[CPANEL-31754] SPF false positive, fails on valid senders after upgrade

Pedro Marques

• February 26, 2020 10:53

After upgrading to CentOS7 with cPanel 86.0.04 some incoming email bounce due to SPF check. Most of those emails have a valid sender IP address that matches domain SPF record but for some reason Exim's SPF fail to match but if I run a test on numerous validators (online or command line) that same sender / spf record are correct. From what I've noticed here's two cases where Exim's SPF fails: - SPF check does not follow the 'a' tag to the respective IP address but if the record contains ip4:xxx (with the same IP as the A record) it passes; - The 'exists:' tag is not processed correctly PTR records with wildcard records Here's some proof / test so someone can take a look at it. Example rejection: H=smtp1.example.pt (anubis04.example.pt) []:11970 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<******@example.pt> rejected RCPT <******@******>: SPF: is not allowed to send mail from example.pt SPF record for example.pt: v=spf1 a:smtp1.example.pt a:smtp2.example.pt a:smtp3.example.pt a:smtp4.example.pt a:smtp5.example.pt a:newsletter.example.pt include:spf.protection.outlook.com -all Sender IP address matches the SPF record: smtp1.example.pt. 21600 IN A How can I tweak / fix this? Is this check some external call? Thanks, PM

• 

  cPanelLauren

  • May 04, 2020 16:24

  It's planned for today still as far as I know, but I'll update here when it's official. Thanks!

  0
• 

  Nirjonadda

  • May 04, 2020 20:17

  It's planned for today still as far as I know, but I'll update here when it's official. Thanks!

  
  No this are not happened today from @cPRex post in Discord channels ... :eek:

  0
• 

  cPanelLauren

  • May 04, 2020 20:59

  @Nirjonadda as I noted many times previously, I will note when it's official and this day was not set in stone. As previously I will update when information is available. Thank you.

  0
• 

  cPRex Jurassic Moderator

  • May 05, 2020 18:33

  @Nirjonadda - when we talked in discord earlier the best timeframe I had was "this week" - there was never a specific day mentioned as we'd hate to promise a specific time or day and then not be able to meet that due to unforeseen circumstances.

  0
• 

  cPanelLauren

  • May 11, 2020 22:02

  cPanel v88 went to current today and it has the fix for this issue implemented. Please let us know if you run into further issues after updating.

  0
• 

  Hedloff

  • May 12, 2020 13:29

  We have many servers with CentOS 6, and I understand we cannot upgrade to v.88. So, when will this be released to v.86 ? Do you have any eta? We have alot of customers waiting for this and the File Manager bug aswell.

  0
• 

  cPanelLauren

  • May 12, 2020 16:46

  They're hoping for soon, I checked in with them today and they noted not this week but hopefully sometime next week though they made absolutely no promises. I'll check back in with them on Monday and see where they're at.

  0

Please sign in to leave a comment.