Back to Community Threads
3
[_SPF: Fail] problem on SM16
Problem reported by Ng Cher Choon - 9/26/2018 at 6:45 PM
Submitted
We are using SM 16. We tried to send from ncc@sgcom.com.sg, which resides on a Linux server to an account ncc@ginho.sg, which resides on SM 16 Windows server, we encountered a failed SPF problem.

We did a SPF test using mxtools website for sgcom.com.sg and the public ip address set on our DNS, it passes. We did more SPF tests using other websites, it too passes without any error.

However, when SM 16 receives from ncc@sgcom.com.sg, it shows a failed SPF.

Below is the transaction:

2018.09.27] 09:17:51 [36341] Delivery started for ncc@sgcom.com.sg at 9:17:51 AM
[2018.09.27] 09:17:54 [36341] Added to SpamCheckQueue (1 queued; 1/30 processing)
[2018.09.27] 09:17:54 [36341] Launching 'D:\Program Files (x86)\Plesk\admin\bin\smmailfilter.exe' command line exe.
[2018.09.27] 09:17:54 [36341] Command line exe finished.
[2018.09.27] 09:17:54 [36341] Starting Spam Checks.
[2018.09.27] 09:18:00 [36341] Spam check results: [_REVERSEDNSLOOKUP: Passed], [_NULLSENDER: passed], [_SPAMASSASSIN: 0:0], [_SPF: Fail], [_DK: Pass], [_DKIM: None], [BACKSCATTER: passed], [BARRACUDA: passed], [CBL: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [IN.DNSBL.ORG: passed], [SENDERSCORE: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - NO SERVER: passed], [SORBS - NOMAIL: passed], [SORBS - PROXY: passed], [SORBS - RECENT: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [SPAMRATS: passed], [SURRIEL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [URIBL-BLACK: passed], [URIBL-GREY: passed], [URIBL-WHITE: passed]
[2018.09.27] 09:18:00 [36341] Spam Checks completed.
[2018.09.27] 09:18:00 [36341] Removed from SpamCheckQueue (2 queued or processing)
[2018.09.27] 09:18:03 [36341] Added to LocalDeliveryQueue (0 queued; 1/50 processing)
[2018.09.27] 09:18:03 [36341] Starting local delivery to ncc@ginho.sg
[2018.09.27] 09:18:03 [36341] Delivery for ncc@sgcom.com.sg to ncc@ginho.sg has completed (Delivered to Junk Email) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.09.27] 09:18:03 [36341] End delivery to ncc@ginho.sg (MessageID: <20180927011745.19457h8qjt9zsr7d@webmail.sgcom.com.sg>)
[2018.09.27] 09:18:03 [36341] Removed from LocalDeliveryQueue (1 queued or processing)
[2018.09.27] 09:18:06 [36341] Removing Spool message: Killed: False, Failed: False, Finished: True
[2018.09.27] 09:18:06 [36341] Delivery finished for ncc@sgcom.com.sg at 9:18:06 AM    [id:27236341]



The email header for the message shows the correct IP address [202.55.81.16] of sgcom.com.sg delivery.

Return-Path: <ncc@sgcom.com.sg>
Received: from bluewhale.sgcom.com.sg (reverse16.sgcom.com.sg [202.55.81.16]) by mail.sgcom.com.sg with SMTP;
Thu, 27 Sep 2018 09:17:50 +0800
Received: by bluewhale.sgcom.com.sg (Postfix, from userid 48)
id 175661D2F98; Thu, 27 Sep 2018 09:17:46 +0800 (+08)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=sgcom.com.sg;
b=sDwYLkcMmE4mdtKPVRqJtidNJtIwjSencKPakT6+GzQZP6VBplhw0AKZ9U1KxMY8wNStmsg8GEfxJG8cir2Lq+sAjiXF94soO3ZQTpttmMpZmglzEjios545YvnbSA9l;
h=Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
Received: from 116.14.59.59 ([116.14.59.59]) by webmail.sgcom.com.sg (Horde
Framework) with HTTP; Thu, 27 Sep 2018 01:17:45 +0000
Message-ID: <20180927011745.19457h8qjt9zsr7d@webmail.sgcom.com.sg>
Date: Thu, 27 Sep 2018 01:17:45 +0000
From: Ng Cher Choon <ncc@sgcom.com.sg>
To: ncc@ginho.sg
Subject: Testing from Sgcom Systems
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-SmarterMail-Spam: Reverse DNS Lookup [Passed], SpamAssassin 0, SPF_Fail, DK_Pass, DKIM_None
X-SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Contact, failed SPF)



