error results for email verification

Discussion in 'Installation/Configuration' started by ariban99, Jul 7, 2015.

  1. ariban99

    ariban99 Member

    I sent an email to auth-results@verifier.port25.com in order to test if my spf records are working, here are the results. anyone has a solution how to get things working properly in ispconfig3?
    in my case my relayhost is smtp.comcast.net and my incoming emails goes through ghettosmtp.com who then forwards the email to me via another port that is not being blocked by comcast (because comcast residential blocks port 25)

    This message is an automatic response from Port25's authentication verifier
    service at verifier.port25.com. The service allows email senders to perform
    a simple check of various sender authentication mechanisms. It is provided
    free of charge, in the hope that it is useful to the email community. While
    it is not officially supported, we welcome any feedback you may have at
    <verifier-feedback@port25.com>.

    Thank you for using the verifier,

    The Port25 Solutions, Inc. team

    ==========================================================
    Summary of Results
    ==========================================================
    SPF check: neutral
    DomainKeys check: neutral
    DKIM check: pass
    Sender-ID check: neutral
    SpamAssassin check: ham

    ==========================================================
    Details:
    ==========================================================

    HELO hostname: resqmta-po-08v.sys.comcast.net
    Source IP: 96.114.154.167
    mail-from: server1@wellspringsoflife.com

    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result: neutral (SPF-Result: None)
    ID(s) verified: smtp.mailfrom=server1@wellspringsoflife.com
    DNS record(s):
    wellspringsoflife.com. SPF (no records)
    wellspringsoflife.com. 86400 IN TXT "v=spf1ainclude:smtp.comcast.net-all"

    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=server1@wellspringsoflife.com
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (signature verifies; identity doesn't match any headers)
    ID(s) verified: header.d=comcast.net
    Canonicalized Headers:
    received:from'20'wellspringsoflife.com'20'([50.140.200.166])'20'by'20'resomta-po-02v.sys.comcast.net'20'with'20'comcast'20'id'20'pQ9C1q00H3buSvm01Q9D99;'20'Tue,'20'07'20'Jul'20'2015'20'12:09:13'20'+0000'0D''0A'
    received:from'20'resomta-po-02v.sys.comcast.net'20'([96.114.154.226])'20'by'20'resqmta-po-08v.sys.comcast.net'20'with'20'comcast'20'id'20'pQ9D1q0044tLnxL01Q9DAR;'20'Tue,'20'07'20'Jul'20'2015'20'12:09:13'20'+0000'0D''0A'
    mime-version:1.0'0D''0A'
    content-type:text/plain;'20'charset=US-ASCII;'20'format=flowed'0D''0A'
    date:Tue,'20'07'20'Jul'20'2015'20'08:09:12'20'-0400'0D''0A'
    from:server1@wellspringsoflife.com'0D''0A'
    to:check-auth@verifier.port25.com'0D''0A'
    subject:test'20'spf'20'results'0D''0A'
    message-id:<c3ee1c100c55547373f61ccc10c06c50@wellspringsoflife.com>'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=comcast.net;'20's=q20140121;'20't=1436270953;'20'bh=B81fJ1HbdL6n0TKUvfIxYcuotpQyOTmBDv0U4VUtqWk=;'20'h=Received:Received:MIME-Version:Content-Type:Date:From:To:Subject:'20'Message-ID;'20'b=

    Canonicalized Body:
    does'20'it'20'work?'0D''0A'


