Injection-Date: Sun, 29 Jan 2023 19:55:34 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="1caf2c1db850228ba58e18614f75b4df";
logging-data="3057613"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/AzdMWFVlcl2nwLpJFjRtYuhEnHkYhDwE="
Cancel-Lock: sha1:n3X6qTv4DioPaPuVUrip/65ebvU=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Sun, 29 Jan 2023 19:55 UTC

Carlos E.R. <robin_listas@es.invalid> wrote:
>On 2023-01-29 18:13, Adam H. Kerman wrote:
>>J.O. Aho <user@example.net> wrote:

>>>It's about the delivering systems IP, not about what is the origin
>>>senders IP, but OP is skeptical to most told to him.

>>>As OP not posted any real information, there are just a few options:

>>I posted real information. You simply chose to call me a liar.

>Sorry, no, you did not.

>We did not see the reject email.

>And no, no one accuses you of lying.

Several of you, including you, accused me of failing to provide
information. It's quoted right there above. That's an accusion of having
committed a lie of omission. Hey, it's unmoderated Usenet. You get to
address me however you wish. But kindly don't deny what you actually
did.

The MAIL FROM domain [redacted] has an SPF record with
a hard 550-5.7.26 fail policy (-all) but it fails to
pass SPF checks with the ip [redacted]: 550-5.7.26.

That's from Gmail with numbered references to their policy document.

If you were honest, you'd own up to the fact that I did not misinterpret
that. But you're not going to do that because you'd prefer to flame me.
You then let yourself off the hook for bad behavior by denying exactly
what you've been doing.

I'm a long-time Usenet participant. I've flamed people over the years
who refuse to get it and aren't listening. I have no patience with those
types. I'm no innocent here.

But I do try not to be a hypocrite. I have, at times, owned up to being
in the wrong. I'm not wrong here. I did not misread that failure notice.

I stated that the failure notices were about SPF. It's just not possible
to misinterpret a failure notice when its plain language is read for
understanding.

You and others accused me of having a DMARC policy that I failed
to disclose. I'm not going to be able to prove a negative to your
satisfaction. If you were a decent person, you'd take my word for it
that DMARC is irrelevant to my issue, but you've clearly demonstrated
that you won't.

Re: SPF failure messages

<k3o1o3F6vcuU3@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=512&group=comp.mail.pine#512

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@example.net (J.O. Aho)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 21:03:15 +0100
Lines: 47
Message-ID: <k3o1o3F6vcuU3@mid.individual.net>
References: <tr1gi7$1rs5v$1@dont-email.me> <tr4633$2d20o$2@dont-email.me>
<9ppgajxtuq.ln2@Telcontar.valinor> <k3n236F6vd0U2@mid.individual.net>
<tr69fa$2rkg7$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net oArPTOaH1arSFoICAlLj4Aw6jrLa0kTa/yXxtqqebSg16QnJ0L
Cancel-Lock: sha1:8NTsstVvadiZe2gNR1Rp+2AG/mU=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: en-US-large
In-Reply-To: <tr69fa$2rkg7$1@dont-email.me>
 by: J.O. Aho - Sun, 29 Jan 2023 20:03 UTC

On 29/01/2023 18:13, Adam H. Kerman wrote:
> J.O. Aho <user@example.net> wrote:
>
>> It's about the delivering systems IP, not about what is the origin
>> senders IP, but OP is skeptical to most told to him.
>
>> As OP not posted any real information, there are just a few options:
>
> I posted real information. You simply chose to call me a liar.
>
>> - He send it directly from the client to the recipients mx server as
>> local sendmail
>
> I did nothing of the kind.

So what is your configuration for outgoing smtp in your alpine?

>> - He uses a mail server which ain't included in the SPF record
>
> I am doing nothing of the kind.

give us the smtp server name and the domain name that you are sending for.

>> Had he provided the bounce mail with header, then I think we could see
>> the real fault (misconfiguration of DMARC/SPF or alpine/pine).
>
> There is no DMARC policy, yet several of you chose to accuse me of lying
> about that as well.

We don't know, we have to just trust your word, then I guess there is no
issue as you said it's not the SPF that caused problem and there is no
DMARC. You need to show something or else we just second guess everything.

> Why the hell did you raise pine? Pine never had a
> roles feature. Now I'm also lying about using alpine.

This is the pine/alpine newsgroup right?
I do see you said you used alpine, but I don't always remember what you
are using and have little interest of going through everything again
when I reply in a general manner.

--

//Aho

Re: SPF failure messages

<tr6n23$2tr81$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=513&group=comp.mail.pine#513

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 21:05:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 55
Message-ID: <tr6n23$2tr81$1@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <k3n236F6vd0U2@mid.individual.net> <tr69fa$2rkg7$1@dont-email.me> <k3o1o3F6vcuU3@mid.individual.net>
Injection-Date: Sun, 29 Jan 2023 21:05:07 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="1caf2c1db850228ba58e18614f75b4df";
logging-data="3075329"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19vgdd9I3rrMtwIeBRjA6tRBx+sSR4lR4w="
Cancel-Lock: sha1:AbwqgtZyCxW70NRUzjCiuVoYju0=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Sun, 29 Jan 2023 21:05 UTC

J.O. Aho <user@example.net> wrote:
>On 29/01/2023 18:13, Adam H. Kerman wrote:
>>J.O. Aho <user@example.net> wrote:

>>>It's about the delivering systems IP, not about what is the origin
>>>senders IP, but OP is skeptical to most told to him.

