[Owasp-leaders] [Update] OWASP email systems and their care and feeding

Matt Tesauro matt.tesauro at owasp.org
Sat Nov 12 02:09:39 UTC 2016


Up front, I want to give credit to Achim Hoffmann and Rio (Riotaro) Okada
for reporting these problems with actionable information.  Not only did
they let me know about the problems, but they give me more then enough
details to identify and then fix it.  If only all bug reports were that
useful.  THANKS!

Over the last couple of days, I've done some routine maintenance/clean-up
on how email travels around the OWASP ecosystem.  After I take a break,
I'll commit the programs I wrote to help with this to my Github repo like
my MediaWiki SPAM clean-up code
<https://github.com/mtesauro/random-docs/tree/master/scripts/mediawiki/spam-cleanup>.
I've also attached SPF checks against our @owasp.org and @lists.owasp.org
domains that verify goodness of our SPF records.

Problem #1 - Bad addresses stuck in Mailman's outbound queue

While looking into problem between Mailman and @owasp.org plus potential
SPF records issues, I noticed a TON of emails stuck in the outbound MTA
(email) queue.  After some digging, I discovered that most of these had
fundamental failures and were never going to be delivered.

I wrote some programs initially to diagnose the problem that morphed into a
program I'm going to run daily via CRON.  One of the things it does is
track the number of deferred (aka can't be delivered) messages.  Here's a
run from a few minutes ago today:
# ./output-stats
Nov-07 - total deferred emails = 15260
Nov-08 - total deferred emails = 13843
Nov-09 - total deferred emails = 10806
Nov-10 - total deferred emails = 8691
Nov-11 - total deferred emails = 517

So, it seems like my efforts are paying off handsomely.  The BASH program
basically:
* Finds all the deferred email log entries for the previous 4 days (since
today isn't done)
* Sorts them and reduces the list to unique email addresses
* Compares yesterday's addresses to the prior 3 days
* If there's any deferred instance, check that the MX record exists
** If no MX record, remove that email address from all OWASP lists
* if there's 3 matches (configurable) over the last 4 days, it also removes
the address from all OWASP lists

The program logs any removal actions and keeps running stats of how may
deferred emails it found in prior runs.  It uses some previous programs I
wrote (remove-from-all-lists and find-bouncers) plus qtool.pl to remove
emails from the outbound queue.  Its wired into cron and runs daily to
de-cruft the server going forward.  As I type this, there are ZERO queued
outbound emails on lists.owasp.org.

Problem #2 - SPF records for @owasp.org addresses had legacy values

At some point in time, Google changed how they wanted SPF records to look
for Google App account.  We had stale info there and its been updated.  G
Suite SPF settings <https://support.google.com/a/answer/178723?hl=en> and
ours are now in sync:
$ host -t TXT owasp.org | grep spf
owasp.org descriptive text "v=spf1 include:_spf.google.com ~all"

Problem #3 - Legacy MX records - also for Google Apps

Again, Google changed its mind about the MX records you need to configure
for their G Suite at some time.  Google's recommended MX records
<https://support.google.com/a/answer/174125> and ours are now in sync:
$ host -t MX owasp.org
owasp.org. 3600 IN MX 1 ASPMX.L.GOOGLE.COM.
owasp.org. 3600 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 3600 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 3600 IN MX 10 ALT3.ASPMX.L.GOOGLE.COM.
owasp.org. 3600 IN MX 10 ALT4.ASPMX.L.GOOGLE.COM.

we used to have:
$ host -t MX owasp.org
owasp.org. 223 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 223 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 223 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 223 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 223 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 223 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 223 IN MX 30 ASPMX5.GOOGLEMAIL.COM.


That's all folks!

Cheers!

--
-- Matt Tesauro
OWASP AppSec Pipeline Lead
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
OWASP WTE Project Lead
*https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
<https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
http://AppSecLive.org <http://appseclive.org/> - Community and Download site
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161111/33e5664a/attachment-0001.html>
-------------- next part --------------
---------- Forwarded message ----------
From: <auth-results at verifier.port25.com>
Date: Thu, Nov 10, 2016 at 11:04 AM
Subject: Authentication Report
To: owasp-bounces at lists.owasp.org


