Jaap van Wingerde
2013-01-13 12:34:24 UTC
/var/log/old/mail.log-20121219.gz:
Dec 18 20:12:33 gaugino postfix/smtpd[1954]: Anonymous TLS connection
established from ch1gmehub08.msn.com[207.46.200.12]: TLSv1 with cipher
AES128-SHA (128/128 bits)
Dec 18 20:12:34 gaugino policyd-spf[1956]:
spfcheck: pyspf result: "['None', '', 'helo']"
Dec 18 20:12:34 gaugino policyd-spf[1956]: None; identity=helo;
client-ip=207.46.200.12; helo=smtpi.msn.com;
envelope-from=account-security-***@microsoft.com;
receiver=***@van<cut>
Dec 18 20:12:34 gaugino policyd-spf[1956]: spfcheck: pyspf result:
"['Permerror', 'SPF Permanent Error: Too many DNS lookups',
'mailfrom']"
Dec 18 20:12:34 gaugino policyd-spf[1956]: Permerror;
identity=mailfrom; client-ip=207.46.200.12; helo=smtpi.msn.com;
envelope-from=account-security-***@microsoft.com;
receiver=***@van<cut>
Dec 18 20:12:34 gaugino dkimproxy.in[16897]: connect from 127.0.0.1
Dec 18 20:12:34 gaugino postfix/smtpd[1957]: initializing the
server-side TLS engine
Dec 18 20:12:34 gaugino postfix/smtpd[1957]: connect from
localhost[127.0.0.1]
Dec 18 20:12:34 gaugino postfix/smtpd[1954]: warning: proxy
127.0.0.1:10025 rejected "MAIL
FROM:<account-security-***@microsoft.com> SIZE=5696 AUTH=<>": "555
5.5.4 Unsupported option: AUTH=<>"
Dec 18 20:12:34 gaugino postfix/smtpd[1954]: disconnect from
ch1gmehub08.msn.com[207.46.200.12]
Is microsoft.com sending mail with invalid AUTH?
What means: "SPF Permanent Error: Too many DNS lookups'"?
Am I doing something wrong?
Kind regards,
Jaap van Wingerde.
***@gaugino:~$ sudo postconf -n
[sudo] password for jaap:
2bounce_notice_recipient = postmaster
alias_maps = hash:/etc/aliases
allow_min_user = no
allow_untrusted_routing = no
append_dot_mydomain = no
biff = no
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 30d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
defer_transports = etrn-only
delay_notice_recipient = postmaster
delay_warning_time = 0
disable_vrfy_command = yes
fast_flush_domains = mail.custard.shrl.nl
html_directory = /usr/share/doc/postfix/html
inet_interfaces = 94.142.<cut>, [2a02:898:62:<cut>
inet_protocols = all
local_destination_concurrency_limit = 2
luser_relay = postmaster
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_backoff_time = 300s
maximal_queue_lifetime = 30d
message_size_limit = 67108864
minimal_backoff_time = 60s
mydestination = <cut>
mydomain = <cut>.nl
myhostname = <cut>.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [2a02:898:62:<cut>
myorigin = <cut>.nl
notify_classes = 2bounce, delay, resource, software
queue_run_delay = 60s
readme_directory = /usr/share/doc/postfix
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
recipient_delimiter = +
relay_domains = $mydestination
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
smtp_bind_address6 = 2a02:898:62:<cut>
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_starttls_timeout = 300s
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_banner = $myhostname ESMTP NO UCE
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_helo_access hash:/etc/postfix/helo_checks, check_policy_service unix:private/policyd-spf, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_starttls_timeout = 300s
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl.cert
smtpd_tls_key_file = /etc/postfix/ssl.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_bytes = 32
tls_random_bytes = 32
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = <cut>
virtual_alias_maps = hash:/etc/postfix/virtual
***@gaugino:~$
Dec 18 20:12:33 gaugino postfix/smtpd[1954]: Anonymous TLS connection
established from ch1gmehub08.msn.com[207.46.200.12]: TLSv1 with cipher
AES128-SHA (128/128 bits)
Dec 18 20:12:34 gaugino policyd-spf[1956]:
spfcheck: pyspf result: "['None', '', 'helo']"
Dec 18 20:12:34 gaugino policyd-spf[1956]: None; identity=helo;
client-ip=207.46.200.12; helo=smtpi.msn.com;
envelope-from=account-security-***@microsoft.com;
receiver=***@van<cut>
Dec 18 20:12:34 gaugino policyd-spf[1956]: spfcheck: pyspf result:
"['Permerror', 'SPF Permanent Error: Too many DNS lookups',
'mailfrom']"
Dec 18 20:12:34 gaugino policyd-spf[1956]: Permerror;
identity=mailfrom; client-ip=207.46.200.12; helo=smtpi.msn.com;
envelope-from=account-security-***@microsoft.com;
receiver=***@van<cut>
Dec 18 20:12:34 gaugino dkimproxy.in[16897]: connect from 127.0.0.1
Dec 18 20:12:34 gaugino postfix/smtpd[1957]: initializing the
server-side TLS engine
Dec 18 20:12:34 gaugino postfix/smtpd[1957]: connect from
localhost[127.0.0.1]
Dec 18 20:12:34 gaugino postfix/smtpd[1954]: warning: proxy
127.0.0.1:10025 rejected "MAIL
FROM:<account-security-***@microsoft.com> SIZE=5696 AUTH=<>": "555
5.5.4 Unsupported option: AUTH=<>"
Dec 18 20:12:34 gaugino postfix/smtpd[1954]: disconnect from
ch1gmehub08.msn.com[207.46.200.12]
Is microsoft.com sending mail with invalid AUTH?
What means: "SPF Permanent Error: Too many DNS lookups'"?
Am I doing something wrong?
Kind regards,
Jaap van Wingerde.
***@gaugino:~$ sudo postconf -n
[sudo] password for jaap:
2bounce_notice_recipient = postmaster
alias_maps = hash:/etc/aliases
allow_min_user = no
allow_untrusted_routing = no
append_dot_mydomain = no
biff = no
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 30d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
defer_transports = etrn-only
delay_notice_recipient = postmaster
delay_warning_time = 0
disable_vrfy_command = yes
fast_flush_domains = mail.custard.shrl.nl
html_directory = /usr/share/doc/postfix/html
inet_interfaces = 94.142.<cut>, [2a02:898:62:<cut>
inet_protocols = all
local_destination_concurrency_limit = 2
luser_relay = postmaster
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_backoff_time = 300s
maximal_queue_lifetime = 30d
message_size_limit = 67108864
minimal_backoff_time = 60s
mydestination = <cut>
mydomain = <cut>.nl
myhostname = <cut>.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [2a02:898:62:<cut>
myorigin = <cut>.nl
notify_classes = 2bounce, delay, resource, software
queue_run_delay = 60s
readme_directory = /usr/share/doc/postfix
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
recipient_delimiter = +
relay_domains = $mydestination
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
smtp_bind_address6 = 2a02:898:62:<cut>
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_starttls_timeout = 300s
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_banner = $myhostname ESMTP NO UCE
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_helo_access hash:/etc/postfix/helo_checks, check_policy_service unix:private/policyd-spf, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_starttls_timeout = 300s
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl.cert
smtpd_tls_key_file = /etc/postfix/ssl.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_bytes = 32
tls_random_bytes = 32
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = <cut>
virtual_alias_maps = hash:/etc/postfix/virtual
***@gaugino:~$