exceeding maxspfallowedloop |
Post Reply |
Author | |
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
Posted: 20 March 2014 at 12:35pm |
We are getting errors in checking spf records for incoming mail as follows:
03/19/14 13:28:34:341 -- (180185632) Detected TCP Connection: 207.46.163.181 03/19/14 13:28:34:356 -- (180185632) Connection from: 207.46.163.181 - Originating country : United States 03/19/14 13:28:34:512 -- (180185632) Received STARTTLS command 03/19/14 13:28:34:996 -- (180185632) Received MAIL FROM: xxxxxx@Coalfire.com 03/19/14 13:28:35:121 -- (180185632) Resolving 207.46.163.181 - mail-bn1blp0181.outbound.protection.outlook.com 03/19/14 13:28:35:292 -- (180185632) found SPF record for Coalfire.com: v=spf1 ip4:67.137.78.0/24 a:mail.coalfiresystems.com include:salesforce.com include:aspmx.pardot.com include:elabs10.com include:spf.protection.outlook.com include:msoprd.msft.net -all 03/19/14 13:28:35:355 -- (180185632) found SPF record for salesforce.com: v=spf1 include:_spf.google.com ip4:96.43.144.0/20 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:204.14.232.0/21 ip4:62.17.146.128/26 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:68.232.207.20 ip4:207.67.38.45 mx ~all 03/19/14 13:28:35:386 -- (180185632) found SPF record for _spf.google.com: v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all 03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks.google.com: v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ~all 03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail 03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks.google.com done: - softfail 03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks2.google.com: v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all 03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail 03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks2.google.com done: - softfail 03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks3.google.com: v=spf1 ~all 03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail 03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks3.google.com done: - softfail 03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail 03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _spf.google.com done: - softfail 03/19/14 13:28:35:417 -- (180185632) SPF query result: softfail 03/19/14 13:28:35:417 -- (180185632) - SPF analysis for salesforce.com done: - softfail 03/19/14 13:28:35:433 -- (180185632) found SPF record for aspmx.pardot.com: v=spf1 ip4:199.122.123.188/30 include:a._spf.pardot.com include:b._spf.pardot.com include:c._spf.pardot.com include:s._spf.pardot.com ?all 03/19/14 13:28:35:448 -- (180185632) found SPF record for a._spf.pardot.com: v=spf1 ip4:74.86.241.250 ip4:74.86.207.36/30 ip4:74.86.113.28/30 ip4:74.86.241.251 ip4:174.37.67.28/30 ip4:67.228.21.184/29 ip4:74.86.226.216/30 ip4:74.86.164.188/30 ip4:67.228.2.24/30 ip4:74.86.171.192/30 ip4:74.86.195.28/30 ?all 03/19/14 13:28:35:448 -- (180185632) SPF query result: neutral 03/19/14 13:28:35:448 -- (180185632) - SPF analysis for a._spf.pardot.com done: - neutral 03/19/14 13:28:35:464 -- (180185632) found SPF record for b._spf.pardot.com: v=spf1 ip4:74.86.236.240/30 ip4:74.86.131.208/30 ip4:67.228.37.4/30 ip4:74.86.160.160/30 ip4:74.86.129.240/30 ip4:74.86.132.208/30 ip4:208.43.21.28/30 ip4:208.43.21.64/29 ip4:208.43.21.72/30 ip4:174.36.114.128/30 ip4:174.36.114.140/30 ?all 03/19/14 13:28:35:464 -- (180185632) SPF query result: neutral 03/19/14 13:28:35:464 -- (180185632) - SPF analysis for b._spf.pardot.com done: - neutral 03/19/14 13:28:35:480 -- (180185632) found SPF record for c._spf.pardot.com: v=spf1 ip4:174.36.84.12/30 ip4:174.36.84.144/29 ip4:174.36.84.16/29 ip4:174.36.84.240/29 ip4:174.36.114.148/30 ip4:174.36.114.152/29 ip4:174.36.84.32/29 ip4:174.36.84.8/30 ip4:174.36.85.248/30 ip4:207.67.98.209/28 ?all 03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral 03/19/14 13:28:35:480 -- (180185632) - SPF analysis for c._spf.pardot.com done: - neutral 03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops 03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral 03/19/14 13:28:35:480 -- (180185632) - SPF analysis for aspmx.pardot.com done: - neutral 03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops 03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops 03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops 03/19/14 13:28:35:480 -- (180185632) SPF query result: fail 03/19/14 13:28:35:480 -- (180185632) - SPF analysis for Coalfire.com done: - fail 03/19/14 13:28:35:480 -- (180185632) failed SPF test (fail) - Disconnecting 207.46.163.181 03/19/14 13:28:35:495 -- (180185632) 207.46.163.181 - Mail from: xxxxxxx.xxxxx@Coalfire.com To: xxxxxxxx.xxxxxx@portofportland.com will be rejected 03/19/14 13:28:35:495 -- (180185632) Bypassed all rules for: xxxxx.xxxxx@portofportland.com from xxxx.xxxx@Coalfire.com ( AutoWhiteList Force Delivery) 03/19/14 13:28:35:620 -- (180185632) Received RCPT TO: xxxx.yyyy@portofportland.com 03/19/14 13:28:35:636 -- (180185632) Mail from: xxxx@Coalfire.com 03/19/14 13:28:35:636 -- (180185632) 207.46.163.181 - Mail from: xxxx.xxx@Coalfire.com To: xxx@portofportland.com will be rejected As you can see one user had the sender whitelisted so they recieved the email but another did not so it was quarantined. (I munged the names to hide the email addresses...). Is there anyway to increase the spf loop count?
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
The MaxSPFAllowedLoops value in SpamFilter is hardcoded to "10" and is one of the few parameters that cannot be modified via .ini settings. We had never seen this threshold (which is used to prevent denial of service attacks to SpamFilter via sender's domain names with malicious SPF records in their DNS) cause any issues before.
In this case it however blocking a legitimate email for a domain that has many more nested include SPF statements in their DNS. We'll be completing a patch within the next 24/48 hours to address this by increasing this threshold and making it customizable. It will take a couple of days of internal testing before releasing to the public. If you would like to receive it sooner before we complete the internal QA tests please let us know via email at support @ logsat.com - we'll provided it to you asap. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
A new pre-release of SpamFilter (v4.5.1.99) is available in the registered user area. The changes since the latest official release (4.5.1.98) are as follows:
// New to VersionNumber = '4.5.1.99'; {TODO -cNew : Added parameter MaxSPFAllowedLoops in SpamFilter.ini file. This parameter used to be hardcoded to "10" in SpamFilter and it is not customizable. It is used to limit the number of nested include directives allowed in an SPF query. Used to limit the risk of DoS attacks using malicious SPF DNS records} |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.138 seconds.