This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback at port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  lists.owasp.org
Source IP:      162.209.12.188
mail-from:      owasp-bounces at lists.owasp.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: smtp.mailfrom=owasp-bounces at lists.owasp.org
DNS record(s):
    lists.owasp.org. SPF (no records)
    lists.owasp.org. 300 IN TXT "v=spf1 mx ptr ip4:162.209.12.188 mx:d15006a.ess.barracudanetworks.com mx:d15006b.ess.barracudanetworks.com -all"
    lists.owasp.org. 300 IN MX 10 d15006a.ess.barracudanetworks.com.
    lists.owasp.org. 300 IN MX 20 d15006b.ess.barracudanetworks.com.
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.153.10
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.150.252
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.154.140
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.154.105
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.154.109
    d15006a.ess.barracudanetworks.com. 300 IN A 64.235.153.2
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.150.252
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.153.2
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.153.10
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.154.140
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.154.105
    d15006b.ess.barracudanetworks.com. 300 IN A 64.235.154.109
    188.12.209.162.in-addr.arpa. 900 IN PTR lists.owasp.org.
    lists.owasp.org. 300 IN A 162.209.12.188

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=owasp-request at lists.owasp.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)

Result:         ham  (-4.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
-0.0 SPF_PASS               SPF: sender matches SPF record
-2.9 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0019]

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
      No policy records were published at the sender's DNS domain.

"neutral"
      The sender's ADMD has asserted that it cannot or does not
      want to assert whether or not the sending IP address is authorized
      to send mail using the sender's DNS domain.

"pass"
      The client is authorized by the sender's ADMD to inject or
      relay mail on behalf of the sender's DNS domain.

"policy"
     The client is authorized to inject or relay mail on behalf
      of the sender's DNS domain according to the authentication
      method's algorithm, but local policy dictates that the result is
      unacceptable.

"fail"
      This client is explicitly not authorized to inject or
      relay mail using the sender's DNS domain.

"softfail"
      The sender's ADMD believes the client was not authorized
      to inject or relay mail using the sender's DNS domain, but is
      unwilling to make a strong assertion to that effect.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability to
      retrieve a policy record from DNS.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being absent or
      a syntax error in a retrieved DNS TXT record.  A later attempt is
      unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
      The message was not signed.

"pass"
      The message was signed, the signature or signatures were
      acceptable to the verifier, and the signature(s) passed
      verification tests.

"fail"
      The message was signed and the signature or signatures were
      acceptable to the verifier, but they failed the verification
      test(s).

"policy"
      The message was signed but the signature or signatures were
      not acceptable to the verifier.

"neutral"
      The message was signed but the signature or signatures
      contained syntax errors or were not otherwise able to be
      processed.  This result SHOULD also be used for other
      failures not covered elsewhere in this list.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability
      to retrieve a public key.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being
      absent. A later attempt is unlikely to produce a final result.


==========================================================
Original Email
==========================================================

Return-Path: <owasp-bounces at lists.owasp.org>
Received: from lists.owasp.org (162.209.12.188) by verifier.port25.com id h4ikb620i3gt for <check-auth at verifier.port25.com>; Thu, 10 Nov 2016 12:04:51 -0500 (envelope-from <owasp-bounces at lists.owasp.org>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=owasp-bounces at lists.owasp.org
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=owasp-request at lists.owasp.org
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Received: from lists.owasp.org (localhost [127.0.0.1])
        by lists.owasp.org (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id uAAHApMU031997
        for <check-auth at verifier.port25.com>; Thu, 10 Nov 2016 17:10:51 GMT
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Welcome to the "Owasp" mailing list
From: owasp-request at lists.owasp.org
To: check-auth at verifier.port25.com
X-No-Archive: yes
Message-ID: <mailman.0.1478797850.31968.owasp at lists.owasp.org>
Date: Thu, 10 Nov 2016 17:10:50 +0000
Precedence: bulk
X-BeenThere: owasp at lists.owasp.org
X-Mailman-Version: 2.1.13
List-Id: <owasp.lists.owasp.org>
X-List-Administrivia: yes
Sender: owasp-bounces at lists.owasp.org
Errors-To: owasp-bounces at lists.owasp.org

Testing SPF recordsWelcome to the Owasp at lists.owasp.org mailing list!

To post to this list, send your email to:

  owasp at lists.owasp.org

General information about the mailing list is at:

  https://lists.owasp.org/mailman/listinfo/owasp

If you ever want to unsubscribe or change your options (eg, switch to
or from digest mode, change your password, etc.), visit your
subscription page at:

  https://lists.owasp.org/mailman/options/owasp/check-auth%40verifier.port25.com


You can also make such adjustments via email by sending a message to:

  Owasp-request at lists.owasp.org

with the word `help' in the subject or body (don't include the
quotes), and you will get back a message with instructions.

