[_SPF: Fail] problem on SM16
Problem reported by Ng Cher Choon - September 26 at 6:45 PM
Submitted
We are using SM 16. We tried to send from ncc@sgcom.com.sg, which resides on a Linux server to an account ncc@ginho.sg, which resides on SM 16 Windows server, we encountered a failed SPF problem.

We did a SPF test using mxtools website for sgcom.com.sg and the public ip address set on our DNS, it passes. We did more SPF tests using other websites, it too passes without any error.

However, when SM 16 receives from ncc@sgcom.com.sg, it shows a failed SPF.

Below is the transaction:

2018.09.27] 09:17:51 [36341] Delivery started for ncc@sgcom.com.sg at 9:17:51 AM
[2018.09.27] 09:17:54 [36341] Added to SpamCheckQueue (1 queued; 1/30 processing)
[2018.09.27] 09:17:54 [36341] Launching 'D:\Program Files (x86)\Plesk\admin\bin\smmailfilter.exe' command line exe.
[2018.09.27] 09:17:54 [36341] Command line exe finished.
[2018.09.27] 09:17:54 [36341] Starting Spam Checks.
[2018.09.27] 09:18:00 [36341] Spam check results: [_REVERSEDNSLOOKUP: Passed], [_NULLSENDER: passed], [_SPAMASSASSIN: 0:0],
 [_SPF: Fail], [_DK: Pass], [_DKIM: None], [BACKSCATTER: passed], [BARRACUDA: passed], [CBL: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [IN.DNSBL.ORG: passed], [SENDERSCORE: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - NO SERVER: passed], [SORBS - NOMAIL: passed], [SORBS - PROXY: passed], [SORBS - RECENT: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [SPAMRATS: passed], [SURRIEL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [URIBL-BLACK: passed], [URIBL-GREY: passed], [URIBL-WHITE: passed]
[2018.09.27] 09:18:00 [36341] Spam Checks completed.
[2018.09.27] 09:18:00 [36341] Removed from SpamCheckQueue (2 queued or processing)
[2018.09.27] 09:18:03 [36341] Added to LocalDeliveryQueue (0 queued; 1/50 processing)
[2018.09.27] 09:18:03 [36341] Starting local delivery to ncc@ginho.sg
[2018.09.27] 09:18:03 [36341] Delivery for ncc@sgcom.com.sg to ncc@ginho.sg has completed (Delivered to Junk Email) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.09.27] 09:18:03 [36341] End delivery to ncc@ginho.sg (MessageID: <20180927011745.19457h8qjt9zsr7d@webmail.sgcom.com.sg>)
[2018.09.27] 09:18:03 [36341] Removed from LocalDeliveryQueue (1 queued or processing)
[2018.09.27] 09:18:06 [36341] Removing Spool message: Killed: False, Failed: False, Finished: True
[2018.09.27] 09:18:06 [36341] Delivery finished for ncc@sgcom.com.sg at 9:18:06 AM    [id:27236341]



The email header for the message shows the correct IP address [202.55.81.16] of sgcom.com.sg delivery.

Return-Path: <ncc@sgcom.com.sg>
Received: from bluewhale.sgcom.com.sg (reverse16.sgcom.com.sg [202.55.81.16]) by mail.sgcom.com.sg with SMTP;
Thu, 27 Sep 2018 09:17:50 +0800
Received: by bluewhale.sgcom.com.sg (Postfix, from userid 48)
id 175661D2F98; Thu, 27 Sep 2018 09:17:46 +0800 (+08)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=sgcom.com.sg;
b=sDwYLkcMmE4mdtKPVRqJtidNJtIwjSencKPakT6+GzQZP6VBplhw0AKZ9U1KxMY8wNStmsg8GEfxJG8cir2Lq+sAjiXF94soO3ZQTpttmMpZmglzEjios545YvnbSA9l;
h=Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
Received: from 116.14.59.59 ([116.14.59.59]) by webmail.sgcom.com.sg (Horde
Framework) with HTTP; Thu, 27 Sep 2018 01:17:45 +0000
Message-ID: <20180927011745.19457h8qjt9zsr7d@webmail.sgcom.com.sg>
Date: Thu, 27 Sep 2018 01:17:45 +0000
From: Ng Cher Choon <ncc@sgcom.com.sg>
To: ncc@ginho.sg
Subject: Testing from Sgcom Systems
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-SmarterMail-Spam: Reverse DNS Lookup [Passed], SpamAssassin 0,
SPF_Fail, DK_Pass, DKIM_None
X-SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Contact, failed SPF)



