Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#24 resolver error (sid-milter doing PRA check)?

v0.2.14
closed-out-of-date
3
2008-05-27
2006-12-12
Fredrik Pettai
No

Hi,

There seems to be some sort of trouble with the PRA check with sid-milter v. 0.2.14 then a person emails us. (Or it could be the error message that's giving wrong clues?)

Looking in the logs, I see this:

Dec 11 10:43:46 mx1 sendmail[4218]: [ID 801593 mail.info] kBB9hkBu004218: Milter (sid-filter): init success to negotiate Dec 11 10:43:49 mx1 sendmail[4218]: [ID 801593 mail.info] kBB9hkBu004218: from=<xxxxxx.xxxxx@maxm.se>, size=235422, class=0, nrcpts=1, msgid=<200612110943.kBB9hkBu004218@mx1.vattenfall.se>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA-v4, relay=mail.maxm.se [62.119.138.101]
Dec 11 10:43:55 mx1 sid-filter[18609]: [ID 337111 mail.error] kBB9hkBu004218 ar_waitreply() failed: Too many retries
Dec 11 10:43:55 mx1 sid-filter[18609]: [ID 539848 mail.error] kBB9hkBu004218 sid_marid_check(): PRA xxxxxx.xxxxx@maxm.se: -2 ( < mx maxm.se?)
Dec 11 10:43:55 mx1 sendmail[4218]: [ID 801593 mail.info] kBB9hkBu004218: Milter: data, reject=451 4.7.0 Too many retries
Dec 11 10:43:55 mx1 sendmail[4218]: [ID 801593 mail.info] kBB9hkBu004218: to=<xxx@forsmark.vattenfall.se>, delay=00:00:07, pri=265422, stat=Too many retries

I do some checks in there domain...

# dig -t NS maxm.se (shortshort version)

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1489 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; ANSWER SECTION:
maxm.se. 3600 IN NS ns.maxm.se.
maxm.se. 3600 IN NS ns1.sourcecom.se.

Check the SPF record... (both ns:es works fine and give the same answer)

# dig -t TXT maxm.se @ns.maxm.se. (short version)

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 569 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;maxm.se. IN TXT

;; ANSWER SECTION:
maxm.se. 3600 IN TXT "v=spf1 mx ptr"

;; AUTHORITY SECTION:
maxm.se. 3600 IN NS ns.maxm.se.
maxm.se. 3600 IN NS ns1.sourcecom.se.

;; ADDITIONAL SECTION:
ns.maxm.se. 3600 IN A 62.119.138.98

As I interpret this SPF policy, all mx and *.maxm.se reverse-resolvable hosts should be able to send mail from maxm.se. But it seems that sid-milter interpret this differently...

# dig -x 62.119.138.101 gives me mail.maxm.se on both auth-dns:es, (which are dns1.utfors.se and dns2.utfors.se) so I don't understand why this fails by sid-milter.

# dig -t MX maxm.se @ns.maxm.se. also works fine.
I'm just (re)trying that since the error-message from sid-milter
"sid_marid_check(): PRA xxxxxx.xxxxx@maxm.se: -2 ( < mx maxm.se?)"

/P

Discussion

1 2 > >> (Page 1 of 2)
  • Fredrik Pettai
    Fredrik Pettai
    2006-12-12

    Logged In: YES
    user_id=370342
    Originator: YES

    Example of MIME-header, which looks normal

    Delivered-To: xxxxxxxxxxxx@gmail.com
    Received: by 10.70.25.9 with SMTP id 9cs520409wxy;
    Tue, 12 Dec 2006 07:35:56 -0800 (PST)
    Received: by 10.67.119.13 with SMTP id w13mr11917468ugm.1165937756004;
    Tue, 12 Dec 2006 07:35:56 -0800 (PST)
    Return-Path: <xxxxxxx.xxxxx@maxm.se>
    Received: from mail.maxm.se (mail.maxm.se [62.119.138.101])
    by mx.google.com with ESMTP id m4si6930022ugc.2006.12.12.07.35.55;
    Tue, 12 Dec 2006 07:35:55 -0800 (PST)
    Received-SPF: pass (google.com: domain of xxxxxxxxxxxxxx@maxm.se designates 62.119.138.101 as permitted sender)
    Message-id: <fc.000f677200c08f20000f677200c08f20.c09120@maxm.se>
    Date: Tue, 12 Dec 2006 16:39:38 +0100
    Subject: Mail till Vattenfall
    X-Mailer: FirstClass 8.3 (build 8.262)
    X-FC-SERVER-TZ: 181272836
    To: xxxxxxxxxxxxxx@gmail.com
    From: "XXXXXXX XXXXXXXXX" <xxxxxxx.xxxxxxxxx@maxm.se>
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="--=_--00c09120.00c08f20.c1a47dba"

    This is a multi-part message in MIME format.

    ----=_--00c09120.00c08f20.c1a47dba
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: 8bit

     
  • Fredrik Pettai
    Fredrik Pettai
    2006-12-15

    • summary: mx/ptr resolv/parsing error (in PRA check)? --> resolver error (in PRA check)?
     
  • Fredrik Pettai
    Fredrik Pettai
    2006-12-15

    Logged In: YES
    user_id=370342
    Originator: YES

    This might be a resolver error according to Dick St.Peters.
    I will investige this futher...

    /P

     
  • Fredrik Pettai
    Fredrik Pettai
    2006-12-15

    • summary: resolver error (in PRA check)? --> resolver error (sid-milter doing PRA check)?
    • priority: 5 --> 3
     
    • assigned_to: nobody --> sm-msk
     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    Was this ever resolved? Is it still a bug?

     
    • status: open --> pending
     
  • Fredrik Pettai
    Fredrik Pettai
    2008-05-22

    Logged In: YES
    user_id=370342
    Originator: YES

    Well, I don't remember that now. The problem is also that I can't test it,
    since sid-milter is broken under NetBSD. I'll post a bug-report on that.

     
  • Fredrik Pettai
    Fredrik Pettai
    2008-05-22

    • status: pending --> open
     
  • Fredrik Pettai
    Fredrik Pettai
    2008-05-26

    Logged In: YES
    user_id=370342
    Originator: YES

    Ok, I used libar from dkim-milter(-2.5.4) as you proposed and compiled it with sid-milter.
    It seems to work fine...

    I got an answer from maxm.se now and both checks are good.

    Authentication-Results: nordu.net smtp.mail=xxxxx.xxxxxx@maxm.se; spf=pass
    Authentication-Results: nordu.net header.from=xxxxx.xxxxxx@maxm.se; sender-id=pass

    But there are at least three changes made since last time:

    1. Most importantly (I think): I used a newer libar (dkim-milter-2.5.4)

    2. It's NetBSD 4.0 instead of Solaris 10

    3. NS:es has changed a bit:
    maxm.se. 3171 IN NS ns.maxm.se.
    maxm.se. 3171 IN NS gatekeeper.carnegie.se.

    So since I can't reproduce this, I think you can close this for now...

     
1 2 > >> (Page 1 of 2)