You must know your password to change your options (including changing
the password, itself) or to unsubscribe.  It is:

  taomagah

Normally, Mailman will remind you of your lists.owasp.org mailing list
passwords once every month, although you can disable this if you
prefer.  This reminder will also include instructions on how to
unsubscribe or change your account options.  There is also a button on
your options page that will email your current password to you.
-------------- next part --------------
---------- Forwarded message ----------
From: <auth-results at verifier.port25.com>
Date: Thu, Nov 10, 2016 at 10:10 AM
Subject: Authentication Report
To: matt.tesauro at owasp.org


This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback at port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail-wm0-f42.google.com
Source IP:      74.125.82.42
mail-from:      matt.tesauro at owasp.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: smtp.mailfrom=matt.tesauro at owasp.org
DNS record(s):
    owasp.org. SPF (no records)
    owasp.org. 3600 IN TXT "google-site-verification=I9qx_X9EKlR_rfceG25-iXHBXJvLrmeNbkEdy182iI"
    owasp.org. 3600 IN TXT "v=spf1 include:aspmx.googlemail.com -all"
    aspmx.googlemail.com. SPF (no records)
    aspmx.googlemail.com. 7200 IN TXT "v=spf1 redirect=_spf.google.com"
    _spf.google.com. SPF (no records)
    _spf.google.com. 300 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
    _netblocks.google.com. SPF (no records)
    _netblocks.google.com. 3274 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=matt.tesauro at owasp.org
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (signature verifies; identity doesn't match any headers)
ID(s) verified: header.d=owasp-org.20150623.gappssmtp.com
Canonicalized Headers:
    mime-version:1.0'0D''0A'
    from:Matt'20'Tesauro'20'<matt.tesauro at owasp.org>'0D''0A'
    date:Thu,'20'10'20'Nov'20'2016'20'10:10:26'20'-0600'0D''0A'
    message-id:<CAJq9yoSGtzcnghKu=1J+6Uq8H7c343ACJ=qrSWEVdF=qO68xfQ at mail.gmail.com>'0D''0A'
    subject:SPF'20'check'0D''0A'
    to:check-auth at verifier.port25.com'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=owasp-org.20150623.gappssmtp.com;'20's=20150623;'20'h=mime-version:from:date:message-id:subject:to;'20'bh=q5XWZOo5N4KBHYyXTHJtODqrugYpdZTAP+ap3YMqonY=;'20'b=

Canonicalized Body:
    --001a114a01049866c50540f49cc1'0D''0A'
    Content-Type:'20'text/plain;'20'charset=UTF-8'0D''0A'
    '0D''0A'
    Thanks!'0D''0A'
    '0D''0A'
    --'0D''0A'
    --'20'Matt'20'Tesauro'0D''0A'
    OWASP'20'AppSec'20'Pipeline'20'Lead'0D''0A'
    https://www.owasp.org/index.php/OWASP_AppSec_Pipeline'0D''0A'
    OWASP'20'WTE'20'Project'20'Lead'0D''0A'
    *https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project'0D''0A'
    <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*'0D''0A'
    http://AppSecLive.org'20'<http://appseclive.org/>'20'-'20'Community'20'and'20'Download'20'site'0D''0A'
    '0D''0A'
    --001a114a01049866c50540f49cc1'0D''0A'
    Content-Type:'20'text/html;'20'charset=UTF-8'0D''0A'
    Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
    '0D''0A'
    <div'20'dir=3D"ltr">Thanks!<div><br'20'clear=3D"all"><div><div'20'class=3D"gmail_sig='0D''0A'
    nature"'20'data-smartmail=3D"gmail_signature"><div'20'dir=3D"ltr"><div><div'20'dir='0D''0A'
    =3D"ltr"><div><div'20'dir=3D"ltr"><div><div'20'dir=3D"ltr"><div><div'20'dir=3D"ltr">='0D''0A'
    <div><div><div'20'dir=3D"ltr">--<br>--'20'Matt'20'Tesauro=C2=A0</div><div'20'dir=3D"ltr='0D''0A'
    ">OWASP'20'AppSec'20'Pipeline'20'Lead</div><div'20'dir=3D"ltr"><a'20'href=3D"https://www.o='0D''0A'
    wasp.org/index.php/OWASP_AppSec_Pipeline"'20'style=3D"font-size:12.8px"'20'target='0D''0A'
    =3D"_blank">https://www.owasp.org/index.php/OWASP_AppSec_Pipeline</a><span'20'='0D''0A'
    style=3D"font-size:12.8px">=C2=A0</span><br'20'style=3D"font-size:12.8px"><div='0D''0A'
    '20'style=3D"font-size:12.8px">OWASP'20'WTE'20'Project'20'Lead<br><u><a'20'href=3D"https:/='0D''0A'
    /www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project"'20'target=3D"_='0D''0A'
    blank">https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Projec='0D''0A'
    t</a></u><br><a'20'href=3D"http://appseclive.org/"'20'target=3D"_blank">http://Ap='0D''0A'
    pSecLive.org</a>=C2=A0-'20'Community'20'and'20'Download'20'site</div><div><br></div></d='0D''0A'
    iv></div></div></div></div></div></div></div></div></div></div></div></div>='0D''0A'
    </div>'0D''0A'
    </div></div>'0D''0A'
    '0D''0A'
    --001a114a01049866c50540f49cc1--'0D''0A'