>>>As OP not posted any real information, there are just a few options:

>>I posted real information. You simply chose to call me a liar.
>>>- He send it directly from the client to the recipients mx server as
>>>local sendmail

>>I did nothing of the kind.

>So what is your configuration for outgoing smtp in your alpine?

I stated what I'm doing in the root article in this thread AND
throughout any number of followups in this thread. For whatever reason,
you think I've lied and have omitted critical information.

At this point, it's clear that any answer I provide will be disbelieved.
I'm being trolled.

>>>. . .

>We don't know, we have to just trust your word, then I guess there is no
>issue as you said it's not the SPF that caused problem and there is no
>DMARC. You need to show something or else we just second guess everything.

No, dude. It doesn't work like that. I haven't forced you to second
guess anything. That's what you chose to do.

>>Why the hell did you raise pine? Pine never had a
>>roles feature. Now I'm also lying about using alpine.

>This is the pine/alpine newsgroup right?
>I do see you said you used alpine, but I don't always remember what you
>are using and have little interest of going through everything again
>when I reply in a general manner.

Your lack of interest in reading what I've written for comprehension is
your problem, not mine. The key point I made all the way back in the
root article is that I used a role to set the SMTP server for sending
messages from mailboxes in the domain with the inappropriate SPF policy.
I repeated that in any number of followups, including followups to your
articles.

You just stated that you aren't interested in what I've written, yet you
ask question after question after question to supposedly obtain
information that was provided way back in the root article of this
thread. No one being conversational would ever do such a thing.

I'm being trolled here. I am now spitting out the hook.

Re: SPF failure messages

<qd5jajxck4.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=514&group=comp.mail.pine#514

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 22:35:22 +0100
Lines: 44
Message-ID: <qd5jajxck4.ln2@Telcontar.valinor>
References: <tr1gi7$1rs5v$1@dont-email.me> <k3n236F6vd0U2@mid.individual.net>
<tr69fa$2rkg7$1@dont-email.me> <29piajx9ip.ln2@Telcontar.valinor>
<tr6ivm$2t9ud$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net sOLhHlQhDsYvNI4/pYeb9AFuQ07vmSFUx1GOohIub4ztlyRooJ
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:qjEi7Uf2DjIVoSz6uz6h6dY0tC8=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: es-ES, en-CA
In-Reply-To: <tr6ivm$2t9ud$1@dont-email.me>
 by: Carlos E.R. - Sun, 29 Jan 2023 21:35 UTC

On 2023-01-29 20:55, Adam H. Kerman wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2023-01-29 18:13, Adam H. Kerman wrote:
>>> J.O. Aho <user@example.net> wrote:
>
>>>> It's about the delivering systems IP, not about what is the origin
>>>> senders IP, but OP is skeptical to most told to him.
>
>>>> As OP not posted any real information, there are just a few options:
>
>>> I posted real information. You simply chose to call me a liar.
>
>> Sorry, no, you did not.
>
>> We did not see the reject email.
>
>> And no, no one accuses you of lying.
>
> Several of you, including you, accused me of failing to provide
> information. It's quoted right there above. That's an accusion of having
> committed a lie of omission. Hey, it's unmoderated Usenet. You get to
> address me however you wish. But kindly don't deny what you actually
> did.
>
> The MAIL FROM domain [redacted] has an SPF record with
> a hard 550-5.7.26 fail policy (-all) but it fails to
> pass SPF checks with the ip [redacted]: 550-5.7.26.

That's not enough data... And it is redacted. Fine, you want your
privacy, I understand that, but we can not do an evaluation without the
actual (full) rejection email with full headers and true IPs and names.
You must also understand that.

And the actual configuration file of Alpine is needed, too.

I understand you want your privacy, but without that actual data, it is
impossible to help you.

And no, I'm certainly not accusing you of anything. You are way to
sensitive.

--
Cheers, Carlos.

Re: SPF failure messages

<k3o8gkF6vcuU4@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=515&group=comp.mail.pine#515

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@example.net (J.O. Aho)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 22:58:44 +0100
Lines: 39
Message-ID: <k3o8gkF6vcuU4@mid.individual.net>
References: <tr1gi7$1rs5v$1@dont-email.me> <k3n236F6vd0U2@mid.individual.net>
<tr69fa$2rkg7$1@dont-email.me> <k3o1o3F6vcuU3@mid.individual.net>
<tr6n23$2tr81$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 0oqi36O9OWux4QrCaHZF5AmPlffSQdw0w6XEVS/qM7NfedavEk
Cancel-Lock: sha1:Lit0okxN0UdHGrJ8gXxQxLlChk8=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: en-US-large
In-Reply-To: <tr6n23$2tr81$1@dont-email.me>
 by: J.O. Aho - Sun, 29 Jan 2023 21:58 UTC

On 29/01/2023 22:05, Adam H. Kerman wrote:
> J.O. Aho <user@example.net> wrote:

>> This is the pine/alpine newsgroup right?
>> I do see you said you used alpine, but I don't always remember what you
>> are using and have little interest of going through everything again
>> when I reply in a general manner.
>
> Your lack of interest in reading what I've written for comprehension is
> your problem, not mine. The key point I made all the way back in the
> root article is that I used a role to set the SMTP server for sending
> messages from mailboxes in the domain with the inappropriate SPF policy.
> I repeated that in any number of followups, including followups to your
> articles.

