Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
Old Lost User
cmathis at wsii
Mar 5, 2009, 3:15 PM
Post #1 of 5 (3619 views)
Permalink
I have a question. I have been a member of the list for a few years.
(2004). I have not been keeping up with the latest news it would
appear, and I need some assistance. Thank you in advance.

I have a mail server.

IP address 98.175.222.165 The main domain is brothersgibb.com, but
I have like 7 other domains that send from that IP address, all on
the same mail server.

I have 3 other IP addresses that I may set up other domains on, so in
the SPF txt I have the trailing /168

( so mail can go out any IP address .165-168 )

THIS USED To work, ( I am 99% sure)

Here is what I set up as my SPF info in the IN TXT file for brothersgibb.com:

v=spf1 ip4:98.175.222.165 -all

Then for my other domains in txt info I have:

v=spf1 redirect=brothersgibb.com

Now the question. Is this the way I should be doing it? I went to
Scott's site and tested it. I get this ERROR:

Mail sent from: 98.175.222.165
Mail from (Sender): cmathis@brothersgibb.com
Mail checked using this SPF policy: v=spf1 ip4:98.175.222.165/168
Results - Permanent Error SPF Permanent Error: Invalid IP4 CIDR
length: ip4:98.175.222.165/168

What is this error? Invalid IP4 CIDR length: ip4:98.175.222.165/168

If I have one primary IP address for sending mail, and other domains
that also send out on the same server/IP, what should my primary SPF
file look like? And what about the other domain SPF files?

I think I have been away to long!!!





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Old Lost User [ In reply to ]
rob.macgregor at gmail
Mar 5, 2009, 3:28 PM
Post #2 of 5 (3507 views)
Permalink
On Thu, Mar 5, 2009 at 23:15, Chris Mathis <cmathis@wsii.com> wrote:
> I have a question. I have been a member of the list for a few years. (2004).
> I have not been keeping up with the latest news it would appear, and I need
> some assistance. Thank you in advance.
>
> I have a mail server.
>
> IP address  98.175.222.165  The main domain is brothersgibb.com, but I have
> like 7 other domains that send from that IP address, all on the same mail
> server.
>
> I have 3 other IP addresses that I may set up other domains on, so in the
> SPF txt I have the trailing   /168

That suggests that you have 168 bits (out of 32) as your network address.

Unfortunately your allocation isn't a clean subnet so you'll probably
have to list the individual IPs

> ( so mail can go out any IP address .165-168 )
>
> THIS USED To work, ( I am 99% sure)

If it worked it was because nobody was checking your SPF record.

> Here is what I set up as my SPF info in the IN TXT file for
> brothersgibb.com:
>
> v=spf1 ip4:98.175.222.165 -all
>
> Then for my other domains in txt info I have:
>
> v=spf1 redirect=brothersgibb.com
>
> Now the question. Is this the way I should be doing it? I went to Scott's
> site and tested it. I get this ERROR:
>
> Mail sent from: 98.175.222.165
> Mail from (Sender): cmathis@brothersgibb.com
> Mail checked using this SPF policy: v=spf1 ip4:98.175.222.165/168
> Results - Permanent Error SPF Permanent Error: Invalid IP4 CIDR length:
> ip4:98.175.222.165/168
>
> What is this error?  Invalid IP4 CIDR length: ip4:98.175.222.165/168

Try the following:

v=spf1 ip4:98.175.222.165 ip4:98.175.222.166 ip4:98.175.222.167
ip4:98.175.222.168 -all

for your mail SPF record instead.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Old Lost User [ In reply to ]
cmathis at wsii
Mar 6, 2009, 11:16 AM
Post #3 of 5 (3503 views)
Permalink
> What is this error? Invalid IP4 CIDR length: ip4:98.175.222.165/168
>
>Try the following:
>
>v=spf1 ip4:98.175.222.165 ip4:98.175.222.166 ip4:98.175.222.167
>ip4:98.175.222.168 -all
>
>for your mail SPF record instead.

Ok, so I should all the above SPF string to each of my domains dnd spf
records, correct? Before I had a re direct to brothersgibb.com for the other
domains:

v=spf1 redirect=brothersgibb.com <--- Now garbage, correct?

Last question if I understand the above is all correct. Len mentioned that I
could add a /28 CIDR length at the end of my IP's in the dns spf txt. So
would this be correct:

v=spf1 ip4:98.175.222.165\28 ip4:98.175.222.166\28 ip4:98.175.222.167\28
ip4:98.175.222.168\28 -all

And I would add the above to all my domains?

Thank you Rob and Len!!!


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Old Lost User [ In reply to ]
cmathis at wsii
Mar 6, 2009, 11:20 AM
Post #4 of 5 (3498 views)
Permalink
>v=spf1 ip4:98.175.222.165\28 ip4:98.175.222.166\28 ip4:98.175.222.167\28
>ip4:98.175.222.168\28 -all


I think it should be the following. I have the slash 28 backwards:

v=spf1 ip4:98.175.222.165/28 -all

Yes!?


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Old Lost User [ In reply to ]
rob.macgregor at gmail
Mar 6, 2009, 11:40 AM
Post #5 of 5 (3512 views)
Permalink
On Fri, Mar 6, 2009 at 19:20, cmathis <cmathis@wsii.com> wrote:
>>v=spf1 ip4:98.175.222.165\28 ip4:98.175.222.166\28 ip4:98.175.222.167\28
>>ip4:98.175.222.168\28 -all
>
>
> I think it should be the following. I have the slash 28 backwards:
>
> v=spf1 ip4:98.175.222.165/28 -all
>
> Yes!?

Can I suggest you do some reading on what CIDR is and how it works
(http://en.wikipedia.org/wiki/CIDR).

98.175.222.165/28 means a range of 96.175.222.160 to 96.175.222.175.
.160 is the network address, .175 is the broadcast address.

/28 means that 28 bits of the 32 are for the network portion, and
hence 4 are for the host (what follows works best in fixed width
fonts):

01100010.10101111.11011110.10100101 (98.175.222.165)
11111111.11111111.11111111.11110000 (/28)
01100010.10101111.11011110.1010xxxx (network - 96.175.222.160)
xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxx0101 (host - 5)


As I said, publish exactly:

v=spf1 ip4:98.175.222.165 ip4:98.175.222.166 ip4:98.175.222.167
ip4:98.175.222.168 -all

as the record for brothersgibb.com. Leave the other records as redirects.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal