Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - exceeding maxspfallowedloop
  FAQ FAQ  Forum Search   Register Register  Login Login

exceeding maxspfallowedloop

 Post Reply Post Reply
Author
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Topic: exceeding maxspfallowedloop
    Posted: 20 March 2014 at 12:35pm
We are getting errors in checking spf records for incoming mail as follows:
 

03/19/14 13:28:34:341 -- (180185632) Detected TCP Connection: 207.46.163.181

03/19/14 13:28:34:356 -- (180185632) Connection from: 207.46.163.181 - Originating country : United States

03/19/14 13:28:34:512 -- (180185632) Received STARTTLS command

03/19/14 13:28:34:996 -- (180185632) Received MAIL FROM: xxxxxx@Coalfire.com

03/19/14 13:28:35:121 -- (180185632) Resolving 207.46.163.181 - mail-bn1blp0181.outbound.protection.outlook.com

03/19/14 13:28:35:292 -- (180185632) found SPF record for Coalfire.com: v=spf1 ip4:67.137.78.0/24 a:mail.coalfiresystems.com include:salesforce.com include:aspmx.pardot.com include:elabs10.com include:spf.protection.outlook.com include:msoprd.msft.net -all

03/19/14 13:28:35:355 -- (180185632) found SPF record for salesforce.com: v=spf1 include:_spf.google.com ip4:96.43.144.0/20 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:204.14.232.0/21 ip4:62.17.146.128/26 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:68.232.207.20 ip4:207.67.38.45 mx ~all

03/19/14 13:28:35:386 -- (180185632) found SPF record for _spf.google.com: v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks.google.com: v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks2.google.com: v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks2.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks3.google.com: v=spf1 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks3.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _spf.google.com done: - softfail

03/19/14 13:28:35:417 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:417 -- (180185632) - SPF analysis for salesforce.com done: - softfail

03/19/14 13:28:35:433 -- (180185632) found SPF record for aspmx.pardot.com: v=spf1 ip4:199.122.123.188/30 include:a._spf.pardot.com include:b._spf.pardot.com include:c._spf.pardot.com include:s._spf.pardot.com ?all

03/19/14 13:28:35:448 -- (180185632) found SPF record for a._spf.pardot.com: v=spf1 ip4:74.86.241.250 ip4:74.86.207.36/30 ip4:74.86.113.28/30 ip4:74.86.241.251 ip4:174.37.67.28/30 ip4:67.228.21.184/29 ip4:74.86.226.216/30 ip4:74.86.164.188/30 ip4:67.228.2.24/30 ip4:74.86.171.192/30 ip4:74.86.195.28/30 ?all

03/19/14 13:28:35:448 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:448 -- (180185632) - SPF analysis for a._spf.pardot.com done: - neutral

03/19/14 13:28:35:464 -- (180185632) found SPF record for b._spf.pardot.com: v=spf1 ip4:74.86.236.240/30 ip4:74.86.131.208/30 ip4:67.228.37.4/30 ip4:74.86.160.160/30 ip4:74.86.129.240/30 ip4:74.86.132.208/30 ip4:208.43.21.28/30 ip4:208.43.21.64/29 ip4:208.43.21.72/30 ip4:174.36.114.128/30 ip4:174.36.114.140/30 ?all

03/19/14 13:28:35:464 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:464 -- (180185632) - SPF analysis for b._spf.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) found SPF record for c._spf.pardot.com: v=spf1 ip4:174.36.84.12/30 ip4:174.36.84.144/29 ip4:174.36.84.16/29 ip4:174.36.84.240/29 ip4:174.36.114.148/30 ip4:174.36.114.152/29 ip4:174.36.84.32/29 ip4:174.36.84.8/30 ip4:174.36.85.248/30 ip4:207.67.98.209/28 ?all

03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for c._spf.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for aspmx.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) SPF query result: fail

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for Coalfire.com done: - fail

03/19/14 13:28:35:480 -- (180185632) failed SPF test (fail) - Disconnecting 207.46.163.181

03/19/14 13:28:35:495 -- (180185632) 207.46.163.181 - Mail from: xxxxxxx.xxxxx@Coalfire.com To: xxxxxxxx.xxxxxx@portofportland.com will be rejected

03/19/14 13:28:35:495 -- (180185632) Bypassed all rules for: xxxxx.xxxxx@portofportland.com from xxxx.xxxx@Coalfire.com ( AutoWhiteList Force Delivery)

03/19/14 13:28:35:620 -- (180185632) Received RCPT TO: xxxx.yyyy@portofportland.com

03/19/14 13:28:35:636 -- (180185632) Mail from: xxxx@Coalfire.com

03/19/14 13:28:35:636 -- (180185632) 207.46.163.181 - Mail from: xxxx.xxx@Coalfire.com To: xxx@portofportland.com will be rejected

As you can see one user had the sender whitelisted so they recieved the email but another did not so it was quarantined.  (I munged the names to hide the email addresses...).  Is there anyway to increase the spf loop count?

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2014 at 4:29pm
The MaxSPFAllowedLoops value in SpamFilter is hardcoded to "10" and is one of the few parameters that cannot be modified via .ini settings. We had never seen this threshold (which is used to prevent denial of service attacks to SpamFilter via sender's domain names with malicious SPF records in their DNS) cause any issues before. 

In this case it however blocking a legitimate email for a domain that has many more nested include SPF statements in their DNS. We'll be completing a patch within the next 24/48 hours to address this by increasing this threshold and making it customizable. 

It will take a couple of days of internal testing before releasing to the public. If you would like to receive it sooner before we complete the internal QA tests please let us know via email at support @ logsat.com - we'll provided it to you asap.


Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 23 March 2014 at 9:43am
A new pre-release of SpamFilter (v4.5.1.99) is available in the registered user area. The changes since the latest official release (4.5.1.98) are as follows:

// New to VersionNumber = '4.5.1.99';

{TODO -cNew : Added parameter MaxSPFAllowedLoops in SpamFilter.ini file. This parameter used to be hardcoded to "10" in SpamFilter and it is not customizable. It is used to limit the number of nested include directives allowed in an SPF query. Used to limit the risk of DoS attacks using malicious SPF DNS records}

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.