Mailing List Archive

On Wed, Jun 3, 2009 at 03:04, Alan Netherclift <al@dvdindustry.com.au> wrote:
> Hi All.
>
> I have used a SPF record wizard to generate an SPF record and it is
> currently attached to our DNS but I believe there may be a mistake in it.

The Wizard suffers from GIGO - your level of understanding directly
impacts the quality of the resulting record ;)

> The record as it exists at the moment is:
>
> v=spf1 ip4:60.XXX.XXX.XX mx mx:mail.thenameofdomain.com.au ~all
>
> I have been researching this and I know believe that it should read:
>
> v=spf1 ip4:60.XXX.XXX.XX ~all

In general, that is correct. Where your domain sends through a single
host, that format of record is the right one.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

If you are sure you are only going go use that one machine to send out
your mails, you would be better off publishing a harder SPF record, i.e.
v=spf1 ip4:60.xxx.xxx.xx -all
instead of
v=spf1 ip4:60.xxx.xxx.xx ~all

The harder setting means that in case of attempts to spoof your domain by
others, people can reject it outright rather than having to run the SPF
Soft Failed messages through further tests.

Regards,
Prashanth Chengi
National PARAM SuperComputing Facility
System Administration and Networking Group
C-DAC Pune
Ext-183
Mob: 09766044870

--
He who fights with monsters might take care,
lest he thereby become a monster.
-Friedrich Nietzsche

On Wed, 3 Jun 2009, Rob MacGregor wrote:

> On Wed, Jun 3, 2009 at 03:04, Alan Netherclift <al@dvdindustry.com.au> wrote:
>> Hi All.
>>
>> I have used a SPF record wizard to generate an SPF record and it is
>> currently attached to our DNS but I believe there may be a mistake in it.
>
> The Wizard suffers from GIGO - your level of understanding directly
> impacts the quality of the resulting record ;)
>
>> The record as it exists at the moment is:
>>
>> v=spf1 ip4:60.XXX.XXX.XX mx mx:mail.thenameofdomain.com.au ~all
>>
>> I have been researching this and I know believe that it should read:
>>
>> v=spf1 ip4:60.XXX.XXX.XX ~all
>
> In general, that is correct. Where your domain sends through a single
> host, that format of record is the right one.
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Alan Netherclift wrote on 6/2/2009 9:04:45 PM:

> v=spf1 ip4:60.XXX.XXX.XX mx mx:mail.thenameofdomain.com.au ~all

Since "mail.thenameofdomain.com.au" doesn't exist you're
probably hiding it which hinders our ability to help you. However my
guess is that "mail.thenameofdomain.com.au" probably doesn't have an MX
record of its own. See the Common Mistakes FAQ link below.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- And God so loved the world, He didn't sent a committee...

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Sorry Steve,

I've been taught by many a moderator on forums, not to
include details.

The IP Address is 60.242.143.46
The name of the mail server is smail.scribalpublishingmail.com.au
At the domain scribalpublishingmail.com.au

Our DNS is taken care of by our domain registrar and I have already gotten
him to change the SPF record from

v=spf1 ip4:60.242.143.46 mx mx:smail.scibalpublishingmail.com.au ~all

to

v=spf1 ip4:60.242.143.46 ~all

The domain name is specifically for this mail server and there is no website
connected with it. The only hardware attached to the internet connection is
the mail server.
Postfix with virtual users and domains(MySQL) SMTP-AUTH and TLS, Amavisd,
SpamAssassin and ClamAV, Courier and SquirrelMail on a Ubuntu 8.04 LTS
server.
I have registered with Hotmails JMRP, and have organised reverse DNS for the
Domain.

I had used an online tester at blacklistalert.org that had said that there
was a CNAME associated with the DNS that was causing a problem, and I have
since had our domain registrar to remove the CNAME reference.

I am self taught and still quite new to this, I built the mail server myself
and have been running it for the small company that I work for nearly a year
now. It is used exclusively to send out two Newsletters.

I would be very grateful if you could check it out with what ever tools you
use and let me know if there are any troubles.

I am very aware that I still have a lot to learn
Thank you for your help.

Cheers, Al
Alan Netherclift
Scribal Publishing
al@dvdindustry.com.au
03 9428 2727
-----Original Message-----
From: Steve Yates [mailto:steve@teamITS.com]
Sent: Thursday, 4 June 2009 12:02 AM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Unsure of contents of SPF record

Alan Netherclift wrote on 6/2/2009 9:04:45 PM:

> v=spf1 ip4:60.XXX.XXX.XX mx mx:mail.thenameofdomain.com.au ~all

Since "mail.thenameofdomain.com.au" doesn't exist you're
probably hiding it which hinders our ability to help you. However my
guess is that "mail.thenameofdomain.com.au" probably doesn't have an MX
record of its own. See the Common Mistakes FAQ link below.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- And God so loved the world, He didn't sent a committee...

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Alan Netherclift wrote on 6/3/2009 8:02:28 PM:

> I've been taught by many a moderator on forums, not to
> include details.

Well in this case the details actually help you quite a bit,
otherwise it's a guessing game.

> Our DNS is taken care of by our domain registrar and I have already
gotten
> him to change the SPF record from
>
> v=spf1 ip4:60.242.143.46 mx mx:smail.scibalpublishingmail.com.au ~all

It's invalid as I thought because there is no MX for the domain
"smail.scibalpublishingmail.com.au."

> v=spf1 ip4:60.242.143.46 ~all

Much shorter and accurately describes the sending server.
Remember to change it to "-all" when you're done testing.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- That's fine in practice, but it'll never work in theory.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com