Mailing List Archive

On Sat, May 16, 2009 at 05:13, Joey <Joey@web56.net> wrote:
>
> I must be confused here, but I thought putting the SPF record like below
> would ALLOW my domains, and an expected other domain, and then -all reject
> the rest.  Am I doing something wrong?
>
>
> mydomain.com. IN TXT "v=spf1 +a:earth.mydomain.com +ptr:some-other.com
> +ptr:mydomain.com -all"

So, that says to allow mail from <user@mydomain.com> to come from:

earth.mydomain.com
any host who's reverse DNS ends in:
.some-other.com
.mydomain.com

(Note that you should avoid the use of ptr where possible).

As you don't say what the problem is, and you obfuscate the domains,
it's hard to provide anything further ;)

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hi Rob and thanks.

So I have my settings correct, and all else is supposed to get rejected.
I am getting some spam messages which in the header show me this information:

Received-SPF: permerror (mydomain.com: Junk encountered in mechanism '+ptr:')

The senders are XXXX@mydomain.com which of course is not true.
I had in my previous configuration the + sign in front of ptr and a thinking that told it to accept ( based on syntax I have seen ) but have since removed that and still get some of this fake sender spam.

Any help appreciated!



> -----Original Message-----
> From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
> Sent: Saturday, May 16, 2009 6:30 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] FW: spf record syntax check
>
> On Sat, May 16, 2009 at 05:13, Joey <Joey@web56.net> wrote:
> >
> > I must be confused here, but I thought putting the SPF record like below
> > would ALLOW my domains, and an expected other domain, and then -all reject
> > the rest. Am I doing something wrong?
> >
> >
> > mydomain.com. IN TXT "v=spf1 +a:earth.mydomain.com +ptr:some-other.com
> > +ptr:mydomain.com -all"
>
> So, that says to allow mail from <user@mydomain.com> to come from:
>
> earth.mydomain.com
> any host who's reverse DNS ends in:
> .some-other.com
> .mydomain.com
>
> (Note that you should avoid the use of ptr where possible).
>
> As you don't say what the problem is, and you obfuscate the domains,
> it's hard to provide anything further ;)
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Sat, 16 May 2009 13:37:41 -0400 "Joey" <Joey@Web56.net> wrote:
> Received-SPF: permerror (mydomain.com: Junk encountered in mechanism
'+ptr:')

You either want ptr (which will be evaluated against mydomain.com) or
ptr:example.com if you want a differernt one. ptr: is an error because it
misses the domain part.

Overall you should (as others have mentioned) avoid ptr if you can.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

OK so here is my current error after fixing the + symbol.
Received-SPF: permerror (mydomain.com: Maximum void DNS look-ups limit (2)
exceeded)

In respect to the PTR you want me to list the 4 or 5 server names that are
acceptable instead of the 1 ptr command right?

Or maybe ip4:x.x.x.x/23


Thanks


> > -----Original Message-----
> > From: Scott Kitterman [mailto:scott@kitterman.com]
> > Sent: Saturday, May 16, 2009 1:46 PM
> > To: spf-help@v2.listbox.com
> > Subject: RE: [spf-help] FW: spf record syntax check
> >
> > On Sat, 16 May 2009 13:37:41 -0400 "Joey" <Joey@Web56.net> wrote:
> > > Received-SPF: permerror (mydomain.com: Junk encountered in mechanism
> > '+ptr:')
> >
> > You either want ptr (which will be evaluated against mydomain.com) or
> > ptr:example.com if you want a differernt one. ptr: is an error because it
> > misses the domain part.
> >
> > Overall you should (as others have mentioned) avoid ptr if you can.
> >
> > Scott K
> >
> >
> > -------------------------------------------
> > Sender Policy Framework: http://www.openspf.org
> > Modify Your Subscription: http://www.listbox.com/member/
> > Archives: https://www.listbox.com/member/archive/1020/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> > Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Sun, May 17, 2009 at 06:02, Joey <Joey@web56.net> wrote:
> OK so here is my current error after fixing the + symbol.
> Received-SPF: permerror (mydomain.com: Maximum void DNS look-ups limit (2)
> exceeded)
>
> In respect to the PTR you want me to list the 4 or 5 server names that are
> acceptable instead of the 1 ptr command right?
>
> Or maybe ip4:x.x.x.x/23

You should use IP addresses (ip4:) where possible to keep DNS lookups
to a minimum.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

OK I have checked my SPF record several times, and it works fine according to online tools like http://tools.bevhost.com/spf/
BUT junk keeps getting through!