As I pointed

> You just stated that you aren't interested in what I've written

I said I wasn't interested to reread everything again to see if you use
alpine or pine when I just made a general response to the observation
that you do not really share any information, all you done is saying you
are doing it right, no one has nothing to go on to enlighten you what
you can do to fix your issue.

> , yet you
> ask question after question after question to supposedly obtain
> information that was provided way back in the root article of this
> thread. No one being conversational would ever do such a thing.

You only claim that you done it right, then we can just say, it works as
intended and close the case or do you want help?

--
//Aho

Re: SPF failure messages

<k3oaalF6vd0U3@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=516&group=comp.mail.pine#516

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@example.net (J.O. Aho)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 23:29:41 +0100
Lines: 82
Message-ID: <k3oaalF6vd0U3@mid.individual.net>
References: <tr1gi7$1rs5v$1@dont-email.me> <k3n236F6vd0U2@mid.individual.net>
<tr69fa$2rkg7$1@dont-email.me> <29piajx9ip.ln2@Telcontar.valinor>
<tr6ivm$2t9ud$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net Yn26FQts3ZiQgmp6cGfX+QcpHFg3/zmQ4kv/IOjI8O/VroHiPS
Cancel-Lock: sha1:gCcoxgXy7PwixxZFFjTZ7kJbtZ8=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: en-US-large
In-Reply-To: <tr6ivm$2t9ud$1@dont-email.me>
 by: J.O. Aho - Sun, 29 Jan 2023 22:29 UTC

On 29/01/2023 20:55, Adam H. Kerman wrote:

> Several of you, including you, accused me of failing to provide
> information. It's quoted right there above. That's an accusion of having
> committed a lie of omission. Hey, it's unmoderated Usenet. You get to
> address me however you wish. But kindly don't deny what you actually
> did.
>
> The MAIL FROM domain [redacted] has an SPF record with
> a hard 550-5.7.26 fail policy (-all) but it fails to
> pass SPF checks with the ip [redacted]: 550-5.7.26.

we assume domain redacted = example.net
we assume ip redacted = 0.0.0.0

1. If the spf entry for example.net is "v=spf1 mx:example.net -all"

Then only MX servers for example.net are allowed to send mail, to know
whcih ones those are you can use dig, example: dig -t MX example.net

; <<>> DiG 9.18.10 <<>> -t MX example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31608
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.net. IN MX

;; ANSWER SECTION:
example.net. 3600 IN MX 10 example.com.
example.net. 3600 IN MX 10 example.org.

;; Query time: 30 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sun Jan 29 23:11:58 CET 2023
;; MSG SIZE rcvd: 149

In this case you can only send from the smtp servers on the exmaple.com
and example.org. Checking the ip, is quite simple with "host
example.com" and "host example.org" and those are most likely different
from the ip of example.net.

2. If the spf entry for example.net is "v=spf1
a:anothermachine.example.net -all"

then just do a "host anothermachine.example.net" to see the ip of the
allowed mail server for sending mail for example.net. I guess that would
in your case not be 0.0.0.0.

3. If the spf entry for example.net is "v=spf1 ip:0.0.0.1 -all"

then sending from 0.0.0.0 will never be accepted.

Sure you can combine those as you want, there is a limit on how many you
can have in a spf record (to overcome that you use includes, but over 10
layers of include will cause problems).

If things are wrongly setup, then you may have "v=spf1 mx:example.net
-all ip:0.0.0.0"
in this case it's only the MX entries for the example.net that are
allowed to send, as the -all comes before the ip:0.0.0.0 which means it
should be ignored.

My guess is that you seen the MX and think it means that exampl.net
itself can send mail, but that really depends if it's included among the
MX records for the domain or not.

This was described in the link I posted in my first reply to this thread.

--

//Aho

Re: SPF failure messages

<tr6u37$2v7fd$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=517&group=comp.mail.pine#517

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Sun, 29 Jan 2023 23:05:11 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <tr6u37$2v7fd$1@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <29piajx9ip.ln2@Telcontar.valinor> <tr6ivm$2t9ud$1@dont-email.me> <qd5jajxck4.ln2@Telcontar.valinor>
Injection-Date: Sun, 29 Jan 2023 23:05:11 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="656dbea49bbb6e33be043a1644c8361d";
logging-data="3120621"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+3BDFpxOIq0Vn0LaLBWr4YJ8tVODDSThk="
Cancel-Lock: sha1:/8TUg0YFJcvpIwqQBNZdezOiz80=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Sun, 29 Jan 2023 23:05 UTC

Carlos E.R. <robin_listas@es.invalid> wrote:
>On 2023-01-29 20:55, Adam H. Kerman wrote:
>>Carlos E.R. <robin_listas@es.invalid> wrote:
>>>On 2023-01-29 18:13, Adam H. Kerman wrote:
>>>>J.O. Aho <user@example.net> wrote:

>>>>>It's about the delivering systems IP, not about what is the origin
>>>>>senders IP, but OP is skeptical to most told to him.

