Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] Strange log when using tarpit

2016-08-24 by Christian Pélissier

Le mardi 23 ao�t 2016 � 07:45 -0700, Bill Levering yidbill@...
[milter-greylist] a �crit :
>   
> The DKIM passing is what I\u2019m confused about also.
To be DKIM compliant a DKIM-Signature header is required and
I have no DKIM-Signature signature header in the mail. So
sender is DKIM-compliant is wrong.

> 
> The rest looks correct, but not legit.
> 
> I assume that 0.0.0.0/0 = \u2018the internet\u2019 or every server on the planet


# dig +short txt makequickmed.com
"spf2.0/pra ip4:0.0.0.0/0 ?all"
"v=spf1 ip4:0.0.0.0/0 ?all"

I think a SPF record with ip4:0.0.0.0/0 should be considered to be
the opposite what SPF is for and a such misappropriation should be
treated on the contrary as a strong indication that the sender is a
spammer and should conduct to a spf=fail result.
Same for all too permissive records as  a=.com ip4:124.0.0.0/8 an so on
(less than /16 for ipv4 should be treated as a SPF misappropriation)

For exemple here are the gmail spf

# dig +short TXT gmail.com
"v=spf1 redirect=_spf.google.com"

# dig +short TXT _spf.google.com
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com
include:_netblocks3.google.com ~all"

# dig +short TXT _netblocks.google.com
"v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20
ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16
ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20
ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"

# dig +short TXT _netblocks2.google.com
"v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36
ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36
ip6:2c0f:fb50:4000::/36 ~all"

# dig +short TXT _netblocks3.google.com
"v=spf1 ip4:172.217.0.0/19 ~all"



> Also note that the domain (no spaces) make quick med.com is flagged by
> spam assassin, so I don\u2019t know who has actually read the original
> email
> 
> Bill
> 
> > On Aug 23, 2016, at 2:17 AM, Christian P�lissier
> Christian.Pelissier@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
> > 
> > Hi,
> > 
> > I 've just configured yesterday milter-greylist 4.6.1 to use tarpit
> with
> > 
> > racl whitelist tarpit 65s <<< ACL 898
> > 
> > I don't understand the following log (many mails are same)
> > 
> > Aug 22 20:31:25 emix2 milter-greylist: u7MIV0em022983: skipping
> greylist
> > because address 80.78.253.76 matches MX record, sender is
> > DKIM-compliant, tarpit is requested, (from=<no-reply@make quick
> med.com>,
> > rcpt=<pelissier@...>, addr=vm24571.hv8.ru[80.78.253.76]) ACL
> 898
> > 
> > In this log hhe reason invoked of skipping greylist 
> > 
> > ==> 80.78.253.76 matches MX record true (but I have no such
> declaration
> > inside greylist.conf)
> > 
> > # dig +short mx make quick med.com
> > 10 mail.make quick med.com.
> > 
> > ==> sender is DKIM-compliant
> > Sender as a SPF declaration with 0.0.0.0/0 what does it mean ?
> > 
> > # dig +short txt make quick med.com
> > "spf2.0/pra ip4:0.0.0.0/0 ?all"
> > "v=spf1 ip4:0.0.0.0/0 ?all"
> > 
> > but I found no DKIM for make quick med.com
> > 
> > The timestamps 20:31:25 and later 20:32:31 show that the message is
> > effectively delayed 65s.
> > 
> > Aug 22 20:32:31 emix2 sendmail[22983]: u7MIV0em022983:
> > from=<no-reply@make quick med.com>, size=2398, class=0, nrcpts=1,
> > msgid=<0AF0BF2C4D99B704D8DD94283C75643A@make quick med.com>,
> proto=ESMTP,
> > daemon=MTA, relay=vm24571.hv8.ru [80.78.253.76]
> > Aug 22 20:32:31 emix2 sendmail[23375]: u7MIV0em022983:
> > to=<pelissier@...>, delay=00:00:00, xdelay=00:00:00,
> mailer=esmtp,
> > pri=122398, relay=onera.onera.fr. [144.204.65.4], dsn=2.0.0,
> stat=Sent
> > (u7MIWVJW013990 Message accepted for delivery)
> > 
> > The headers show :
> > 
> > Authentication-Results: emix2.onera.fr; spf=pass
> > smtp.mailfrom=no-reply@make quick med.com
> > DKIM-Filter: OpenDKIM Filter v2.10.3 emix2.onera.fr u7MIV0em022983
> > Authentication-Results: emix2.onera.fr; dkim=none <<<<<<<<<
> > 
> > X-Greylist: Sender passed DKIM test, Sender IP whitelisted by MX,
> > Message
> > whitelisted by tarpit 65s, ACL 898 matched, not delayed by
> > milter-greylist-4.6.1 (emix2.onera.fr [144.204.16.6]); Mon, 22 Aug
> 2016
> > 20:32:31 +0200 (CEST)
> > 
> > -- 
> > Christian P�lissier / 34419
> > ONERA DRI/RSC
> > BP72 92322 Chatillon CEDEX
> > 
> > 
> > 
> 
> 
> 
> 
> 

-- 
Christian P�lissier / 34419
ONERA DRI/RSC
BP72 92322 Chatillon CEDEX

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.