Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th March 2012, 17:53
phinex phinex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default Completely lost in SPF! please help

Hi there,

My setup is as below:

VPS (Debian,Postfix,Dovecot, System accounts as email address')
Domain name: example.biz
Host name: mail.example.biz
IP address: 62.75.aaa.bb
EHLO: mail.example.biz
RDNS: mail.example.biz
Email account: name@example.biz
Sending from: Evolution SMTP on port: 26
Server: for sending and receiving emails & web server exclusively for one domain
IP: one dedicated IP only
DNS recrods:
Code:
-/-          A	        	62.75.aaa.bb	
ftp 	      A 	  	62.75.aaa.bb 	  	  	
mail 	      A 	  	62.75.aaa.bb 	  	  	
-/-          MX	      1 	mail.example.biz
-/-          TXT                v=spf1 ip4:62.75.aaa.bb -all
mail 	     TXT	  	v=spf1 ip4:62.75.aaa.bb -all 	  	  	
imap        CNAME	        mail.example.biz 	  	  	
pop 	     CNAME	  	mail.example.biz 	  	  	
smtp 	     CNAME	  	mail.example.biz 	  	  	
www 	     CNAME	  	example.biz
<spf-test@openspf.net>: host mailout02.controlledmail.com[72.81.252.18] said:
550 5.7.1 <spf-test@openspf.net>: Recipient address rejected: SPF Tests:
Mail-From Result="fail": Mail From="name@example.biz" HELO
name="mail.example.biz" HELO Result="fail" Remote IP="62.75.aaa.bb" (in
reply to RCPT TO command)


I've tried almost everything, but getting fail.

Please help.

Last edited by phinex; 18th March 2012 at 18:11.
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2012, 08:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Is the DNS server where you created the SPF record authoritative for the domain?

Also, it can take up to 72 hours for DNS changes to propagate.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th March 2012, 08:35
phinex phinex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Is the DNS server where you created the SPF record authoritative for the domain?

Also, it can take up to 72 hours for DNS changes to propagate.
Hi Falko, and thanks for your reply.
More than 72 hours have passed since I inserted the records.
(these records I inserted in the Power Panel of the VPS provider)
Sorry, but I don't know how to whether its authoritative or not, this may help? :

nslookup 62.75.aaa.bb
Server: 192.168.2.1
Address: 192.168.2.1#53

Non-authoritative answer:
bb.aaa.75.62.in-addr.arpa name = mail.example.biz.

Authoritative answers can be found from:
bb.aaa.75.62.in-addr.arpa nameserver = ptr2.intergenia.de.
bb.aaa.75.62.in-addr.arpa nameserver = ptr1.intergenia.de.
ptr1.intergenia.de internet address = 217.172.191.251
ptr2.intergenia.de internet address = 62.75.134.6

P.s:
#I checked with AOL and the SPF test passes there!, though I don't
know why I'm still getting fail when testing with spf-test@openspf.net
#does that have anything to do with the IP number I'm getting from my ISP when sending from Evolution? though I'm using port 26
to bypass there mail server...

Last edited by phinex; 19th March 2012 at 08:43.
Reply With Quote
  #4  
Old 20th March 2012, 13:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Does
Code:
dig txt yourdomain.com
show your SPF record?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 20th March 2012, 13:54
phinex phinex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Does
Code:
dig txt yourdomain.com
show your SPF record?
Looks so:

Code:
phinex@ubuntu:~$ dig txt example.biz

; <<>> DiG 9.7.3 <<>> txt example.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33386
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;example.biz.			IN	TXT

;; ANSWER SECTION:
example.biz.		86400	IN	TXT	"v=spf1 ip4:62.75.aaa.bb -all"

;; AUTHORITY SECTION:
example.biz.		86400	IN	NS	ns9.nameserverservice.de.
example.biz.		86400	IN	NS	ns10.nameserverservice.de.

;; ADDITIONAL SECTION:
ns9.nameserverservice.de. 57454	IN	A	85.25.128.54
ns10.nameserverservice.de. 57454 IN	A	89.19.225.101

;; Query time: 503 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue Mar 20 16:49:09 2012
;; MSG SIZE  rcvd: 161
And exactly the same results if :
Code:
phinex@ubuntu:~$ dig txt mail.example.biz

Last edited by phinex; 20th March 2012 at 13:58.
Reply With Quote
  #6  
Old 21st March 2012, 10:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

That looks ok. Can you change the SPF record to
Code:
v=spf1 +ip4:62.75.aaa.bb -all
and test again?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
phinex (22nd March 2012)
  #7  
Old 21st March 2012, 14:14
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Try sending mail to check-auth@verifier.port25.com

I have the same problem that you have, but I am ok for port25.com =/
Reply With Quote
The Following User Says Thank You to erosbk For This Useful Post:
phinex (22nd March 2012)
  #8  
Old 22nd March 2012, 07:45
phinex phinex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
That looks ok. Can you change the SPF record to
Code:
v=spf1 +ip4:62.75.aaa.bb -all
and test again?
ok, I'll give it a try, though by definition the '+' can be omitted.

Could it be that I should include the ISP IP address in the record? because it presents in the header as " Send By"?
Reply With Quote
  #9  
Old 22nd March 2012, 07:50
phinex phinex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by erosbk View Post
Try sending mail to check-auth@verifier.port25.com

I have the same problem that you have, but I am ok for port25.com =/
Thanks for the tip, my SPF also Passes with port25.com.
So either spf-test@openspf.net has a bug which is highly unlikely, or it's
that we are missing on something, for example " including the ISP IP address in the record" ... or ?
Reply With Quote
  #10  
Old 22nd March 2012, 12:59
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
 
Default

I think that there is no bug in "spf-test@openspf.net". If you send a mail from gmail, you will see that it is working. I think that we have to do a little more researh in this, falko I think could help us to see what is happening.

As I see, you are exactly in the same point that I am xD
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig 3 cant receive emails lishaw1968 Installation/Configuration 25 19th August 2013 10:37
Problem with services!! banzaiwebstudio.com Installation/Configuration 7 19th May 2010 21:13
can't send/receive mail fedora 12 - ispconfig 3 ev0css Installation/Configuration 9 17th May 2010 21:44
Stange mail problem The-Ghost Installation/Configuration 6 25th April 2010 19:59
Postfix problem: lost connection after CONNECT from unknown fernando_torrez Server Operation 5 30th November 2007 14:17


All times are GMT +2. The time now is 17:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.