[AusNOG] [Confirmed Fix] iiNet/WestNet Anti-Spam - False Positives

David Rawling djr at pdconsec.net
Tue Mar 30 23:20:19 EST 2021


Hi all

Final update: fix is confirmed. The duplicate broken records were being
retrieved and parsed, returning permerror for reasons obvious now
they're corrected. It seems iiNet is (now?) evaluating the SPF records
that apply to the HELO/EHLO command and response, in addition to domain
of the sending address, and therefore the broken records for the server
names were the root cause of failure.

It's worth noting that the enhanced status code from iiNet is 5.7.1
instead of 5.5.2 (cf. RFC 7208 8.7) if you're investigating this - not
that it would have helped me, but if you know the RFCs better ...

Thanks to the iiNet engineer who had the log explaining what was being
resolved!

Dave. 
--
David Rawling
t: +61 41 213 5513  |  e: djr at pdconsec.net

On Fri, 2021-03-26 at 20:07 +1100, David Rawling wrote:
> Hi all
> 
> Thanks everyone for the enthusiastic and significant responses. An
> iiNet engineer (whose details I obviously won't publish without their
> express permission) reached out with some debug logs from the iiNet
> server that seemed to point the finger at SPF records for the
> individual servers - rather than the domain - and it looks like
> someone
> at the customer has created new broken records for each SMTP source
> server.
> 
> I've beaten those records into line and I've asked the customer to
> retest - thanks again for all the help everyone. Will advise
> (probably
> Monday) of success or failure.
> 
> Dave.
> --
> David Rawling
> t: +61 41 213 5513  |  e: djr at pdconsec.net
> 
> On Fri, 2021-03-26 at 11:26 +1100, David Rawling wrote:
> > Hi all
> > 
> > I think this is only tangentially on topic for AusNOG, but could
> > someone point me in the direction of a contact at TPG/iiNet/WestNet
> > to
> > help resolve mail delivery issues to iiNet and Westnet addresses?
> > 
> > I have a customer who's been unable to send to iiNet et al for a
> > couple
> > of weeks now; the iiNet server is returning "5.7.1 SPF unauthorized
> > mail is prohibited" for domains with valid SPF and also for domains
> > with no SPF records.
> > 
> > They have had no issues with other networks including GMail, O365
> > and
> > the like.
> > 
> > I do have an open incident with iiNet but the responses haven't
> > helped.
> > There are also isolated reports elsewhere of the same problem. I've
> > validated the customer's SPF/DKIM/DMARC, and they seem OK to me,
> > but
> > I
> > just want to fix it. That means if I'm wrong I want someone to tell
> > me
> > how I've stuffed up.
> > 
> > Thanks in advance
> > 
> > Dave.



More information about the AusNOG mailing list