>>>>>As OP not posted any real information, there are just a few options:

>>>>I posted real information. You simply chose to call me a liar.

>>>Sorry, no, you did not.

>>>We did not see the reject email.

>>>And no, no one accuses you of lying.

>>Several of you, including you, accused me of failing to provide
>>information. It's quoted right there above. That's an accusion of having
>>committed a lie of omission. Hey, it's unmoderated Usenet. You get to
>>address me however you wish. But kindly don't deny what you actually
>>did.

>> The MAIL FROM domain [redacted] has an SPF record with
>> a hard 550-5.7.26 fail policy (-all) but it fails to
>> pass SPF checks with the ip [redacted]: 550-5.7.26.

>That's not enough data... And it is redacted. Fine, you want your
>privacy, I understand that, but we can not do an evaluation without the
>actual (full) rejection email with full headers and true IPs and names.
>You must also understand that.

Did I at any point ask you to do any of that?

>. . .

Re: SPF failure messages

<tr85ef$9ik$1@sirius.aeon.icebear.cloud>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=518&group=comp.mail.pine#518

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: h_hucke+...@newsmail.aeon.icebear.org (Henning Hucke)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Mon, 30 Jan 2023 10:16:48 -0000 (UTC)
Organization: aeon: think longer than you thought before
Lines: 76
Distribution: world
Message-ID: <tr85ef$9ik$1@sirius.aeon.icebear.cloud>
References: <tr1gi7$1rs5v$1@dont-email.me>
Reply-To: Henning Hucke <h_hucke+news.reply@newsmail.aeon.icebear.org>
X-Trace: individual.net PVGUI1NpscunAI/DT4YvqwB3ICcb7T+Hfnk6c5XZJkAmtbXfE2
X-Orig-Path: news.aeon.icebear.cloud!news1.aeon.icebear.cloud!.POSTED.romulus.aeon.icebear.cloud!not-for-mail
Cancel-Lock: sha1:p31frhEsWMPEPfKLFNwQIITJRxU= sha1:DHmbCBEtL3W1bw2eg4JcC/Jn6bE=
Injection-Date: Mon, 30 Jan 2023 10:16:48 -0000 (UTC)
Injection-Info: sirius.aeon.icebear.cloud; posting-host="romulus.aeon.icebear.cloud:fd09:afca:b044:1:4ecc:6aff:fecf:5c8f";
logging-data="9812"; mail-complaints-to="abuse+news@aeon.icebear.cloud"
User-Agent: tin/2.4.1-20161224 ("Daill") (UNIX) (Linux/4.9.0-15-amd64 (x86_64))
 by: Henning Hucke - Mon, 30 Jan 2023 10:16 UTC

Adam H. Kerman <ahk@chinet.com> wrote:

Hello Adam,

> [...]
> I wonder: Am I receiving all SPF failure messages? Does the recipient
> refusing the connection per our own SPF policies take the position that
> I'm a forger and there's no way to reach the forger to point out the SPF
> restriction, and not send the failure notice?

sorry for answering this posting while having read also most of the later
postings of you and the other discussion participants.

What I understand:
- For business purposes you've got different e-mail addresses and
maildrops in use and you use the the imap servers of these different
mail providers, might it be a hoster with which your business partner
hosts his e-mail stuff, might it be directly the e-mail system of your
business partner, as well as the correcponding smtp servers.
- If you send an e-mail you use the corresponding smtp server against
which you authenticate with the corresponding credentials.
- you send your mail via port smtp (25/tcp) and *not* via port
submission (587/tcp).

Your problem is that you don't get your mails sent further by the mail
system of your business partners and you don't receive - at least not in
every case - what you call an SPF error mail.

If this is a good matching summary of your situation and your problem
state there are several flaws in that.

- It depends on the configurations of the mail systems in which cases
they take SPF informations into account.
With a e-mail hoster its quite probable that they always take SPF into
account if you send mail via smtp even if you authenticate. Then
there is AFAIK no way to overcome this and therewith to overcome your
problem.
On "private"/onprem/business systems it *should* be the case that if
you send mail via the submission port and sucessfully authenticated it
should work.
It should also work if you authenticate on the smtp port but the
probability is higher that it doesn't work to send via the smtp port
*even* if you successfully authenticate.

You have to ask your bussiness partners to get things done and get the
relevant informations. This is nothing with which anybody else can
help you.

- There is no such thing as an SPF error mail.
There are indeed delivery status messages and error messages which
contain parts of the SMTP dialogue and if the remote system states in
the rejection reply in the SMTP dialogue that the mail is rejected
because of SPF based reasons then one might name this as a "SPF error
message".
*Yes*! These messages should *all* show up in the maildrop of the
corresponding sender e-mail address / account.

All in all this suggests poorly configured setups. At least sending
e-mails for "outside" via the submission port especialy with
authentication if coming from "the outside" should work. The same
applies to the smtp port but its also valid to disbale this on the smtp
port.
Checking SPF for deliveries via the submission port is bullshit but valid
if not mandatory on the smtp port.

