Я отправил тестовое электронное письмо с помощью инструмента проверки электронной почты port25.com и полностью получил приведенные ниже результаты. Может кто-нибудь сказать мне, чего не хватает и почему не работает SPF?
Большое спасибо!
-сул.
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: fail
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: fail
DKIM check: none
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: smtp4.fiu.edu
Source IP: 131.94.79.14
mail-from: prvs=956918cfdd=volunteer@thewolf.fiu.edu
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: fail (not permitted)
ID(s) verified: smtp.mailfrom=prvs=956918cfdd=volunteer@thewolf.fiu.edu
DNS record(s):
thewolf.fiu.edu. SPF (no records)
thewolf.fiu.edu. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
spf.protection.outlook.com. SPF (no records)
spf.protection.outlook.com. 428 IN TXT "v=spf1 ip4:207.46.101.128/26 ip4:207.46.108.0/25 ip4:207.46.100.0/24 ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.55.133.0/25 ip4:157.56.110.0/23 ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.0/24 include:spfa.protection.outlook.com -all"
spfa.protection.outlook.com. SPF (no records)
spfa.protection.outlook.com. 318 IN TXT "v=spf1 ip4:157.56.120.0/25 ip4:157.56.116.0/25 ip4:157.56.112.0/24 ip4:134.170.140.0/24 ip4:134.170.132.0/24 ip4:207.46.51.64/26 ip4:157.55.158.0/23 ip4:157.56.87.192/26 ip4:64.4.22.64/26 include:spfb.protection.outlook.com -all"
spfb.protection.outlook.com. SPF (no records)
spfb.protection.outlook.com. 569 IN TXT "v=spf1 ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.181.0/24 -all"
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=volunteer@thewolf.fiu.edu
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: fail (not permitted)
ID(s) verified: header.From=volunteer@thewolf.fiu.edu
DNS record(s):
thewolf.fiu.edu. SPF (no records)
thewolf.fiu.edu. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
spf.protection.outlook.com. SPF (no records)
spf.protection.outlook.com. 428 IN TXT "v=spf1 ip4:207.46.101.128/26 ip4:207.46.108.0/25 ip4:207.46.100.0/24 ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.55.133.0/25 ip4:157.56.110.0/23 ip4:157.55.234.0/24 ip4:213.199.154.0/24 ip4:213.199.180.0/24 include:spfa.protection.outlook.com -all"
spfa.protection.outlook.com. SPF (no records)
spfa.protection.outlook.com. 318 IN TXT "v=spf1 ip4:157.56.120.0/25 ip4:157.56.116.0/25 ip4:157.56.112.0/24 ip4:134.170.140.0/24 ip4:134.170.132.0/24 ip4:207.46.51.64/26 ip4:157.55.158.0/23 ip4:157.56.87.192/26 ip4:64.4.22.64/26 include:spfb.protection.outlook.com -all"
spfb.protection.outlook.com. SPF (no records)
spfb.protection.outlook.com. 569 IN TXT "v=spf1 ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21 ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.181.0/24 -all"
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: none (message not signed)
ID(s) verified: header.d=none;
NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)
Result: ham (-1.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openspf.net_Why-3Fs-3Dmfrom-3Bid-3Dprvs-253D956918cfdd-253Dvolunteer-2540thewolf.fiu.edu-3Bip-3D131.94.79.14-3Br-3Dverifier.port25.com&d=AwIBAg&c=1QsCMERiq7JOmEnKpsSyjg&r=B3cGUFbtTm6kAXa577pfH-IzxFwv8TPRixkn15i-XJY&m=TRoiKJpKfbcuDTpQ3Yv8LEewM5hqAQAoPp5Yv5I51h4&s=qkneHL-pZ43fMAx0FXiXqNS1zWHCpaKi1Idxpm7TLxw&e= ]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0001]
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 TVD_SPACE_RATIO No description available.