I'm at a loss as to what to do.

My spf record looks liks this:
mydomain.com. IN TXT "v=spf1 a: mydomain.com ip4:122.122.122.0/23 ptr:other-expected.com -all"

Can I somewhere raise the limit above 2?

Thanks!


Received: from mail.mydomain.com ([122.122.122.122]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 May 2009 03:44:30 -0400
Received-SPF: permerror (mydomain.com: Maximum void DNS look-ups limit (2) exceeded) receiver=pluto.mydomain.com; identity=mailfrom; envelope-from="jack@mydomain.com"; helo="[200.144.5.29]"; client-ip=200.144.5.45
Received: from [200.144.5.29] (unknown [200.144.5.45])
by mail.mydomain.com (Postfix) with ESMTP id 362DA26400B
for <jack@mydomain.com>; Tue, 19 May 2009 03:43:15 -0400 (EDT)
Message-Id: <200905193858.3A6724DB34D215@[200.144.5.29]>
From: "Swango Marline" <jack@mydomain.com>
To: jack@mydomain.com
Subject: Hey-ho! How ae u?
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Return-Path: jack@mydomain.com
X-OriginalArrivalTime: 19 May 2009 07:44:30.0953 (UTC) FILETIME=[A50AAD90:01C9D855]
Date: 19 May 2009 03:44:30 -0400



> -----Original Message-----
> From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
> Sent: Sunday, May 17, 2009 5:24 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] FW: spf record syntax check
>
> On Sun, May 17, 2009 at 06:02, Joey <Joey@web56.net> wrote:
> > OK so here is my current error after fixing the + symbol.
> > Received-SPF: permerror (mydomain.com: Maximum void DNS look-ups limit (2)
> > exceeded)
> >
> > In respect to the PTR you want me to list the 4 or 5 server names that are
> > acceptable instead of the 1 ptr command right?
> >
> > Or maybe ip4:x.x.x.x/23
>
> You should use IP addresses (ip4:) where possible to keep DNS lookups
> to a minimum.
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

> OK I have checked my SPF record several times, and it works fine according
> to online tools like http://tools.bevhost.com/spf/
> BUT junk keeps getting through!

SPF isn't about rejecting "junk", it's about preventing forgery. That junk
mail and forgery are strongly correlated is merely coincidental...

> I'm at a loss as to what to do.

The trick is to enable others to help you...

> My spf record looks liks this:
> mydomain.com. IN TXT "v=spf1 a: mydomain.com ip4:122.122.122.0/23
> ptr:other-expected.com -all"

mydomain.com is owned by Dotster, and they don't publish that SPF record.
That won't help.

Additionally, other-expected.com isn't a valid domain. That will probably
cause you problems as well.

> Can I somewhere raise the limit above 2?

That would be pointless. You have DNS problems - repeating failed searches
won't help you.

Vic.




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Tue, May 19, 2009 at 13:09, Joey <Joey@web56.net> wrote:
> OK I have checked my SPF record several times, and it works fine according to online tools like http://tools.bevhost.com/spf/
> BUT junk keeps getting through!

"Junk" that claims to be from your domain, or from other domains? If
yours, are you actually having your mail server check SPF records?

> I'm at a loss as to what to do.
>
> My spf record looks liks this:
> mydomain.com. IN TXT "v=spf1 a: mydomain.com ip4:122.122.122.0/23 ptr:other-expected.com -all"

Right, how about publishing the REAL domain. Helping you blind is impossible.

As has been said - DON'T USE PTR. That authorises anything with a
reverse DNS ending in the specified domain. You don't have to control
the domain's DNS to have a reverse DNS of an IP pointing to a domain.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Tue, 19 May 2009 08:09:16 -0400 "Joey" <Joey@Web56.net> wrote:
>Received-SPF: permerror (mydomain.com: Maximum void DNS look-ups limit (2)
exceeded)

This is a problem in your record. Without knowing the domain, it's not
possible to help you further.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com