When we send the email from ncc@sgcom.com.sg to hotmail.com server, hotmail server shows that the SPF passes as shown:

Authentication-Results: spf=pass (sender IP is 202.55.81.16) smtp.mailfrom=sgcom.com.sg; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=bestguesspass action=none header.from=sgcom.com.sg; 
Received-SPF: Pass (protection.outlook.com: domain of sgcom.com.sg designates 202.55.81.16 as permitted sender) receiver=protection.outlook.com; client-ip=202.55.81.16; helo=bluewhale.sgcom.com.sg; 



Is there anything that I set wrongly since other SPF test website shows there was no error and passed all the test. I suspect that there is a bug in SM 16 SPF Testing.

I think SM 16 uses the IP address 116.14.59.59 rather than 202.55.81.16 to test the SPF domain, which is incorrect.

Thanks

8 Replies

Reply to Thread
0
Ng Cher Choon Replied
We also tested on SM 17 using ncc@sgcom.com.sg and the SPF passes as follows:

Return-Path: <ncc@sgcom.com.sg>
Received: from bluewhale.sgcom.com.sg (UnknownHost [202.55.81.16]) by sgcomsvr02 with SMTP;
Thu, 27 Sep 2018 09:45:30 +0800
Received: by bluewhale.sgcom.com.sg (Postfix, from userid 48)
id 42F741D2F7F; Thu, 27 Sep 2018 09:45:36 +0800 (+08)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=sgcom.com.sg;
b=Wjc2rNX71F7GZPYpJT3R7LbQWDMm1XsVG4jmDIDNzNpVNfNig0z7levjS5K9D7ueiCyf0hiBAQrFpT0WX6TS5BwO4RQLKtlMBEE3r2M4tjsuO1qct9YuRoho7kseJ0X4;
h=Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
Received: from 116.14.59.59 ([116.14.59.59]) by webmail.sgcom.com.sg (Horde
Framework) with HTTP; Thu, 27 Sep 2018 01:45:36 +0000
Message-ID: <20180927014536.88361k6f5rvmb328@webmail.sgcom.com.sg>
Date: Thu, 27 Sep 2018 01:45:36 +0000
From: Ng Cher Choon <ncc@sgcom.com.sg>
To: ncc@mailserver.ginho.sg
Subject: Testing SPF if it passes
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-SmarterMail-Spam: Reverse DNS Lookup [Passed],
SPF_Pass, DK_Pass, DKIM_None
X-SmarterMail-TotalSpamWeight: -20 

Please advise
0
echoDreamz Replied
You can review the SMTP logs to see what IP is being used.

EDIT: Ignore, I see you are running SPF checks in the delivery / spool instead of at the SMTP layer.

Christopher

0
Ng Cher Choon Replied
Yes, we have enabled the SPF check. SM 16 SPF check results as fail while SM 17 SPF check shows as pass from the same email message.

It is therefore clearly a bug in SM 16 SPF check since we have verified that hotmail SPF check indicates as pass. To reinforce our findings, other SPF check tests from several websites passes the domain SPF record based on the IP address.
0
Ng Cher Choon Replied
Is anyone from Smartertool responding to this issue?
0
echoDreamz Replied
If the issue is a showstopper, you may want to consider opening a ticket...

Christopher

0
Ng Cher Choon Replied
I don't think I have anymore ticket to open. how can I do so?
0
echoDreamz Replied

Christopher

1
Ng Cher Choon Replied
Thanks for your help. I have submitted the problem encountered.

Reply to Thread