So taking it all together: you better should send your mails via the
submission port and your business partners and/or their mail service
providers should disbale SPF verifications for deliveries via the
submission port.

Best regards
Henning
--
Applause, n:
The echo of a platitude from the mouth of a fool.
-- Ambrose Bierce

Re: SPF failure messages

<h2lkajx2ac.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=519&group=comp.mail.pine#519

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Mon, 30 Jan 2023 12:08:33 +0100
Lines: 42
Message-ID: <h2lkajx2ac.ln2@Telcontar.valinor>
References: <tr1gi7$1rs5v$1@dont-email.me> <29piajx9ip.ln2@Telcontar.valinor>
<tr6ivm$2t9ud$1@dont-email.me> <qd5jajxck4.ln2@Telcontar.valinor>
<tr6u37$2v7fd$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net n9gcnSPhuiaee8eH+4E9bASR2Tl3pSpwEmxVhHYjXCPm9xgugW
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:KpvJ98oUVwdoJ/752tyKnLAf+hg=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: es-ES, en-CA
In-Reply-To: <tr6u37$2v7fd$1@dont-email.me>
 by: Carlos E.R. - Mon, 30 Jan 2023 11:08 UTC

On 2023-01-30 00:05, Adam H. Kerman wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2023-01-29 20:55, Adam H. Kerman wrote:
>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>> On 2023-01-29 18:13, Adam H. Kerman wrote:
>>>>> J.O. Aho <user@example.net> wrote:
>
>>>>>> It's about the delivering systems IP, not about what is the origin
>>>>>> senders IP, but OP is skeptical to most told to him.
>
>>>>>> As OP not posted any real information, there are just a few options:
>
>>>>> I posted real information. You simply chose to call me a liar.
>
>>>> Sorry, no, you did not.
>
>>>> We did not see the reject email.
>
>>>> And no, no one accuses you of lying.
>
>>> Several of you, including you, accused me of failing to provide
>>> information. It's quoted right there above. That's an accusion of having
>>> committed a lie of omission. Hey, it's unmoderated Usenet. You get to
>>> address me however you wish. But kindly don't deny what you actually
>>> did.
>
>>> The MAIL FROM domain [redacted] has an SPF record with
>>> a hard 550-5.7.26 fail policy (-all) but it fails to
>>> pass SPF checks with the ip [redacted]: 550-5.7.26.
>
>> That's not enough data... And it is redacted. Fine, you want your
>> privacy, I understand that, but we can not do an evaluation without the
>> actual (full) rejection email with full headers and true IPs and names.
>> You must also understand that.
>
> Did I at any point ask you to do any of that?

Yes.

--
Cheers, Carlos.

Re: SPF failure messages

<tr911r$3cq98$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=520&group=comp.mail.pine#520

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Mon, 30 Jan 2023 18:07:55 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 61
Message-ID: <tr911r$3cq98$1@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <tr85ef$9ik$1@sirius.aeon.icebear.cloud>
Injection-Date: Mon, 30 Jan 2023 18:07:55 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="656dbea49bbb6e33be043a1644c8361d";
logging-data="3565864"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+PJyVsL7PhwuiiWRQoT0ugpik3EYl4Fjk="
Cancel-Lock: sha1:WYo3c0w7k1V9JDDo0+RHFbOCbSk=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Mon, 30 Jan 2023 18:07 UTC

Henning Hucke <h_hucke+news.reply@newsmail.aeon.icebear.org> wrote:
>Adam H. Kerman <ahk@chinet.com> wrote:

>>[...]
>>I wonder: Am I receiving all SPF failure messages? Does the recipient
>>refusing the connection per our own SPF policies take the position that
>>I'm a forger and there's no way to reach the forger to point out the SPF
>>restriction, and not send the failure notice?

>sorry for answering this posting while having read also most of the later
>postings of you and the other discussion participants.

>What I understand:
>- For business purposes you've got different e-mail addresses and
> maildrops in use and you use the the imap servers of these different
> mail providers, might it be a hoster with which your business partner
> hosts his e-mail stuff, might it be directly the e-mail system of your
> business partner, as well as the correcponding smtp servers.

I'm not using a maildrop as the alpine documentation defines it. I have
always used IMAP, since I started using the client in the '90s, I think
since Pine 2.3. Glancing at the chronology, that makes sense since IMAP
had become mature at that point.

IMAP is not giving me any grief.

I use roles for each address I send messages from to set the SMTP
server associated with the domain.

>- If you send an e-mail you use the corresponding smtp server against
> which you authenticate with the corresponding credentials.
>- you send your mail via port smtp (25/tcp) and *not* via port
> submission (587/tcp).

A few years ago, Eduardo recommended using implicit TLS/SSL. He stated
that port 465 is the default with the use of the /ssl parameter.

I'm not using port 587 at all. I followed Eduardo's advice.

>Your problem is that you don't get your mails sent further by the mail
>system of your business partners and you don't receive - at least not in
>every case - what you call an SPF error mail.

I wasn't sure about that, which is why I asked about it. Carlos thinks
that I have been receiving the SPF failure notices.

>If this is a good matching summary of your situation and your problem
>state there are several flaws in that.