    DNS record(s):
    q20140121._domainkey.comcast.net. 2224 IN TXT "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuqXbtRtZLMYtQytThkLGpx7SOPdbO8dEKYHHIvcYLd1c7C8tMJjIuxSnNgA2+W6g6WtPJjr/Af2yqmHn3AKOdaPzp+Wx/kDNoGQDyO98OO1/0e+W1MXOWHAkLJe6/eHx7rEp0gNXU1b16WvhiLWQmr3bekPPfJvIOsrW8HeQrA2RX8Eg5a2HAnQ0jfPB1bzpFN8EjWlrP0ISQhC4X2/UQy+3Fi8yLjVzEqiMPhowI4ndC8wWG0jPuPL0X02SPmCar4yjlh7zrd7x9Hix+Eknz1bqQVms15n2iylcd2EluckeMmvAFnIZXiGnckzTVPq4ouOkt6UJZVxcBikzJEFxwIDAQAB"

    Public key used for verification: q20140121._domainkey.comcast.net (2048 bits)

    NOTE: DKIM checking has been performed based on the latest DKIM specs
    (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
    older versions. If you are using Port25's PowerMTA, you need to use
    version 3.2r11 or later to get a compatible version of DKIM.

    ----------------------------------------------------------
    Sender-ID check details:
    ----------------------------------------------------------
    Result: neutral (SPF-Result: None)
    ID(s) verified: header.From=server1@wellspringsoflife.com
    DNS record(s):
    wellspringsoflife.com. SPF (no records)
    wellspringsoflife.com. 86400 IN TXT "v=spf1ainclude:smtp.comcast.net-all"

    ----------------------------------------------------------
    SpamAssassin check details:
    ----------------------------------------------------------
    SpamAssassin v3.4.0 (2014-02-07)

    Result: ham (-0.5 points, 5.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    1.4 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
    [96.114.154.167 listed in bl.mailspike.net]
    -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
    [score: 0.0000]
    0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
    -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
    0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

    ==========================================================
    Explanation of the possible results (from RFC 5451)
    ==========================================================

    SPF and Sender-ID Results
    =========================

    "none"
    No policy records were published at the sender's DNS domain.

    "neutral"
    The sender's ADMD has asserted that it cannot or does not
    want to assert whether or not the sending IP address is authorized
    to send mail using the sender's DNS domain.

    "pass"
    The client is authorized by the sender's ADMD to inject or
    relay mail on behalf of the sender's DNS domain.

    "policy"
    The client is authorized to inject or relay mail on behalf
    of the sender's DNS domain according to the authentication
    method's algorithm, but local policy dictates that the result is
    unacceptable.

    "fail"
    This client is explicitly not authorized to inject or
    relay mail using the sender's DNS domain.

    "softfail"
    The sender's ADMD believes the client was not authorized
    to inject or relay mail using the sender's DNS domain, but is
    unwilling to make a strong assertion to that effect.

    "temperror"
    The message could not be verified due to some error that
    is likely transient in nature, such as a temporary inability to
    retrieve a policy record from DNS. A later attempt may produce a
    final result.

    "permerror"
    The message could not be verified due to some error that
    is unrecoverable, such as a required header field being absent or
    a syntax error in a retrieved DNS TXT record. A later attempt is
    unlikely to produce a final result.


    DKIM and DomainKeys Results
    ===========================

    "none"
    The message was not signed.

    "pass"
    The message was signed, the signature or signatures were
    acceptable to the verifier, and the signature(s) passed
    verification tests.

    "fail"
    The message was signed and the signature or signatures were
    acceptable to the verifier, but they failed the verification
    test(s).

    "policy"
    The message was signed but the signature or signatures were
    not acceptable to the verifier.

    "neutral"
    The message was signed but the signature or signatures
    contained syntax errors or were not otherwise able to be
    processed. This result SHOULD also be used for other
    failures not covered elsewhere in this list.

    "temperror"
    The message could not be verified due to some error that
    is likely transient in nature, such as a temporary inability
    to retrieve a public key. A later attempt may produce a
    final result.

    "permerror"
    The message could not be verified due to some error that
    is unrecoverable, such as a required header field being
    absent. A later attempt is unlikely to produce a final result.
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    1. check your nameservers (intodns.com or something else)
    2. make sure your spf-record is valid (maxtoolbox reports a loop)
     

Share This Page