search

postalsys / mailauth

Command line utility and a Node.js library for email authentication
Other
126 stars 10 forks source link

RR field not returned for some SPF records #34

Closed schack closed 1 year ago

schack commented 1 year ago

Describe the bug When the SPF check is performed on certain domains the "rr" field is not set.

To Reproduce Perform an SPF check on bimco.org

Expected behavior Valid SPF records (rr field) should always be returned

andris9 commented 1 year ago

Seems to be present, though?

Screenshot 2023-04-12 at 09 39 29
schack commented 1 year ago

That's strange, I get a result like this (not using cli, from code)

{ domain: 'bimco.org', 'client-ip': '217.146.76.20', 'envelope-from': 'hsje@bimco.org', status: { result: 'neutral', comment: 'STL-R7N4H9RQF6: 217.146.76.20 is neither permitted nor denied by domain of hsje@bimco.org', smtp: { mailfrom: 'hsje@bimco.org', helo: undefined } }, header: 'Received-SPF: neutral (STL-R7N4H9RQF6: 217.146.76.20 is neither permitted nor denied by domain of hsje@bimco.org) client-ip=217.146.76.20;', info: 'spf=neutral (STL-R7N4H9RQF6: 217.146.76.20 is neither permitted nor denied by domain of hsje@bimco.org) smtp.mailfrom=hsje@bimco.org' }

andris9 commented 1 year ago

This probably means that DNS request to resolve SPF records fails (the result is "neutral"). If you run mailauth from the command line with the -v argument, then it lists all DNS queries and responses.

$ mailauth spf -v -f bimco.org -i 217.146.76.20
Checking SPF for bimco.org
Maximum DNS lookups: 10
--------
DNS query for TXT bimco.org: [["MS=ms97132348"],["google-site-verification=MV3dpvpIm7tsnJ9G7pJGjKC87k8RWww74diYU6qi-u0"],["VIxg+RvH9z+g8LABfaeVf+eZy9+A8Dr1mrmFPO/0PV6x6mkC8vkaAOVk83ppXZOR5jTHLeJgXsedd1jyVDYGrQ=="],["MS=ms82127741"],["v=spf1 redirect=bimco.org.hosted.spf-report.com"]]
DNS query for TXT bimco.org.hosted.spf-report.com: [["v=spf1 include:bimco_org_af1a636c_0.flat.spf-report.com ~all"]]
DNS query for TXT bimco_org_af1a636c_0.flat.spf-report.com: [["v=spf1 a:mailrelay01.bimco.org exists:%{i}._spf.sparkpostmail.com ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 ","ip6:2a01:111:f403:f000::/52 ~all"]]
DNS query for A mailrelay01.bimco.org: ["52.174.88.94"]
DNS query for A 217.146.76.20._spf.sparkpostmail.com: queryA ENOTFOUND 217.146.76.20._spf.sparkpostmail.com [ENOTFOUND]
{
  "domain": "bimco.org",
  "client-ip": "217.146.76.20",
  "envelope-from": "postmaster@bimco.org",
  "rr": "v=spf1 redirect=bimco.org.hosted.spf-report.com",
  "status": {
    "result": "softfail",
    "comment": "andrismacbook: domain of transitioning postmaster@bimco.org does not designate 217.146.76.20 as permitted sender",
    "smtp": {
      "mailfrom": "postmaster@bimco.org"
    }
  },
  "header": "Received-SPF: softfail (andrismacbook: domain of transitioning postmaster@bimco.org does not designate 217.146.76.20 as permitted sender)\r\n client-ip=217.146.76.20;",
  "info": "spf=softfail (andrismacbook: domain of transitioning postmaster@bimco.org does not designate 217.146.76.20 as permitted sender) smtp.mailfrom=postmaster@bimco.org",
  "lookups": {
    "limit": 10,
    "count": 4,
    "void": 1,
    "subqueries": {}
  }
}
schack commented 1 year ago

I get this (using Cloudflare DNS)

mailauth -v spf -f bimco.org -i 1.2.3.4 Checking SPF for bimco.org Maximum DNS lookups: 10

DNS query for TXT bimco.org: [["VIxg+RvH9z+g8LABfaeVf+eZy9+A8Dr1mrmFPO/0PV6x6mkC8vkaAOVk83ppXZOR5jTHLeJgXsedd1jyVDYGrQ=="],["MS=ms82127741"],["v=spf1 redirect=bimco.org.hosted.spf-report.com"],["MS=ms97132348"],["google-site-verification=MV3dpvpIm7tsnJ9G7pJGjKC87k8RWww74diYU6qi-u0"]] DNS query for TXT bimco.org.hosted.spf-report.com: queryTxt EREFUSED bimco.org.hosted.spf-report.com [EREFUSED] { "domain": "bimco.org", "client-ip": "1.2.3.4", "envelope-from": "postmaster@bimco.org", "status": { "result": "neutral", "comment": "STL-R7N4H9RQF6: 1.2.3.4 is neither permitted nor denied by domain of postmaster@bimco.org", "smtp": { "mailfrom": "postmaster@bimco.org" } }, "header": "Received-SPF: neutral (STL-R7N4H9RQF6: 1.2.3.4 is neither permitted nor denied by domain of postmaster@bimco.org) client-ip=1.2.3.4;", "info": "spf=neutral (STL-R7N4H9RQF6: 1.2.3.4 is neither permitted nor denied by domain of postmaster@bimco.org) smtp.mailfrom=postmaster@bimco.org" }

And now I realize whats going on, bimco.org.hosted.spf-report.com is on Cloudflares blocklist, resolves to 0.0.0.0

Big sorry for wasting your time :-(

andris9 commented 1 year ago

I assume the block is set by the bimco.org somehow. Well, if they refuse DNS requests for their email security DNS records, then they have no one else to blame if their emails are not properly authenticated 🤷‍♂️