>. . .

> You have to ask your bussiness partners to get things done and get the
> relevant informations. This is nothing with which anybody else can
> help you.

Oh, I know. I don't have privileges over the DNS zone file to revise the
SPF record and I haven't persuaded the guy who does to address this.

Thanks for your thoughts.

>. . .

Re: SPF failure messages

<tradch$1or$1@sirius.aeon.icebear.cloud>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=521&group=comp.mail.pine#521

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: h_hucke+...@newsmail.aeon.icebear.org (Henning Hucke)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 06:44:33 -0000 (UTC)
Organization: aeon: think longer than you thought before
Lines: 68
Distribution: world
Message-ID: <tradch$1or$1@sirius.aeon.icebear.cloud>
References: <tr1gi7$1rs5v$1@dont-email.me> <tr85ef$9ik$1@sirius.aeon.icebear.cloud> <tr911r$3cq98$1@dont-email.me>
Reply-To: Henning Hucke <h_hucke+news.reply@newsmail.aeon.icebear.org>
X-Trace: individual.net YB1Ft+CCdUEXupSiVxdm0wcmvXwh2KqvdFYY7EsSHip4v/QUuV
X-Orig-Path: news.aeon.icebear.cloud!news1.aeon.icebear.cloud!.POSTED.romulus.aeon.icebear.cloud!not-for-mail
Cancel-Lock: sha1:9LE+z2qCz0a1vnmrYLELyaI1DQw= sha1:t6kSu9Yo03HoBzbGkLG+0ZEJw90=
Injection-Date: Tue, 31 Jan 2023 06:44:33 -0000 (UTC)
Injection-Info: sirius.aeon.icebear.cloud; posting-host="romulus.aeon.icebear.cloud:fd09:afca:b044:1:4ecc:6aff:fecf:5c8f";
logging-data="1819"; mail-complaints-to="abuse+news@aeon.icebear.cloud"
User-Agent: tin/2.4.1-20161224 ("Daill") (UNIX) (Linux/4.9.0-15-amd64 (x86_64))
 by: Henning Hucke - Tue, 31 Jan 2023 06:44 UTC

Adam H. Kerman <ahk@chinet.com> wrote:

Once again, hello Adam.

> [...]
> I'm not using a maildrop as the alpine documentation defines it. I have
> always used IMAP, since I started using the client in the '90s, I think
> since Pine 2.3. Glancing at the chronology, that makes sense since IMAP
> had become mature at that point.

Erm... You *are* using /a maildrop/ since in the end your mails are
stored somewhere so somewhere they are local and in some format in some
file. IMAP is the protocol which you use to access your maildrop(s).

> [...]
> I use roles for each address I send messages from to set the SMTP
> server associated with the domain.

Well, thats what I do too. For most of the roles I use my local mail
server but nonetheless I use roles and I use different smtp servers.

> [...]
> A few years ago, Eduardo recommended using implicit TLS/SSL. He stated
> that port 465 is the default with the use of the /ssl parameter.
>
> I'm not using port 587 at all. I followed Eduardo's advice.

I see. But its always a good idea to also make yourself your own
thoughts. Especially if it comes to smtp transmissions in contrast to
submission transmissions.
In your case its IMHO less the question whether or not you use natively
encrypted versions of a service but whether you use smtp or submission.
Deliveries of authenticated clients from anywhere shouldn't SPF checked
on the submission service while all and every delivery should be checked in
several ways on the smtp service.

> [...]
> I wasn't sure about that, which is why I asked about it. Carlos thinks
> that I have been receiving the SPF failure notices.

As I already stated there is no such thing like an SPF failure notice;
especialy if we are talking about a mail about a failure.
What I suppose is that you are talking about a message which alpine
displays which shows a/the relevant part of the smtp protocol reply of
the remote system you are using that says that it rejects your mail
because you are sending from an IP which is not mentioned in the SPF
record for the domain which you use in this case for sending your mail.

And this is totally legit since you are using the smtp service.

> [...]
> Oh, I know. I don't have privileges over the DNS zone file to revise the
> SPF record and I haven't persuaded the guy who does to address this.

Erm... I also wouldn't change my SPF records to just enable you to send
mail through my smtp service from anywhere. Instead I would enable you
to send your mail through my submission service which wouldn't check SPF
records but certainly require authentication to be allowed to use it
(from outside of my own network).

> [...]

Regards
Henning
--
Forecast, n:
A prediction of the future, based on the past, for
which the forecaster demands payment in the present.

Re: SPF failure messages

<3k8najxq44.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=522&group=comp.mail.pine#522

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 11:54:27 +0100
Lines: 28
Message-ID: <3k8najxq44.ln2@Telcontar.valinor>
References: <tr1gi7$1rs5v$1@dont-email.me>
<tr85ef$9ik$1@sirius.aeon.icebear.cloud> <tr911r$3cq98$1@dont-email.me>
<tradch$1or$1@sirius.aeon.icebear.cloud>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net XeK1R7ZcdZLnSrkSJpd7AwH1lKlZJWcquhyWpRjThaCoQJi2ae
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:ZqBi7LHriC8f820LuqbQmR3fQcY=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: es-ES, en-CA
In-Reply-To: <tradch$1or$1@sirius.aeon.icebear.cloud>
 by: Carlos E.R. - Tue, 31 Jan 2023 10:54 UTC

On 2023-01-31 07:44, Henning Hucke wrote:

....