When we send the email from ncc@sgcom.com.sg to hotmail.com server, hotmail server shows that the SPF passes as shown:

Authentication-Results: spf=pass (sender IP is 202.55.81.16) smtp.mailfrom=sgcom.com.sg; hotmail.com; dkim=none (message not signed) header.d=none;hotmail.com; dmarc=bestguesspass action=none header.from=sgcom.com.sg; 
Received-SPF: Pass (protection.outlook.com: domain of sgcom.com.sg designates 202.55.81.16 as permitted sender) receiver=protection.outlook.com; client-ip=202.55.81.16; helo=bluewhale.sgcom.com.sg; 



Is there anything that I set wrongly since other SPF test website shows there was no error and passed all the test. I suspect that there is a bug in SM 16 SPF Testing.

I think SM 16 uses the IP address 116.14.59.59 rather than 202.55.81.16 to test the SPF domain, which is incorrect.

Thanks

8 Replies

Reply to Thread
0
Ng Cher Choon Replied
9/26/2018 at 6:48 PM
We also tested on SM 17 using ncc@sgcom.com.sg and the SPF passes as follows:

Return-Path: <ncc@sgcom.com.sg>
Received: from bluewhale.sgcom.com.sg (UnknownHost [202.55.81.16]) by sgcomsvr02 with SMTP;
Thu, 27 Sep 2018 09:45:30 +0800
Received: by bluewhale.sgcom.com.sg (Postfix, from userid 48)
id 42F741D2F7F; Thu, 27 Sep 2018 09:45:36 +0800 (+08)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=sgcom.com.sg;
b=Wjc2rNX71F7GZPYpJT3R7LbQWDMm1XsVG4jmDIDNzNpVNfNig0z7levjS5K9D7ueiCyf0hiBAQrFpT0WX6TS5BwO4RQLKtlMBEE3r2M4tjsuO1qct9YuRoho7kseJ0X4;
h=Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
Received: from 116.14.59.59 ([116.14.59.59]) by webmail.sgcom.com.sg (Horde
Framework) with HTTP; Thu, 27 Sep 2018 01:45:36 +0000
Message-ID: <20180927014536.88361k6f5rvmb328@webmail.sgcom.com.sg>
Date: Thu, 27 Sep 2018 01:45:36 +0000
From: Ng Cher Choon <ncc@sgcom.com.sg>
To: ncc@mailserver.ginho.sg
Subject: Testing SPF if it passes
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)
X-SmarterMail-Spam: Reverse DNS Lookup [Passed], SPF_Pass, DK_Pass, DKIM_None
X-SmarterMail-TotalSpamWeight: -20 

Please advise
0
echoDreamz Replied
9/27/2018 at 9:21 AM
You can review the SMTP logs to see what IP is being used.

EDIT: Ignore, I see you are running SPF checks in the delivery / spool instead of at the SMTP layer.
0
Ng Cher Choon Replied
9/27/2018 at 2:08 PM
Yes, we have enabled the SPF check. SM 16 SPF check results as fail while SM 17 SPF check shows as pass from the same email message.

It is therefore clearly a bug in SM 16 SPF check since we have verified that hotmail SPF check indicates as pass. To reinforce our findings, other SPF check tests from several websites passes the domain SPF record based on the IP address.
0
Ng Cher Choon Replied
9/29/2018 at 5:33 PM
Is anyone from Smartertool responding to this issue?
0
echoDreamz Replied
9/30/2018 at 7:05 PM
If the issue is a showstopper, you may want to consider opening a ticket...
0
Ng Cher Choon Replied
10/1/2018 at 5:05 AM
I don't think I have anymore ticket to open. how can I do so?
0
echoDreamz Replied
10/1/2018 at 8:50 AM
1
Ng Cher Choon Replied
10/1/2018 at 2:38 PM
Thanks for your help. I have submitted the problem encountered.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Getting Started Wizard: "Error creating the primary administrator account"SmarterMail > Troubleshooting
SPF - In Simple TermsSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Upgrading SmarterMail (Domain Conversion)SmarterMail > Installation and Configuration