SPF Records

Discussion in 'Installation/Configuration' started by mrtornado79, Jan 28, 2008.

  1. mrtornado79

    mrtornado79 New Member

    OK. I have managed to setup DNS and SPF records but I don't if this is correct or not because http://www.dnsstuff.com/tools/dnsreport.ch?domain=usarmydt.com shows me that "Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004). "

    let me know if my setup is correct I have installed debian using the perfect setup and I also have ISPconfig up and running maybe that's why ... I just don't know what to do :)

    www:/etc/bind# cat named.conf

    Code:
    options {
            pid-file "/var/run/bind/run/named.pid";
            directory "/etc/bind";
            auth-nxdomain no;
            /*
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
             */
            // query-source address * port 53;
    };
    
    //
    // a caching only nameserver config
    //
    zone "." {
            type hint;
            file "db.root";
    };
    
    zone "0.0.127.in-addr.arpa" {
            type master;
            file "db.local";
    };
    
    
    
    
    //// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
    
    zone "usarmydt.com" {
            type master;
            file "/etc/bind/usarmydt.com.hosts";
            };
    www:/etc/bind# cat usarmydt.com.hosts

    Code:
    $ttl 38400
    usarmydt.com.   IN      SOA     www.usarmydt.com. root.usarmydt.com. (
                            1201480081
                            10800
                            3600
                            604800
                            38400 )
    usarmydt.com.   IN      NS      www.usarmydt.com.
    mail.usarmydt.com.      IN      MX      10 mail.usarmydt.com
    usarmydt.com.   IN      TXT     "v=spf1 a mx ~all"
    mail.usarmydt.com.      IN      TXT     "v=spf1 a mx ~all"
    usarmydt.com.   IN      PTR     usarmydt.com
    
    
    Is there anything else that I need to do so I can have my SPF records ?
     
  2. mrtornado79

    mrtornado79 New Member

    and tail /var/log/daemon.log

    Code:
    Jan 28 02:34:35 www named[3175]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Jan 28 02:34:35 www named[3175]: found 1 CPU, using 1 worker thread
    Jan 28 02:34:35 www named[3175]: loading configuration from '/etc/bind/named.conf'
    Jan 28 02:34:35 www named[3175]: listening on IPv4 interface lo, 127.0.0.1#53
    Jan 28 02:34:35 www named[3175]: listening on IPv4 interface eth0, 88.198.67.242#53
    Jan 28 02:34:35 www named[3175]: command channel listening on 127.0.0.1#953
    Jan 28 02:34:35 www named[3175]: command channel listening on ::1#953
    Jan 28 02:34:35 www named[3175]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
    Jan 28 02:34:35 www named[3175]: zone usarmydt.com/IN: loaded serial 1201480081
    Jan 28 02:34:35 www named[3175]: running

    but it seems that I'm not listening on anything because /var/cache/bind is an empty directory. Might that be the reason that other providers can't see my SPF flags ?

    www:/etc/bind# cat named.conf.options

    Code:
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you might need to uncomment the query-source
            // directive below.  Previous versions of BIND always asked
            // questions using port 53, but BIND 8.1 and later use an unprivileged
            // port by default.
    
            // query-source address * port 53;
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            // forwarders {
            //      0.0.0.0;
            // };
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
    };
     
    Last edited: Jan 28, 2008
  3. mrtornado79

    mrtornado79 New Member

    Hm I think that's my provider fault.

    Searching for usarmydt.com SPF record at i.root-servers.net [192.36.148.17]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 50 ms]
    Searching for usarmydt.com SPF record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns2.senpai-it.com. (zone: usarmydt.com.) [took 130 ms]
    Searching for usarmydt.com SPF record at ns2.senpai-it.com. [88.198.152.130]: Reports that no SPF records exist. [took 128 ms] Response: No SPF records exist for usarmydt.com. [Neg TTL=2560 seconds] Details: ns2.senpai-it.com. (an authoritative nameserver for usarmydt.com.) says that there are no SPF records for usarmydt.com.

    What do you guys think ?
     
  4. falko

    falko Super Moderator ISPConfig Developer

    There IS an SPF record for your domain:
    Code:
    mh1:~# dig txt usarmydt.com
    
    ; <<>> DiG 9.3.4 <<>> txt usarmydt.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19035
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;usarmydt.com.                  IN      TXT
    
    ;; ANSWER SECTION:
    usarmydt.com.           1800    IN      TXT     [B][COLOR="Red"]"v=spf1 a mx -all"[/COLOR][/B]
    
    ;; Query time: 53 msec
    ;; SERVER: 213.191.92.84#53(213.191.92.84)
    ;; WHEN: Mon Jan 28 17:25:00 2008
    ;; MSG SIZE  rcvd: 59
    
    mh1:~#
     
  5. mrtornado79

    mrtornado79 New Member

    Thanks for the info falko with dig I can see the spf record myself still by looking up at www.dnsstuff.com :

    Code:
     Searching for usarmydt.com SPF record at h.root-servers.net [128.63.2.53]: Got referral to l.gtld-servers.net. (zone: com.) [took 144 ms] 
    Searching for usarmydt.com SPF record at l.gtld-servers.net. [192.41.162.30]: Got referral to ns1.senpai-it.com. (zone: usarmydt.com.) [took 45 ms] 
    Searching for usarmydt.com SPF record at ns1.senpai-it.com. [88.198.17.99]: Reports that no SPF records exist. [took 128 ms] Response: No SPF records exist for usarmydt.com. [Neg TTL=2560 seconds] Details: ns1.senpai-it.com. (an authoritative nameserver for usarmydt.com.) says that there are no SPF records for usarmydt.com. The E-mail address in charge of the usarmydt.com. zone is: [email protected] 
    It seems that my provider didn't forwarded the spf records to me ?


    Btw. I just got a reply from my provider.

    We do not create SPF records for domains by default.
    I created one for you now as you requested.
    Please allow about 1 hour for the changes to take effect.


    But still nothing :)
     
    Last edited: Jan 28, 2008
  6. falko

    falko Super Moderator ISPConfig Developer

    Please check again. I'm still seeing an SPF record:

    Code:
    [[email protected] ~]# dig txt usarmydt.com
    
    ; <<>> DiG 9.5.0a6 <<>> txt usarmydt.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55606
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;usarmydt.com.                  IN      TXT
    
    ;; ANSWER SECTION:
    usarmydt.com.           1800    IN      TXT     "v=spf1 a mx -all"
    
    ;; Query time: 249 msec
    ;; SERVER: 145.253.2.75#53(145.253.2.75)
    ;; WHEN: Tue Jan 29 19:05:31 2008
    ;; MSG SIZE  rcvd: 59
    
    [[email protected] ~]#
     
  7. eqtitan

    eqtitan New Member

    Stupid scam baiters

    Mrtornado79, I'd just like to let you know I have reported you to SENPAI-IT.COM for actively engaging in illegal activity by impersonating a US armed forces soldier.

    Via IM messages where you acted as [email protected]

    "'m a specialist in the Army @ the 10TH Mountain Division in Buffalo, NY 2nd Battalion, 22nd Infantry"

    Called this base to verify you were not enlisted here nor any other base for the US army. Commanding officer of that batallion will be calling me back to get more info and a copy of my IM records.


    The next time your try to scam someone don't impersonate the US military, and an FYI google [email protected] and whois registar are good resources to catch scam baiters. Who knows maybe the US military base near you might just be knocking on your door in the next few hours...

    Good luck and bring your lube where your going
     

Share This Page