>> [...]
>> A few years ago, Eduardo recommended using implicit TLS/SSL. He stated
>> that port 465 is the default with the use of the /ssl parameter.
>>
>> I'm not using port 587 at all. I followed Eduardo's advice.
> I see. But its always a good idea to also make yourself your own
> thoughts. Especially if it comes to smtp transmissions in contrast to
> submission transmissions.
> In your case its IMHO less the question whether or not you use natively
> encrypted versions of a service but whether you use smtp or submission.
> Deliveries of authenticated clients from anywhere shouldn't SPF checked
> on the submission service while all and every delivery should be checked in
> several ways on the smtp service.

In the example I posted, taken from an actual test email, my Alpine
passes over email to my local postfix, which passes email over to my ISP
(telefonica.net) using port 25 and authentication, which then "sends" to
gmail. And gmail checks the SPF and doesn't complain.

(context: in my country, ISPs do not block port 25, or any other port).

--
Cheers, Carlos.

Re: SPF failure messages

<k3sml8F1ne8U1@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=523&group=comp.mail.pine#523

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@example.net (J.O. Aho)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 15:24:40 +0100
Lines: 19
Message-ID: <k3sml8F1ne8U1@mid.individual.net>
References: <tr1gi7$1rs5v$1@dont-email.me>
<tr85ef$9ik$1@sirius.aeon.icebear.cloud> <tr911r$3cq98$1@dont-email.me>
<tradch$1or$1@sirius.aeon.icebear.cloud> <3k8najxq44.ln2@Telcontar.valinor>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net yQi/mqaBYdjkdLbkAEWm1wbxNEMV1ngkilT0IPSL9aKoqUrReu
Cancel-Lock: sha1:IejepVR9BzE6P3+SZYErKIDeGv0=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: en-US-large
In-Reply-To: <3k8najxq44.ln2@Telcontar.valinor>
 by: J.O. Aho - Tue, 31 Jan 2023 14:24 UTC

On 31/01/2023 11:54, Carlos E.R. wrote:

> In the example I posted, taken from an actual test email, my Alpine
> passes over email to my local postfix, which passes email over to my ISP
> (telefonica.net) using port 25 and authentication, which then "sends" to
> gmail. And gmail checks the SPF and doesn't complain.
>
> (context: in my country, ISPs do not block port 25, or any other port).

Here they do, so you are forced to use submission port, so I don't
really think so much about the issues using port 25, but I have seen a
trend where some administrators recommendation to not allow
authentication on port 25, just have it on the submission port.
I don't know how common that is, as I seldom have to use other mail
servers and current employer uses that web based mail system that a big
American company in the north west is supplying.

--
//Aho

Re: SPF failure messages

<trbh62$3svr9$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=524&group=comp.mail.pine#524

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 16:55:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 88
Message-ID: <trbh62$3svr9$1@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <tr85ef$9ik$1@sirius.aeon.icebear.cloud> <tr911r$3cq98$1@dont-email.me> <tradch$1or$1@sirius.aeon.icebear.cloud>
Injection-Date: Tue, 31 Jan 2023 16:55:31 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="0cb48aeddb6c844d61dbd194999b2eb4";
logging-data="4095849"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18rr6jGg/csx8eaq4GBZoGSqFnVxA5KKwc="
Cancel-Lock: sha1:l/itzHtVvXV/Tbv6sV90rNwOR+8=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Tue, 31 Jan 2023 16:55 UTC

Henning Hucke <h_hucke+news.reply@newsmail.aeon.icebear.org> wrote:
>Adam H. Kerman <ahk@chinet.com> wrote:

>>[...]
>>I'm not using a maildrop as the alpine documentation defines it. I have
>>always used IMAP, since I started using the client in the '90s, I think
>>since Pine 2.3. Glancing at the chronology, that makes sense since IMAP
>>had become mature at that point.

>Erm... You *are* using /a maildrop/ since in the end your mails are
>stored somewhere so somewhere they are local and in some format in some
>file. IMAP is the protocol which you use to access your maildrop(s).

From the alpine help text

What is a Mail Drop?

In some situaions it may make sense to have your
mail delivered to one folder (the Mail Drop) and then
when you want to read mail that has been delivered to
the Mail Drop folder Alpine will move it to another
destination folder. Often the Mail Drop will be a
remote folder and messages will be moved from there
to a local destination folder.

One example where this might make sense is if the
Mail Drop folder is accessible only with the POP
protocol. You could designate your POP inbox as the
Mail Drop folder and have Alpine move mail from there
to a local (on the same machine Alpine is running on)
destination folder, where you'll read it.

I do not use this feature.

>. . .

>In your case its IMHO less the question whether or not you use natively
>encrypted versions of a service but whether you use smtp or submission.
>Deliveries of authenticated clients from anywhere shouldn't SPF checked
>on the submission service while all and every delivery should be checked in
>several ways on the smtp service.

I agree with you. It would make my life easier, yes, if SPF weren't
being checked under these circumstances. Nevertheless, my legitimate
messages I send through the SMTP server associated with the domain get
rejected based on my own SPF policy which includes -all.

