Print Page | Close Window

exceeding maxspfallowedloop

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=7074
Printed Date: 22 November 2017 at 7:34am


Topic: exceeding maxspfallowedloop
Posted By: Terry
Subject: exceeding maxspfallowedloop
Date Posted: 20 March 2014 at 12:35pm
We are getting errors in checking spf records for incoming mail as follows:
 

03/19/14 13:28:34:341 -- (180185632) Detected TCP Connection: 207.46.163.181

03/19/14 13:28:34:356 -- (180185632) Connection from: 207.46.163.181 - Originating country : United States

03/19/14 13:28:34:512 -- (180185632) Received STARTTLS command

03/19/14 13:28:34:996 -- (180185632) Received MAIL FROM: mailto:xxxxxx@Coalfire.com" rel="nofollow - xxxxxx@Coalfire.com

03/19/14 13:28:35:121 -- (180185632) Resolving 207.46.163.181 - mail-bn1blp0181.outbound.protection.outlook.com

03/19/14 13:28:35:292 -- (180185632) found SPF record for Coalfire.com: v=spf1 ip4:67.137.78.0/24 a:mail.coalfiresystems.com include:salesforce.com include:aspmx.pardot.com include:elabs10.com include:spf.protection.outlook.com include:msoprd.msft.net -all

03/19/14 13:28:35:355 -- (180185632) found SPF record for salesforce.com: v=spf1 include:_spf.google.com ip4:96.43.144.0/20 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:204.14.232.0/21 ip4:62.17.146.128/26 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:68.232.207.20 ip4:207.67.38.45 mx ~all

03/19/14 13:28:35:386 -- (180185632) found SPF record for _spf.google.com: v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks.google.com: v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks2.google.com: v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks2.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) found SPF record for _netblocks3.google.com: v=spf1 ~all

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _netblocks3.google.com done: - softfail

03/19/14 13:28:35:386 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:386 -- (180185632) - SPF analysis for _spf.google.com done: - softfail

03/19/14 13:28:35:417 -- (180185632) SPF query result: softfail

03/19/14 13:28:35:417 -- (180185632) - SPF analysis for salesforce.com done: - softfail

03/19/14 13:28:35:433 -- (180185632) found SPF record for aspmx.pardot.com: v=spf1 ip4:199.122.123.188/30 include:a._spf.pardot.com include:b._spf.pardot.com include:c._spf.pardot.com include:s._spf.pardot.com ?all

03/19/14 13:28:35:448 -- (180185632) found SPF record for a._spf.pardot.com: v=spf1 ip4:74.86.241.250 ip4:74.86.207.36/30 ip4:74.86.113.28/30 ip4:74.86.241.251 ip4:174.37.67.28/30 ip4:67.228.21.184/29 ip4:74.86.226.216/30 ip4:74.86.164.188/30 ip4:67.228.2.24/30 ip4:74.86.171.192/30 ip4:74.86.195.28/30 ?all

03/19/14 13:28:35:448 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:448 -- (180185632) - SPF analysis for a._spf.pardot.com done: - neutral

03/19/14 13:28:35:464 -- (180185632) found SPF record for b._spf.pardot.com: v=spf1 ip4:74.86.236.240/30 ip4:74.86.131.208/30 ip4:67.228.37.4/30 ip4:74.86.160.160/30 ip4:74.86.129.240/30 ip4:74.86.132.208/30 ip4:208.43.21.28/30 ip4:208.43.21.64/29 ip4:208.43.21.72/30 ip4:174.36.114.128/30 ip4:174.36.114.140/30 ?all

03/19/14 13:28:35:464 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:464 -- (180185632) - SPF analysis for b._spf.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) found SPF record for c._spf.pardot.com: v=spf1 ip4:174.36.84.12/30 ip4:174.36.84.144/29 ip4:174.36.84.16/29 ip4:174.36.84.240/29 ip4:174.36.114.148/30 ip4:174.36.114.152/29 ip4:174.36.84.32/29 ip4:174.36.84.8/30 ip4:174.36.85.248/30 ip4:207.67.98.209/28 ?all

03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for c._spf.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) SPF query result: neutral

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for aspmx.pardot.com done: - neutral

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) Error during ParseSPFRecord: loop detected in include mechanism, exceeded MaxSPFAllowedLoops

03/19/14 13:28:35:480 -- (180185632) SPF query result: fail

03/19/14 13:28:35:480 -- (180185632) - SPF analysis for Coalfire.com done: - fail

03/19/14 13:28:35:480 -- (180185632) failed SPF test (fail) - Disconnecting 207.46.163.181

03/19/14 13:28:35:495 -- (180185632) 207.46.163.181 - Mail from: mailto:xxxxxxx.xxxxx@Coalfire.com" rel="nofollow - xxxxxxx.xxxxx@Coalfire.com To: mailto:xxxxxxxx.xxxxxx@portofportland.com" rel="nofollow - xxxxxxxx.xxxxxx@portofportland.com will be rejected

03/19/14 13:28:35:495 -- (180185632) Bypassed all rules for: mailto:xxxxx.xxxxx@portofportland.com" rel="nofollow - xxxxx.xxxxx@portofportland.com from mailto:xxxx.xxxx@Coalfire.com" rel="nofollow - xxxx.xxxx@Coalfire.com ( AutoWhiteList Force Delivery)

03/19/14 13:28:35:620 -- (180185632) Received RCPT TO: mailto:xxxx.yyyy@portofportland.com" rel="nofollow - xxxx.yyyy@portofportland.com

03/19/14 13:28:35:636 -- (180185632) Mail from: mailto:xxxx@Coalfire.com" rel="nofollow - xxxx@Coalfire.com

03/19/14 13:28:35:636 -- (180185632) 207.46.163.181 - Mail from: mailto:xxxx.xxx@Coalfire.com" rel="nofollow - xxxx.xxx@Coalfire.com To: mailto:xxx@portofportland.com" rel="nofollow - xxx@portofportland.com will be rejected

As you can see one user had the sender whitelisted so they recieved the email but another did not so it was quarantined.  (I munged the names to hide the email addresses...).  Is there anyway to increase the spf loop count?

 




Replies:
Posted By: LogSat
Date Posted: 20 March 2014 at 4:29pm
The MaxSPFAllowedLoops value in SpamFilter is hardcoded to "10" and is one of the few parameters that cannot be modified via .ini settings. We had never seen this threshold (which is used to prevent denial of service attacks to SpamFilter via sender's domain names with malicious SPF records in their DNS) cause any issues before. 

In this case it however blocking a legitimate email for a domain that has many more nested include SPF statements in their DNS. We'll be completing a patch within the next 24/48 hours to address this by increasing this threshold and making it customizable. 

It will take a couple of days of internal testing before releasing to the public. If you would like to receive it sooner before we complete the internal QA tests please let us know via email at support @ logsat.com - we'll provided it to you asap.




-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: LogSat
Date Posted: 23 March 2014 at 9:43am
A new pre-release of SpamFilter (v4.5.1.99) is available in the registered user area. The changes since the latest official release (4.5.1.98) are as follows:

// New to VersionNumber = '4.5.1.99';

{TODO -cNew : Added parameter MaxSPFAllowedLoops in SpamFilter.ini file. This parameter used to be hardcoded to "10" in SpamFilter and it is not customizable. It is used to limit the number of nested include directives allowed in an SPF query. Used to limit the risk of DoS attacks using malicious SPF DNS records}



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window