3 Replies Latest reply on Jan 13, 2011 1:24 PM by ijahnke

    error:450:SPF dns error ==>  Connection dropped

      I'm currently facing one issue receiving some messages from a specific domain. Sometimes, the delivery fails due to a 'SPF dns error' causing a dropping connection.

      See below one example. Does someone know what is causing such issue ? Is the problem on my DNS or on the sender Internet DNS ?

       

      My Ironmail is running 6.7.2 HF3

       

      Thanks for your help !

       

       

       

      Extract from my Event :

      20110106:10:03:09|22893657642666|10249|Performing TS Lookup -|protocol <RBLDNS> query=<d.aZikcA1A9veZVHcUqkp1CFD4Km6rwcCZ6F1cI8VP2WLD96alUzvdB7PH6f9n.7FSGTfbyU B_zt3r-pajympfvLe69v-NwNM_q8cRmMxemY83HXxgGtp3vBtJE.aKmgdapbAgL5kxeKz-2PU1CYh3sk aHV1ZfmKV2V2mabQ5eLnd4xExby2_eW5.JAdlesj8_EnQk0VeRGQlR3AkARKrH7dX9vWnXUCBzfGiCKT A>|

      20110106:10:03:09|22893657642666|10250|TrustedSource Result - <status:lookup_ip:ipscore:score:dq_status:time> -|<0:199.49.1.56:0:-8:0:28658.000000>|

      20110106:10:03:09|22893657642666|11014|User - GroupID info -|{'senderaddress@senderdomain': [1], 'recipientaddress@mydomain.com': [18L, 1], 'mydomain.com': [18L, 1], 'senderdomain': [1]}|

      20110106:10:03:09|22893657642666|11015|Group ID - Name -|{1: 'global', 18L: 'MyLdap'}|

      20110106:10:03:09|22893657642666|11023|Applied Policies, Applied Rules: <policies:rules> -|<[7197L]:[233508, 232417, 233545, 233878, 233677, 233514,

      ...

      233626, 232827, 233377, 232666, 233788, 233801, 233041, 233391, 234133, 232606, 233043, 232987, 233404, 232323, 232327, 233420, 232624, 233431, 232319]>|

      20110106:10:03:09|22893657642666|11022|Bypass rules triggered for the message - IDs: <msgid:ruleids> -|<133602168:[]>|

      20110106:10:03:09|22893657642666|2306|DKIM Signature not present or invalid.||

      20110106:10:13:40|22893657642666|9731|SenderID Result for PRA MTA Status Explanation: <pra:spfresult0:spfresult1:spfresult2> -|<senderaddress@senderdomain:error:450:SPF dns error>|

      20110106:10:13:40|22893657642666|6664|Message Details ID||FILENAME||FROMADDR||TOADDR|VIPID <msgid:filename:fromaddr:toaddr:vip> -|<133602168:/ct/data/mss/00/13/36/02/168:senderaddress@senderdomain:['recipientaddress@mydomain.com']:0>|

      20110106:10:13:40|22893657642666|6665|Created new Message ID and File <msgid:file> -|<133602168:/ct/data/mss/00/13/36/02/168>|

      20110106:10:13:40|22893657642666|9308|Message information <Source IP:Port:Message ID>|199.49.1.56:55054:133602168|

      20110106:10:13:40|22893657642666|9313|Unable to communicate with client to confirm delivery, message rolled back||

      20110106:10:13:40|22893657642666|9312|Socket communication failed with client. Connection dropped||

      20110106:10:13:40|22893657642666|9234|Processing completed.||

      [McAfee]:

        • 1. Re: error:450:SPF dns error ==>  Connection dropped
          ijahnke

          It looks like there was a network timeout because the message failed after 10 minutes (the default timeout). First check and make sure that if the sender has multiple mx records that all of them resolve and none timeout. If the ironmail is set to do reverse mx lookups it will check all mx records listed for a domain to verify the authenticity of the domain.

           

           

          so if domain A is sending to you with three different mx records and one does not resolve it would look something like this:

           

           

          dig mx a.com

           

          20 1.a.com.

          30 2.a.com.

          10 a.com.

           

          dig a.com

          192.168.0.20

          dig 2.a.com

          192.168.0.21

          dig 1.a.com

          ;; connection timed out; no servers could be reached

           

           

          Normally you should get a response back that the domain doesnt exist, but in this case the domain doesnt resolve to any ip address. The ironmail will eventually timeout attemtping to resolve 1.a.com because it never recieves an answer back from its DNS servers. Under normal circumstances it should recieve a SRVFAIL response.

          • 2. Re: error:450:SPF dns error ==>  Connection dropped

            Where do you check on the Ironmails to see if it is configured for Reverse Lookups?

            • 3. Re: error:450:SPF dns error ==>  Connection dropped
              ijahnke

              Anti-Spam -> Anti-Spam Advanced -> Reverse DNS

               

               

              Also check

              Anti-Spam -> SpamProfiler -> Configure (there is a setting for reverse dns here also)