This is the mail system at host mail2.rollernet.us.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<abuse[at]x>: host mta1.borgnet.us[71.32.15.193] said: 550 5.7.1 Rejected due to SPF policy for sender sgrayban[at]rollermail.us (in reply to end of DATA command)
Bounced emails from Mail Boxes accounts
Moderator: Moderators
Bounced emails from Mail Boxes accounts
I'm getting bounced emails being sent from my "Mail Boxes" account.
-- Scott
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Headers from sent email.....
Looks like "smtpauth.rollernet.us" is throwing out its "localhost" as the real domain with the IP 127.0.0.1. That's what I see when I look at the headers which is what SPF is rejecting on.Received: from mail2.rollernet.us (localhost [127.0.0.1])
by mail2.rollernet.us (Postfix) with ESMTP id 69F1C304C472
for <abuse[at]borgnet.us>; Fri, 12 Sep 2008 19:15:44 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail2.rollernet.us
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=HTML_MESSAGE
autolearn=disabled version=3.2.5
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [208.79.240.5])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail2.rollernet.us (Postfix) with ESMTP
for <abuse[at]borgnet.us>; Fri, 12 Sep 2008 19:15:44 -0700 (PDT)
Received: from smtpauth.rollernet.us (localhost.localdomain [127.0.0.1])
by smtpauth.rollernet.us (Postfix) with ESMTP id 8E361594002
for <abuse[at]borgnet.us>; Fri, 12 Sep 2008 19:15:41 -0700 (PDT)
Received: from borgnet.us (www.borgnet.us [71.32.15.193]) (using TLSv1
with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate
requested) (Authenticated sender: sgrayban[at]rollermail.us) by
smtpauth.rollernet.us (Postfix) with ESMTP for <abuse[at]borgnet.us>;
Fri, 12 Sep 2008 19:15:38 -0700 (PDT)
-- Scott
Our complete mail log of this....
Sep 13 02:16:05 borgnet milter-greylist: m8D2Flg8008551: skipping greylist because address 208.79.241.2 is whitelisted, (from=<sgrayban[at]rollermail.us>, rcpt=<abuse[at]borgnet.us>, addr=208.79.241.2)
Sep 13 02:16:05 borgnet sendmail[8551]: m8D2Flg8008551: from=<sgrayban[at]rollermail.us>, size=2430, class=0, nrcpts=1, msgid=<48CB224A.7080105@rollermail.us>, proto=ESMTP, daemon=IPv4, relay=mail2.rollernet.us [208.79.241.2]
Sep 13 02:16:05 borgnet sendmail[8551]: m8D2Flg8008551: Milter add: header: X-Virus-Scanned: ClamAV version 0.94, clamav-milter version 0.94 on borgnet.us
Sep 13 02:16:05 borgnet sendmail[8551]: m8D2Flg8008551: Milter add: header: X-Virus-Status: Clean
Sep 13 02:16:06 borgnet sendmail[8551]: m8D2Flg8008551: Milter insert (1): header: X-SenderID: Sendmail Sender-ID Filter v0.2.14 mta1.borgnet.us m8D2Flg8008551
Sep 13 02:16:06 borgnet sendmail[8551]: m8D2Flg8008551: Milter insert (1): header: Authentication-Results: mta1.borgnet.us from=sgrayban[at]rollermail.us; sender-id=fail (NotPermitted); spf=fail (NotPermitted)
Sep 13 02:16:06 borgnet sendmail[8551]: m8D2Flg8008551: Milter: data, reject=550 5.7.1 Rejected due to SPF policy for sender sgrayban@rollermail.us
Sep 13 02:16:06 borgnet sendmail[8551]: m8D2Flg8008551: to=<abuse[at]borgnet.us>, delay=00:00:01, pri=32430, stat=Rejected due to SPF policy for sender sgrayban[at]rollermail.us
-- Scott
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Technically, SPF only works on direct MTA connections, not on hops further down the line unless your MTA or filter package has the ability to ignore certain layers of headers. In this case, the SPF fail result was most likely because your filter expected to find the IP for mail2.rollernet.us in the SPF record for rollermail.us, but it won't because mail2 is not a designated originating server.
The 127.0.0.1 headers you see when mail passes through our system is the filtering mechanism reconnecting to itself in order to do real-time filtering.
The 127.0.0.1 headers you see when mail passes through our system is the filtering mechanism reconnecting to itself in order to do real-time filtering.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
SPF specifically asks if any email is to be relayed through another server it *MUST* be included -- see http://old.openspf.org/wizard.html -- and since your mailboxes are considered a relay since you offer that service you must include 208.79.241.2 in the SPF.
-- Scott
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Why are you trying to check SPF on your server when you aren't accepting connections directly? You should not be checking SPF when all mail will appear to be coming from our servers. SPF checks only work properly if you accept directly, not behind a relay. This will cause any SPF check to fail, not just ours.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Then you can prove this to yourself: send a message from the hosted mail box to another domain. It'll come back as SPF "pass".
There really isn't much we can do; you're doing something that is known to break SPF. If you like, we can send an email from hotmail.com which has SPF records (but in "softfail") and you should see a "softfail" from hotmail. If what you're tryng to get us to do is correct, and the relay of a domain should be in that domain's SPF records, how would we get hotmail.com to add our mail servers to their SPF? (The correct answer is we have no business being in hotmail's SPF records.)
The openspf.org website explicitly covers your situation with us handing off mail in the middle and how it won't work:
There really isn't much we can do; you're doing something that is known to break SPF. If you like, we can send an email from hotmail.com which has SPF records (but in "softfail") and you should see a "softfail" from hotmail. If what you're tryng to get us to do is correct, and the relay of a domain should be in that domain's SPF records, how would we get hotmail.com to add our mail servers to their SPF? (The correct answer is we have no business being in hotmail's SPF records.)
The openspf.org website explicitly covers your situation with us handing off mail in the middle and how it won't work:
Processing SPF policies at the border
SPF is designed to work at the border of your network. Some server, which you may not know, is contacting your server. Can you trust it? An SPF policy designates (or not!) that server as an authorized source for email from $domain.
Now consider what happens if you process an SPF policy somewhere else in your network. For example: one host receives all mail and then relays it to a central mail server. Should you process SPF policies on that central mail server, it will see your other host as the source. Chances are this other host is not authorized by someone else's SPF policy!
Example:
user@example.com sends his mail via mailhost.example.com and this host is authorized in example.com's SPF policy (v=spf1 a:mailhost.example.com -all).
Your organization receives mail at mailhost.receiver.example (your MX server). Maybe it looks at example.com's SPF record, finds that mailhost.example.com is authorized, and all is well.
Then the message is relayed to mailcentral.receiver.example; if this server looks at the SPF record again, the sending host will be mailhost.receiver.example which is not authorized!
http://www.openspf.org/FAQ/Common_receiver_mistakes
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC