HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Completely lost in SPF! please help (http://www.howtoforge.com/forums/showthread.php?t=56595)

phinex 18th March 2012 18:53

Completely lost in SPF! please help
 
Hi there,

My setup is as below:

VPS (Debian,Postfix,Dovecot, System accounts as email address')
Domain name: example.biz
Host name: mail.example.biz
IP address: 62.75.aaa.bb
EHLO: mail.example.biz
RDNS: mail.example.biz
Email account: name@example.biz
Sending from: Evolution SMTP on port: 26
Server: for sending and receiving emails & web server exclusively for one domain
IP: one dedicated IP only
DNS recrods:
Code:

-/-          A                        62.75.aaa.bb       
ftp              A                  62.75.aaa.bb                           
mail              A                  62.75.aaa.bb                           
-/-          MX              1        mail.example.biz
-/-          TXT                v=spf1 ip4:62.75.aaa.bb -all
mail              TXT                  v=spf1 ip4:62.75.aaa.bb -all                           
imap        CNAME                mail.example.biz                           
pop              CNAME                  mail.example.biz                           
smtp              CNAME                  mail.example.biz                           
www              CNAME                  example.biz

<spf-test@openspf.net>: host mailout02.controlledmail.com[72.81.252.18] said:
550 5.7.1 <spf-test@openspf.net>: Recipient address rejected: SPF Tests:
Mail-From Result="fail": Mail From="name@example.biz" HELO
name="mail.example.biz" HELO Result="fail" Remote IP="62.75.aaa.bb" (in
reply to RCPT TO command)


I've tried almost everything, but getting fail.

Please help.

falko 19th March 2012 09:21

Is the DNS server where you created the SPF record authoritative for the domain?

Also, it can take up to 72 hours for DNS changes to propagate.

phinex 19th March 2012 09:35

Quote:

Originally Posted by falko (Post 275740)
Is the DNS server where you created the SPF record authoritative for the domain?

Also, it can take up to 72 hours for DNS changes to propagate.

Hi Falko, and thanks for your reply.
More than 72 hours have passed since I inserted the records.
(these records I inserted in the Power Panel of the VPS provider)
Sorry, but I don't know how to whether its authoritative or not, this may help? :

nslookup 62.75.aaa.bb
Server: 192.168.2.1
Address: 192.168.2.1#53

Non-authoritative answer:
bb.aaa.75.62.in-addr.arpa name = mail.example.biz.

Authoritative answers can be found from:
bb.aaa.75.62.in-addr.arpa nameserver = ptr2.intergenia.de.
bb.aaa.75.62.in-addr.arpa nameserver = ptr1.intergenia.de.
ptr1.intergenia.de internet address = 217.172.191.251
ptr2.intergenia.de internet address = 62.75.134.6

P.s:
#I checked with AOL and the SPF test passes there!, though I don't
know why I'm still getting fail when testing with spf-test@openspf.net
#does that have anything to do with the IP number I'm getting from my ISP when sending from Evolution? though I'm using port 26
to bypass there mail server...

falko 20th March 2012 14:46

Does
Code:

dig txt yourdomain.com
show your SPF record?

phinex 20th March 2012 14:54

Quote:

Originally Posted by falko (Post 275846)
Does
Code:

dig txt yourdomain.com
show your SPF record?

Looks so:

Code:

phinex@ubuntu:~$ dig txt example.biz

; <<>> DiG 9.7.3 <<>> txt example.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33386
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;example.biz.                        IN        TXT

;; ANSWER SECTION:
example.biz.                86400        IN        TXT        "v=spf1 ip4:62.75.aaa.bb -all"

;; AUTHORITY SECTION:
example.biz.                86400        IN        NS        ns9.nameserverservice.de.
example.biz.                86400        IN        NS        ns10.nameserverservice.de.

;; ADDITIONAL SECTION:
ns9.nameserverservice.de. 57454        IN        A        85.25.128.54
ns10.nameserverservice.de. 57454 IN        A        89.19.225.101

;; Query time: 503 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue Mar 20 16:49:09 2012
;; MSG SIZE  rcvd: 161

And exactly the same results if :
Code:

phinex@ubuntu:~$ dig txt mail.example.biz

falko 21st March 2012 11:18

That looks ok. Can you change the SPF record to
Code:

v=spf1 +ip4:62.75.aaa.bb -all
and test again?

erosbk 21st March 2012 15:14

Try sending mail to check-auth@verifier.port25.com

I have the same problem that you have, but I am ok for port25.com =/

phinex 22nd March 2012 08:45

Quote:

Originally Posted by falko (Post 275905)
That looks ok. Can you change the SPF record to
Code:

v=spf1 +ip4:62.75.aaa.bb -all
and test again?

ok, I'll give it a try, though by definition the '+' can be omitted.

Could it be that I should include the ISP IP address in the record? because it presents in the header as " Send By"?

phinex 22nd March 2012 08:50

Quote:

Originally Posted by erosbk (Post 275922)
Try sending mail to check-auth@verifier.port25.com

I have the same problem that you have, but I am ok for port25.com =/

Thanks for the tip, my SPF also Passes with port25.com.
So either spf-test@openspf.net has a bug which is highly unlikely, or it's
that we are missing on something, for example " including the ISP IP address in the record" ... or ?

erosbk 22nd March 2012 13:59

I think that there is no bug in "spf-test@openspf.net". If you send a mail from gmail, you will see that it is working. I think that we have to do a little more researh in this, falko I think could help us to see what is happening.

As I see, you are exactly in the same point that I am xD


All times are GMT +2. The time now is 01:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.