==========================================================
Explanation of the possible results (from RFC 5451) ==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <prvs=956918cfdd=volunteer@thewolf.fiu.edu>
Received: from smtp4.fiu.edu (131.94.79.14) by verifier.port25.com id h9f3ca20i3gh for <check-auth@verifier.port25.com>; Thu, 7 May 2015 16:10:45 -0400 (envelope-from <prvs=956918cfdd=volunteer@thewolf.fiu.edu>)
Authentication-Results: verifier.port25.com; spf=fail (not permitted) smtp.mailfrom=prvs=956918cfdd=volunteer@thewolf.fiu.edu
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=volunteer@thewolf.fiu.edu
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=fail (not permitted) header.From=volunteer@thewolf.fiu.edu
Received: from pps.filterd (smtp4.fiu.edu [127.0.0.1])
by smtp4.fiu.edu (8.14.5/8.14.5) with SMTP id t47K1oJT026934
for <check-auth@verifier.port25.com>; Thu, 7 May 2015 16:10:43 -0400
Received: from fiumailsmtp.fiu.edu (dithub02.ad.fiu.edu [131.94.72.23])
by smtp4.fiu.edu with ESMTP id 1u8ctpj502-1
for <check-auth@verifier.port25.com>; Thu, 07 May 2015 16:10:43 -0400
Received: from na01-bn1-obe.outbound.protection.outlook.com (207.46.163.187) by fiu.edu (192.168.251.14) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 7 May 2015 16:10:43 -0400
Received: from BN1PR05MB391.namprd05.prod.outlook.com (10.141.60.153) by BN1PR05MB389.namprd05.prod.outlook.com (10.141.60.142) with Microsoft SMTP Server (TLS) id 15.1.154.19; Thu, 7 May 2015 20:10:41 +0000
Received: from BN1PR05MB391.namprd05.prod.outlook.com ([169.254.16.123]) by BN1PR05MB391.namprd05.prod.outlook.com ([169.254.16.123]) with mapi id 15.01.0148.019; Thu, 7 May 2015 20:10:41 +0000
From: Wolfsonian Volunteer Staff <volunteer@thewolf.fiu.edu>
To: "check-auth@verifier.port25.com" <check-auth@verifier.port25.com>
Subject: Testing Email
Thread-Topic: Testing Email
Thread-Index: AQHQiQHk6bF4oIqMzE+Ui0lky4WTGA==
Date: Thu, 7 May 2015 20:10:41 +0000
Message-ID: <1431029441066.95255@thewolf.fiu.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: verifier.port25.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [131.94.187.17]
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB389;
x-microsoft-antispam-prvs: <BN1PR05MB389C10D8211381209873E92F7DF0@BN1PR05MB389.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(5005006)(3002001);SRVR:BN1PR05MB389;BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB389;
x-forefront-prvs: 056929CBB8
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(551214005)(50986999)(122556002)(5001960100002)(107886002)(2656002)(110136002)(40100003)(558084003)(62966003)(75432002)(54356999)(189998001)(87936001)(92566002)(2900100001)(450100001)(102836002)(106116001)(19625215002)(88552001)(16236675004)(46102003)(2501003)(66066001)(2351001)(86362001)(229853001)(19627405001)(77156002)(117636001)(89122001)(99286002)(221733001);DIR:OUT;SFP:1101;SCL:1;SRVR:BN1PR05MB389;H:BN1PR05MB391.namprd05.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en;
Content-Type: multipart/alternative;
boundary="_000_143102944106695255thewolffiuedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2015 20:10:41.4014
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ac79e5a8-e0e4-434b-a292-2c89b5c28366
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB389
X-OriginatorOrg: thewolf.fiu.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000
definitions=2015-05-07_06:2015-05-07,2015-05-07,1970-01-01 signatures=0
x-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 classifier= adjust=0 reason=safe scancount=1 engine=7.0.1-1402240000
definitions=main-1505070247
--_000_143102944106695255thewolffiuedu_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
?Test.
--_000_143102944106695255thewolffiuedu_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 1"> <style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi= n-bottom:0;} --></style> </head> <body dir=3D"ltr"> <div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;back=
ground-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>​Test.<br>
</p>
</div>
</body>
</html>
--_000_143102944106695255thewolffiuedu_--
Ваше письмо было отправлено в Интернет через smtp4.fiu.edu (131.94.79.14). Однако ни это имя, ни IP-адрес не указаны в вашей записи SPF как авторизованного отправителя.
Запись SPF показывает только Office 365 в качестве авторизованного отправителя для thewolf.fiu.edu. Никакие другие хосты не авторизованы для отправки почты, и это правильно не удалось.
Поскольку вы отправляете почту через другие почтовые серверы, вам следует добавить их IP-адреса в свою запись SPF. Или вы можете изменить свои собственные почтовые серверы для перенаправления исходящей почты через Office 365.
Письмо было доставлено 131.94.79.14 (smtp4.fiu.edu).
В SPF запись говорит v=spf1 include:spf.protection.outlook.com -all.
131.94.79.14 не похоже на адреса, перечисленные в spf.protection.outlook.com (и связанное имя, smtp4.fiu.edu, предполагает, что он не имеет отношения к почтовой службе Microsoft).
Казалось бы, либо ошибка в том, что письмо было отправлено через 131.94.79.14 когда на самом деле он должен был быть отправлен через серверы Outlook.com или ошибка в том, что SPF record позволяет доставлять почту только серверами, связанными с Outlook.com, если также есть хотя бы один другой сервер, которому должно быть разрешено доставлять почту для этого домена.