DNS record(s):
    20150623._domainkey.owasp-org.20150623.gappssmtp.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UMfREvlgajdSp3jv1tJ9nLpi/mRYnGyKC3inEQ9a7zqUjLq/yXukgpXs9AEHlvBvioxlgAVCPQQsuc1xp9+KXQGgJ8jTsn5OtKm8u+YBCt6OfvpeCpvt0l9JXMMHBNYV4c0XiPE5RHX2ltI0Av20CfEy+vMecpFtVDg4rMngjLws/ro6qT63S20A4zyVs/V19WW5F2Lulgv+l+EJzz9XummIJHOlU5n5ChcWU3Rw5RVGTtNjTZnFUaNXly3fW0ahKcG5Qc3e0Rhztp57JJQTl3OmHiMR5cHsCnrl1VnBi3kaOoQBYsSuBm+KRhMIw/X9wkLY67VLdkrwlX3xxsp6wIDAQAB"

Public key used for verification: 20150623._domainkey.owasp-org.20150623.gappssmtp.com (2048 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)

Result:         ham  (-1.4 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.5 RCVD_IN_SORBS_SPAM     RBL: SORBS: sender is a spam source
                            [74.125.82.42 listed in dnsbl.sorbs.net]
-0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                            [74.125.82.42 listed in wl.mailspike.net]
-0.0 SPF_PASS               SPF: sender matches SPF record
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
-0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
      No policy records were published at the sender's DNS domain.

"neutral"
      The sender's ADMD has asserted that it cannot or does not
      want to assert whether or not the sending IP address is authorized
      to send mail using the sender's DNS domain.

"pass"
      The client is authorized by the sender's ADMD to inject or
      relay mail on behalf of the sender's DNS domain.

"policy"
     The client is authorized to inject or relay mail on behalf
      of the sender's DNS domain according to the authentication
      method's algorithm, but local policy dictates that the result is
      unacceptable.

"fail"
      This client is explicitly not authorized to inject or
      relay mail using the sender's DNS domain.

"softfail"
      The sender's ADMD believes the client was not authorized
      to inject or relay mail using the sender's DNS domain, but is
      unwilling to make a strong assertion to that effect.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability to
      retrieve a policy record from DNS.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being absent or
      a syntax error in a retrieved DNS TXT record.  A later attempt is
      unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
      The message was not signed.

"pass"
      The message was signed, the signature or signatures were
      acceptable to the verifier, and the signature(s) passed
      verification tests.

"fail"
      The message was signed and the signature or signatures were
      acceptable to the verifier, but they failed the verification
      test(s).

"policy"
      The message was signed but the signature or signatures were
      not acceptable to the verifier.

"neutral"
      The message was signed but the signature or signatures
      contained syntax errors or were not otherwise able to be
      processed.  This result SHOULD also be used for other
      failures not covered elsewhere in this list.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability
      to retrieve a public key.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being
      absent. A later attempt is unlikely to produce a final result.


