[Rspamd-Users] SPF check fail randomly

Alexander Moisseev moiseev+rspamd-users at mezonplus.ru
Thu Oct 11 18:05:29 UTC 2018


On 11.10.18 19:34, Emanuel Gonzalez wrote:
> Hello, I create a rule to check the dkim and spf (symbol WHITELIST_SPF_DKIM), I'm seeing that for the same domain fails randomly.
> 
> no fail
> 
> 2018-10-11 13:28:43 #15513(normal) <df5453>; task; rspamd_task_write_log: id: <1624245304.24729261.1539275319084.JavaMail.oraweb at e-0000af64>, qid: <1gAdpI-0005Sj-2S>, ip: 216.33.196.187, from: <dbanega.x23gdgk at mail.mercadolibre.com>, (default: F (no action): [3.16/nan] [WHITELIST_SPF_DKIM(-3.00){mercadolibre.com;},HFILTER_URL_ONLY(2.20){1;},HTML_SHORT_LINK_IMG_1(2.00){},CTYPE_MIXED_BOGUS(1.00){},MANY_INVISIBLE_PARTS(0.70){8;},MID_RHS_NOT_FQDN(0.50){},ZERO_FONT(0.50){5;},IP_SCORE(-0.29){ip: (-0.76), ipnet: 216.33.196.0/24(-0.33), asn: 53387(-0.26), country: US(-0.09);},DMARC_POLICY_ALLOW(-0.25){mercadolibre.com;reject;},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){mercadolibre.com;},R_SPF_ALLOW(-0.20){+ip4:216.33.196.160/27;},MIME_GOOD(-0.10){multipart/mixed;multipart/related;},RCVD_NO_TLS_LAST(0.10){},ARC_NA(0.00){},ASN(0.00){asn:53387, ipnet:216.33.196.0/24, country:US;},DKIM_TRACE(0.00){mercadolibre.com:+;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MX_GOOD(0.00){cached: dc4-ironinb
>   ound03.mercadolibre.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},TAGGED_FROM(0.00){2-oge4dgmbzgazdmojy;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 32550, time: 2050.026ms real, 52.810ms virtual, dns req: 37, digest: <40e2ad9fe5d809981d14f631ea18c616>, rcpts: <gerencia.adm at camaradesalud.com.ar>, mime_rcpts: <gerencia.adm at camaradesalud.com.ar>
> 
> fail
> 
> 2018-10-11 13:28:39 #15512(normal) <1980b6>; task; rspamd_task_write_log: id: <1173728815.24641915.1539275312085.JavaMail.oraweb at e-000178a8>, qid: <1gAdpB-0005NY-0e>, ip: 216.33.196.100, from: <ecorrea.qrv499 at mail.mercadolibre.com>, (default: F (no action): [7.16/nan] [HFILTER_URL_ONLY(2.20){1;},HTML_SHORT_LINK_IMG_1(2.00){},CTYPE_MIXED_BOGUS(1.00){},RBL_MAILSPIKE_BAD(1.00){100.196.33.216.rep.mailspike.net : 127.0.0.12;},MANY_INVISIBLE_PARTS(0.70){8;},DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){},MID_RHS_NOT_FQDN(0.50){},ZERO_FONT(0.50){5;},IP_SCORE(-0.24){ip: (-0.54), ipnet: 216.33.196.0/24(-0.33), asn: 53387(-0.26), country: US(-0.09);},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){mercadolibre.com;},MIME_GOOD(-0.10){multipart/mixed;multipart/related;},RCVD_NO_TLS_LAST(0.10){},ARC_NA(0.00){},ASN(0.00){asn:53387, ipnet:216.33.196.0/24, country:US;},DKIM_TRACE(0.00){mercadolibre.com:+;},DMARC_POLICY_ALLOW(0.00){mercadolibre.com;reject;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MX_GOOD(0.
>   00){cached: dc4-ironinbound03.mercadolibre.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},R_SPF_SOFTFAIL(0.00){~all;},TAGGED_FROM(0.00){2-oge4dgmbygiztqoju;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 32179, time: 5005.738ms real, 291.142ms virtual, dns req: 32, digest: <47e7839745a920e472d382ceb19f8e72>, rcpts: <pablo.nieva78 at milleniumcomputacion.com>, mime_rcpts: <pablo.nieva78 at milleniumcomputacion.com>
> 
> Will it be a problem of server resolution?
> 
> Regards,
> 

The second mail was sent from 216.33.196.100 that is not allowed by SPF record.

# host -t TXT mail.mercadolibre.com
mail.mercadolibre.com descriptive text "v=spf1 ip4:216.35.213.224/27 ip4:64.14.124.64/26 ip4:209.225.11.64/26 ip4:200.47.54.100 ip4:216.33.196.160/27 181.30.22.186/29 ~all"

ip4:216.33.196.160/27 => Start IP:  216.33.196.160 - End IP:  216.33.196.191



More information about the Users mailing list