Quoting Scott Kitterman <scott@kitterman.com>:
>> I have the simonandkate.net domain. This domain has two mx records
-
>> mail.simonandkate.net 10 and mail.bluetie.com 20.
>>
>> My SPF record currently reads:
>>
>> v=spf1 a mx ~all
>>
>> Email to spf-test@openspf.org returns the following
>>
>> SPF Tests:
>> Mail-From Result="pass": Mail From="simon@simonandkate.net"
HELO
>> name="mail.simonandkate.net" HELO Result="permerror" Remote
>> IP="59.167.212.191" (in reply to RCPT TO command)
>>
>> Why does the HELO result in a permerror? How do I fix the HELO
test?
>>
>> mail.simonandkate.net resolves to 59.167.212.191 which is PTR'ed
back
>> to mail.simonandkate.net.
>>
> Looking to see what SPF record their might be for
mail.simandkate.net I got:
>
> ; <<>> DiG 9.5.1-P2 <<>> txt mail.simonandkate.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53675
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL:
>
> ;; QUESTION SECTION:
> ;mail.simonandkate.net. IN TXT
>
> ;; ANSWER SECTION:
> mail.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
> www.simonandkate.net. 3600 IN CNAME
www.simonandkate.net.
>
> ;; Query time: 533 msec
> ;; SERVER: 192.168.111.254#53(192.168.111.254)
> ;; WHEN: Thu May 14 01:36:54 2009
> ;; MSG SIZE rcvd: 323
>
> So your DNS server is reporting server failure and returning 20
copies of
> a cname to www.simonandkate.net.
>
> Fixing that will solve the error.
>
> Scott K
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
>
OK, that's confusing - if I dig mail.simonandkate.net I get:
[root@server04 ~]# dig mail.simonandkate.net
; <<>> DiG 9.3.4-P1 <<>> mail.simonandkate.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40080
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mail.simonandkate.net. IN A
;; ANSWER SECTION:
mail.simonandkate.net. 3504 IN A 59.167.212.191
;; AUTHORITY SECTION:
simonandkate.net. 71830 IN NS ns2.planetdomain.com.
simonandkate.net. 71830 IN NS ns1.planetdomain.com.
;; ADDITIONAL SECTION:
ns1.planetdomain.com. 541 IN A 202.131.95.2
ns2.planetdomain.com. 2004 IN A 202.124.241.2
;; Query time: 10 msec
;; SERVER: 192.168.1.145#53(192.168.1.145)
;; WHEN: Thu May 14 16:36:21 2009
;; MSG SIZE rcvd: 139
If I dig txt simonandkate.net (the sending email domain) I get:
[root@server04 ~]# dig txt simonandkate.net
; <<>> DiG 9.3.4-P1 <<>> txt simonandkate.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2876
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;simonandkate.net. IN TXT
;; ANSWER SECTION:
simonandkate.net. 3600 IN TXT "v=spf1 a mx ~all"
;; AUTHORITY SECTION:
simonandkate.net. 71079 IN NS ns1.planetdomain.com.
simonandkate.net. 71079 IN NS ns2.planetdomain.com.
;; ADDITIONAL SECTION:
ns1.planetdomain.com. 3410 IN A 202.131.95.2
ns2.planetdomain.com. 1253 IN A 202.124.241.2
;; Query time: 42 msec
;; SERVER: 192.168.1.145#53(192.168.1.145)
;; WHEN: Thu May 14 16:48:52 2009
;; MSG SIZE rcvd: 147
No idea why you are getting all the www entries.
A dig -x 59.167.212.191:
[root@server04 ~]# dig -x 59.167.212.191
; <<>> DiG 9.3.4-P1 <<>> -x 59.167.212.191
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54907
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2
;; QUESTION SECTION:
;191.212.167.59.in-addr.arpa. IN PTR
;; ANSWER SECTION:
191.212.167.59.in-addr.arpa. 37329 IN PTR mail.simonandkate.net.
;; AUTHORITY SECTION:
212.167.59.in-addr.arpa. 37329 IN NS ns3.internode.net.au.
212.167.59.in-addr.arpa. 37329 IN NS ns4.on.net.
212.167.59.in-addr.arpa. 37329 IN NS ns1.on.net.
212.167.59.in-addr.arpa. 37329 IN NS ns2.on.net.au.
;; ADDITIONAL SECTION:
ns1.on.net. 73705 IN A 216.200.145.64
ns4.on.net. 69079 IN A 192.231.203.3
;; Query time: 1 msec
;; SERVER: 192.168.1.145#53(192.168.1.145)
;; WHEN: Thu May 14 16:51:45 2009
;; MSG SIZE rcvd: 206
DNS for my domain is hosted at planetdomain. Entries are as follows:
simonandkate.net. 3600 IN SOA ns1.planetdomain.com.
abuse.planetdomain.com. (
2009051401 ; Serial
14400 ; Refresh
7200 ; Retry
3600000 ; Expire
172800 ) ; Minimum
mail 3600 IN A 59.167.212.191
server 3600 IN A 59.167.212.191
www 3600 IN A 59.167.212.191
blog 3600 IN A 59.167.212.191
tflux 3600 IN A 59.167.212.191
gallery 3600 IN A 59.167.212.191
system 3600 IN A 59.167.212.191
family 3600 IN A 59.167.212.191
* 3600 IN CNAME www.simonandkate.net.
system 3600 IN MX 10 mail.simonandkate.net.
family 3600 IN MX 10 mail.simonandkate.net.
simonandkate.net 3600 IN MX 20 mail.bluetie.com.
simonandkate.net 3600 IN MX 10 mail.simonandkate.net.
simonandkate.net. 3600 IN NS ns1.planetdomain.com.
simonandkate.net. 3600 IN NS ns2.planetdomain.com.
simonandkate.net. 3600 IN TXT v=spf1 a mx ~all
Do I need an SPF TXT record for the mail server or for the domain?
I have incoming SPF validation working fine in Postfix, just need to
get my head around this bit...
Thanks for your help.
--
Simon Wilson
www.simonandkate.net
-------------------------------------------
Sender Policy Framework:
http://www.openspf.org Modify Your Subscription:
http://www.listbox.com/member/ Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com