Interpreting authentication results?

Discussion in 'ISPConfig 3 Priority Support' started by Taleman, Sep 25, 2020.

Tags:
  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I see this in headers of received e-mail, sent from one server I maintain to another of my servers:
    Code:
    Authentication-Results: e-mailserver.abc.fi;
        dkim=fail (headers rsa verify failed) header.d=xyz.fi header.s=default header.b=DMWw09YK;
        dmarc=none;
        spf=none (e-mailserver.abc.fi: domain of [email protected] has no SPF policy when checking <IP-number>) [email protected]
    The domain xyz.fi does have SPF record, and it permits sending by e-mailserver.xyz.fi. Why does authentication say it has no SPF policy?
    It is true that "domain" e-mailserver.xyz.fi does not have SPF, but it is not a domain but an FQDN.
     
    Last edited: Sep 26, 2020
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to add an SPF policy for the server hostname to see if that helps.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I'll try that.
    I have not known SPF can be given to hostname, but seems it is possible. Let's see how that affect authentication. I do find it a bit strange to assign SPF to a hostname, though.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I agree. I used it for the domain of the email address as well but after having issues with email sending via ISPConfig GIt server, I've created an SPF record for the server hostname and it helped in that case.
     
    ahrasis likes this.
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I try to create spf records for all hostnames, usually just a 'v=spf1 a -all' because they don't normally send mail directly, but spf records aren't inherited from the domain or anything, every hostname needs one. (Our main domain has over 400 spf records.) The amount of spam those stops isn't huge, but it's not zero. You can also create one for '*' but that only applies to hostnames which aren't explicitly defined, so you still have to add one for all defined hostnames.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Now the issue is solved, spf=pass where it was none yesterday.
    I feel like all I knew about how SPF worked is wrong.
     
    ahrasis likes this.

Share This Page