[opendmarc-users] Failures for ebay.com / Whitelist

Andy Wylde andy at chillercity.com
Thu Sep 22 16:42:52 PDT 2022 

Hi, 

 

I am running opendmarc with good success, except one issue . ebay at ebay.com
<mailto:ebay at ebay.com> .    It consistently fails, my logs are full of tens
of thousands of failures in just a day.  I checked their SPF record and it
looks OK, although they include a bunch of different SPFs, and I am
wondering if the overall length is an issue.  I am just wondering if anyone
else has seen this issue?  This is an example of the failure.

 

Sep 22 16:20:51 inbound-1-mx opendmarc[1753868]: 262787C018A: SPF(mailfrom):
ebay at ebay.com <mailto:ebay at ebay.com>  fail

Sep 22 16:20:51 inbound-1-mx postfix/pickup[1753676]: 74AC67C0DC8: uid=114
from=<opendmarc>

Sep 22 16:20:51 inbound-1-mx opendmarc[1753868]: ignoring connection from
localhost

Sep 22 16:20:51 inbound-1-mx opendmarc[1753868]: 262787C018A: ebay.com fail

Sep 22 16:20:51 inbound-1-mx postfix/cleanup[1754085]: 262787C018A:
milter-reject: END-OF-MESSAGE from mxphxpool2018.ebay.com[66.211.184.113]:
5.7.1 rejected by DMARC policy for ebay.com; from=<ebay at ebay.com
<mailto:ebay at ebay.com> > to=<greg at azbreaker.com <mailto:greg at azbreaker.com>
> proto=ESMTP helo=<mxphxpool2018.ebay.com>

Sep 22 16:20:51 inbound-1-mx postfix/smtpd[1754120]: disconnect from
mxphxpool2018.ebay.com[66.211.184.113] ehlo=2 starttls=1 mail=1 rcpt=1
data=0/1 commands=5/6

 

66.211.184.113 is included in their SPF record.  

 

ebay.com.               357     IN      TXT     "v=spf1
include:c._spf.ebay.com include:p._spf.ebay.com include:p2._spf.ebay.com
~all"

c._spf.ebay.com.        600     IN      TXT     "v=spf1 ip4:205.201.137.229
ip4:66.135.215.0/24 ip4:66.211.184.0/23 ip4:66.135.222.1
ip4:205.201.128.0/20 ip4:198.2.128.0/18 ip4:66.135.202.0/27
ip4:216.113.172.0/25 ip4:216.113.160.0/24 ip4:216.113.175.0/24
ip4:148.105.8.0/21 include:ces._spf.ebay.com" " ~all"

 

The members messaging from eBay works fine and passes the test, as does
pretty much every other legitimate sender.

 

Since it was just this one domain, I tried the whitelist option shown in the
example file:

DomainWhitelist ebay.com 

but it failed with a "Invalid Parameter" message and not much else.  I
haven't put much more effort into this option at this time.

 

opendmarc: OpenDMARC Filter v1.3.2

        SMFI_VERSION 0x1000001

        libmilter version 1.0.1

        Active code options:

                WITH_SPF

                WITH_SPF2

 

Just wondering if anyone else has encountered this issue and/or has any
insight.  Thanks in advance.

 

Andy Wylde

Chiller City Corporation

563 W 3rd Ave 

Mesa AZ 85210

www.chillercity.com <http://www.chillercity.com> 

480-889-1092

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20220922/bff432ae/attachment.htm>

More information about the opendmarc-users mailing list