==========================================================
Original Email
==========================================================

Return-Path: <matt.tesauro at owasp.org>
Received: from mail-wm0-f42.google.com (74.125.82.42) by verifier.port25.com id h4idv820i3gu for <check-auth at verifier.port25.com>; Thu, 10 Nov 2016 11:10:28 -0500 (envelope-from <matt.tesauro at owasp.org>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=matt.tesauro at owasp.org
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=matt.tesauro at owasp.org
Authentication-Results: verifier.port25.com; dkim=pass (signature verifies; identity doesn't match any headers) header.d=owasp-org.20150623.gappssmtp.com
Received: by mail-wm0-f42.google.com with SMTP id g23so50202156wme.1
        for <check-auth at verifier.port25.com>; Thu, 10 Nov 2016 08:10:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=owasp-org.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=q5XWZOo5N4KBHYyXTHJtODqrugYpdZTAP+ap3YMqonY=;
        b=JjQOMU11u6i9U7jpjZjAMjJ/GZ/XZS+R80BSa033qdOOZIbuqR0gLXIWnTqUsitFEa
         4xAx45N4naCCp2Yj1w6Y6Z1u0194JvqMiVcl3EpsPGDiZ6a3hUoeAJzSzscD/968l1qE
         4FGkwHB+CiFGHpa9O/H+kWxRSUWfJKdE20WCqfbYp7KvGK5ggcGuYlGy1roRVdwZ1GVm
         5vo3ah1jPUvpU87BN/fP+JtnowzFe0zZJc0v+ssUE6FqgiXT+hW6weceJg8C+pWsaY+s
         oJNrG5Oo0X+g74wRe7RYn8mLPjjEOnVG+E8zu7xV1CUfdpOQ57GYOrFPzeES5/mFCYtc
         gPbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=q5XWZOo5N4KBHYyXTHJtODqrugYpdZTAP+ap3YMqonY=;
        b=H+IUJyGItXgo8O/M7I8ai/1H9I/2MissWQrZMH9UX7LCAY+Gjnw+3Edyjczw9pCxKT
         5OTZJeKJHQOLp1cqLUIx9kVDxiOKZqcS51BU4VxsP7dROJTSiOEus2cnaDq0EEjiFYgU
         n5NWc9sqHe9KbS4nz4sEsrA9sjxqACOUxYf7vRIZ7D9OjWpgSwXT5L7QILX7Cf0z8L7d
         NjHKpef11DLI6BmOKPYf7sxq8dN6SOAh+r90hR1Js25KUZpP53xxU04mxvX5murq9ps/
         y2KTp7DNKW8oPQZ8rZoyOVgWTSiX4aeLGEqXKP+nCwcAdCQaY4cCLHWEx+vujhbr1G49
         WLfA==
X-Gm-Message-State: ABUngvcT7K6t4/FlXNqOMpVgctr31/phctPi9G5AQokfLLwd0ps3BcV2QXhkBdvt56fLAoIORcGEToipOJAKW75z
X-Received: by 10.28.62.141 with SMTP id l135mr3802795wma.20.1478794226976;
 Thu, 10 Nov 2016 08:10:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.170.212 with HTTP; Thu, 10 Nov 2016 08:10:26 -0800 (PST)
From: Matt Tesauro <matt.tesauro at owasp.org>
Date: Thu, 10 Nov 2016 10:10:26 -0600
Message-ID: <CAJq9yoSGtzcnghKu=1J+6Uq8H7c343ACJ=qrSWEVdF=qO68xfQ at mail.gmail.com>
Subject: SPF check
To: check-auth at verifier.port25.com
Content-Type: multipart/alternative; boundary=001a114a01049866c50540f49cc1

--001a114a01049866c50540f49cc1
Content-Type: text/plain; charset=UTF-8

Thanks!

--
-- Matt Tesauro
OWASP AppSec Pipeline Lead
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
OWASP WTE Project Lead
*https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
<https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

--001a114a01049866c50540f49cc1
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thanks!<div><br clear=3D"all"><div><div class=3D"gmail_sig=
nature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=
=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr">=
<div><div><div dir=3D"ltr">--<br>-- Matt Tesauro=C2=A0</div><div dir=3D"ltr=
">OWASP AppSec Pipeline Lead</div><div dir=3D"ltr"><a href=3D"https://www.o=
wasp.org/index.php/OWASP_AppSec_Pipeline" style=3D"font-size:12.8px" target=
=3D"_blank">https://www.owasp.org/index.php/OWASP_AppSec_Pipeline</a><span =
style=3D"font-size:12.8px">=C2=A0</span><br style=3D"font-size:12.8px"><div=
 style=3D"font-size:12.8px">OWASP WTE Project Lead<br><u><a href=3D"https:/=
/www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project" target=3D"_=
blank">https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Projec=
t</a></u><br><a href=3D"http://appseclive.org/" target=3D"_blank">http://Ap=
pSecLive.org</a>=C2=A0- Community and Download site</div><div><br></div></d=
iv></div></div></div></div></div></div></div></div></div></div></div></div>=
</div>
</div></div>

--001a114a01049866c50540f49cc1--


More information about the OWASP-Leaders mailing list