>>[...]
>>I wasn't sure about that, which is why I asked about it. Carlos thinks
>>that I have been receiving the SPF failure notices.

>As I already stated there is no such thing like an SPF failure notice;
>especialy if we are talking about a mail about a failure.

You are going to have to believe me on this one. I have an archive
folder in which I keep notices that state that the message was not
delivered due to failing SPF policy. If I weren't being notified, I
wouldn't have even known I was affected by this.

>What I suppose is that you are talking about a message which alpine
>displays . . .

No. I am notified in a message.

>>[...]
>>Oh, I know. I don't have privileges over the DNS zone file to revise the
>>SPF record and I haven't persuaded the guy who does to address this.

>Erm... I also wouldn't change my SPF records to just enable you to send
>mail through my smtp service from anywhere.

From anywhere? Don't be ridiculous.

From what I've read about SPF, it's intended that specific hosts be listed,
either by FQDN or IP. Obviously, I have the alpine mail client installed
on a specific host that should be listed in the SPF policy. The guy with
privileges has had his own mail rejected due to SPF policy for the same
reason. He's ignoring the problem. He stopped sending messages with the
business address on From. Instead, he uses his personal email address
to send business messages.

>Instead I would enable you to send your mail through my submission service
>which wouldn't check SPF records but certainly require authentication
>to be allowed to use it (from outside of my own network).

This is irrelevant. The MX host in the receiving network, checking our
own SPF policy, rejects the message even though I was not prevented from
sending through the SMTP server.

Re: SPF failure messages

<trbhsd$3svr9$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=525&group=comp.mail.pine#525

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ahk...@chinet.com (Adam H. Kerman)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 17:07:25 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <trbhsd$3svr9$2@dont-email.me>
References: <tr1gi7$1rs5v$1@dont-email.me> <tr911r$3cq98$1@dont-email.me> <tradch$1or$1@sirius.aeon.icebear.cloud> <3k8najxq44.ln2@Telcontar.valinor>
Injection-Date: Tue, 31 Jan 2023 17:07:25 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="0cb48aeddb6c844d61dbd194999b2eb4";
logging-data="4095849"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ovU4LKeUChTzYG+zNGvhOrWP3hkx6Ezg="
Cancel-Lock: sha1:raxsVrWPNqkyjRe5jDrb6yNOVLk=
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
 by: Adam H. Kerman - Tue, 31 Jan 2023 17:07 UTC

Carlos E.R. <robin_listas@es.invalid> wrote:

>>. . .

>In the example I posted, taken from an actual test email, my Alpine
>passes over email to my local postfix, which passes email over to my ISP
>(telefonica.net) using port 25 and authentication, which then "sends" to
>gmail. And gmail checks the SPF and doesn't complain.

>(context: in my country, ISPs do not block port 25, or any other port).

Nothing in your personal setup is applicable to my situation. There is
no authentication on port 25. That's never been its purpose.

Re: SPF failure messages

<83coajxnme.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=526&group=comp.mail.pine#526

 copy link   Newsgroups: comp.mail.pine
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: comp.mail.pine
Subject: Re: SPF failure messages
Date: Tue, 31 Jan 2023 21:59:52 +0100
Lines: 32
Message-ID: <83coajxnme.ln2@Telcontar.valinor>
References: <tr1gi7$1rs5v$1@dont-email.me>
<tr85ef$9ik$1@sirius.aeon.icebear.cloud> <tr911r$3cq98$1@dont-email.me>
<tradch$1or$1@sirius.aeon.icebear.cloud> <3k8najxq44.ln2@Telcontar.valinor>
<k3sml8F1ne8U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: individual.net jdNJRamRa1DxgkjjerD9jAoz/pF5qudile18MC9FeYqqrexOJT
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:VIsZkDd+Nc3IhinurwJf30r0dnk=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.6.1
Content-Language: es-ES, en-CA
In-Reply-To: <k3sml8F1ne8U1@mid.individual.net>
 by: Carlos E.R. - Tue, 31 Jan 2023 20:59 UTC

On 2023-01-31 15:24, J.O. Aho wrote:
> On 31/01/2023 11:54, Carlos E.R. wrote:
>
>> In the example I posted, taken from an actual test email, my Alpine
>> passes over email to my local postfix, which passes email over to my
>> ISP (telefonica.net) using port 25 and authentication, which then
>> "sends" to gmail. And gmail checks the SPF and doesn't complain.
>>
>> (context: in my country, ISPs do not block port 25, or any other port).
>
> Here they do, so you are forced to use submission port, so I don't
> really think so much about the issues using port 25, but I have seen a
> trend where some administrators recommendation to not allow
> authentication on port 25, just haveĀ  it on the submission port.
> I don't know how common that is, as I seldom have to use other mail
> servers and current employer uses that web based mail system that a big
> American company in the north west is supplying.
>

I know.

But my point is that gmail knows what server in the chain it must verify
for SPF, and which to ignore, independently of using the submission port
or not.

It is probably simple: it just checks the previous server, the one that
is pushing email to gmail. And that one is authorized.

--
Cheers, Carlos.

Pages:12
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor