Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Does the SPF check actually work?
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I've been tinkering with the SPF to see if it's something worth using. I set it up to log only. All I keep getting in the debug log as a result of the SPF checks are:

{spf} SPF result: unrecoverable error during processing (PermError)

I know I'm getting valid TXT lookups from the DNS server. Does the SPF check really work?


Scott
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
Scott, that's pretty wierd. You should be seeing something like this:

[17/Aug/2005 09:15:58][8024] {spf} SPF DNS query for TXT (16) records for domain kerio.com
[17/Aug/2005 09:15:59][8024] {spf} DNS TXT record for domain kerio.com: v=spf1 mx ip4:69.228.77.81 ip4:195.39.55.3 ip4:195.39.55.11 ip4:216.218.221.154 ~all
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for TXT (16) records in domain kerio.com succeeded: 1 records
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for MX (15) records for domain kerio.com
[17/Aug/2005 09:15:59][8024] {spf} MX record: name=kerio.com exchange=mx2.kerio.com preference=20
[17/Aug/2005 09:15:59][8024] {spf} MX record: name=kerio.com exchange=mx1.kerio.com preference=10
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for MX (15) records in domain kerio.com succeeded: 2 records
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for A (1) records for domain mx2.kerio.com
[17/Aug/2005 09:15:59][8024] {spf} A record: name=mx2.kerio.com ip=195.39.35.48
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for A (1) records in domain mx2.kerio.com succeeded: 1 records
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for A (1) records for domain mx1.kerio.com
[17/Aug/2005 09:15:59][8024] {spf} A record: name=mx1.kerio.com ip=195.39.55.2
[17/Aug/2005 09:15:59][8024] {spf} SPF DNS query for A (1) records in domain mx1.kerio.com succeeded: 1 records
[17/Aug/2005 09:15:59][8024] {spf} Checking address: jthomas<_at_>kerio.com
[17/Aug/2005 09:15:59][8024] {spf} SPF result: SoftFail


If SPF is totally failing, I wonder if the DNS server you are querying doesn't like KMS's request for TXT records.

You should submit a ticket for this.

Cheers,
Joshua

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I haven't actually found any that have returned SPF records yet.

[17/Aug/2005 12:13:35][6080] {spf} SPF DNS query for TXT (16) records for domain yahoo.com
[17/Aug/2005 12:13:35][6080] {spf} No TXT records for domain yahoo.com
[17/Aug/2005 12:13:35][6080] {spf} SPF DNS query for TXT (16) records in domain yahoo.com failed: host not found
[17/Aug/2005 12:13:35][6080] {spf} Checking address: username<_at_>yahoo.com
[17/Aug/2005 12:13:35][6080] {spf} SPF result: unrecoverable error during processing (PermError)

Is the unrecoverable error normal when no SPF record is returned?

Scott
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Ah ha. I found 2 that worked over the lunch hour. Interestingly, the Kerio forum address doesn't. ignor.kerio.cz doesn't return a TXT record.

Anyhow, the unrecoverable error only seems to occur when no TXT record is found. There just don't seem to be many hosts out there with SPF records.

It would be less confusing if it said something like SPF result: no SPF record found... or something along those lines. "unrecoverable error during processing (PermError)" makes it look like it's not working properly, even though it's getting a response from the DNS server. It's actually the same error I was getting before I got TXT DNS queries to pass through our firewall, and the lookups were timing out.

Scott
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
Yeah, that's a valid complaint. I'll file a suggestion.

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Thanks Joshua.

Scott
Previous Topic: MailServer on a Linux OS with only terminal or SSH...
Next Topic: Can you use KOC 6.0.10 with KMS 6.1.0 ?????
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 18:13:04 CET 2017

Total time taken to generate the page: 0.00877 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.