Here is an example of what I had feared would happen
dig gvomail.com txt
; <<>> DiG 9.5.1-P3 <<>> gvomail.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51120
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gvomail.com. IN TXT
;; ANSWER SECTION:
gvomail.com. 1 IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.%{d2} -all"
gvomail.com. 1 IN TXT "spf2.0/pra ip4:12.97.188.59 ip4:12.204.164.254 include:_sidp1.%{d2} ?all"
gvomail.com. 1 IN TXT "spf2.0/mfrom ip4:12.97.188.59 ip4:12.204.164.254 ip4:12.132.193.34/31 include:_sidm1.%{d2} -all"
;; Query time: 48 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Apr 5 14:33:04 2010
;; MSG SIZE rcvd: 302
You can see there is 1 second left now after that i get this
dig gvomail.com txt
; <<>> DiG 9.5.1-P3 <<>> gvomail.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35301
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gvomail.com. IN TXT
;; ANSWER SECTION:
gvomail.com. 300 IN TXT "spf2.0/pra ip4:12.97.188.59 ip4:12.204.164.254 include:_sidp1.%{d2} ?all"
gvomail.com. 300 IN TXT "spf2.0/mfrom ip4:12.97.188.59 ip4:12.204.164.254 ip4:12.132.193.34/31 include:_sidm1.%{d2} -all"
gvomail.com. 300 IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.%{d2} -all"
;; Query time: 64 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Apr 5 14:33:05 2010
;; MSG SIZE rcvd: 302
----- Original Message -----
From: "Aaron Moon" <aaron.m@gogvo.com>
To: spf-help@v2.listbox.com
Sent: Monday, April 5, 2010 2:19:26 PM GMT -06:00 US/Canada Central
Subject: Re: [spf-help] SPF, SID and LONG records
I tried this before with Alan's help. This was what I had previously, but again it seems broken......
it seems that this is round robining through all the gvomail.com. TXT records, so every 300 seconds i get spf fail but SID pass and then 300 seconds later i get SPF pass and sid fail..
:(
This is BIND on cpanel so the ability to follow some of Alan's requests were not exactly doable in the format provided.
-Aaron
----- Original Message -----
From: "Andrew Culver" <aculver@uwo.ca>
To: spf-help@v2.listbox.com
Sent: Monday, April 5, 2010 12:09:36 PM GMT -06:00 US/Canada Central
Subject: Re: [spf-help] SPF, SID and LONG records
Aaron,
Here's what I see:
aculver@aculver:~$ host -t txt _spf1.gvomail.com
;; Truncated, retrying in TCP mode.
_spf1.gvomail.com descriptive text "v=spf1 ip4:12.132.193.34/31
ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31
ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11
ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 "
_spf1.gvomail.com descriptive text "ip4:12.132.193.240/29
ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191
ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28
ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
It seems your records are still too long for UDP. This may be why port25
isn't including _spf1.gvomail.com in its list of DNS records.
Maybe try moving them to multiple names, as opposed to multiple records
under the same name.
gvomail.com. 300 IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254
include:_spf1.%{d2} include:_spf2.%{d2} include:_spf3.%{d2} -all"
_spf1.gvomail.com. 300 IN TXT "v=spf1 ip4:12.132.193.34/31
ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31
ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 -all"
_spf2.gvomail.com. 300 IN TXT "v=spf1 ip4:12.68.140.12/30
ip4:12.68.140.16/31 ip4:12.68.140.18 ip4:12.132.193.240/29
ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 -all"
_spf3.gvomail.com. 300 IN TXT "v=spf1 ip4:12.132.193.192/30
ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28
ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
(I think I copied/pasted correctly, but double check for yourself. Do
the same for your Sender-ID records.)
Andrew
Aaron Moon wrote:
> I have them up now and this is what I get when i use the check tool at port25
>
> The Port25 Solutions, Inc. team
>
> ==========================================================
> Summary of Results
> ==========================================================
> SPF check: fail
> DomainKeys check: pass
> DKIM check: pass
> Sender-ID check: neutral
> SpamAssassin check: ham
>
> ==========================================================
> Details:
> ==========================================================
>
> HELO hostname: g47.gvomail.com
> Source IP: 12.97.188.212
> mail-from: aaron.m@gvomail.com
>
> ----------------------------------------------------------
> SPF check details:
> ----------------------------------------------------------
> Result: fail (not permitted)
> ID(s) verified: smtp.mail=aaron.m@gvomail.com
> DNS record(s):
> gvomail.com. 300 IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.%{d2} -all"
> gvomail.com. 300 IN TXT "spf2.0/pra ip4:12.97.188.59 ip4:12.204.164.254 include:_sidp1.%{d2} ?all"
> gvomail.com. 300 IN TXT "spf2.0/mfrom ip4:12.97.188.59 ip4:12.204.164.254 ip4:12.132.193.34/31 include:_sidm1.%{d2} -all"
> _sidm1.gvomail.com. 300 IN TXT "spf2.0/mfrom ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31 ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 ip4:12.132.193.240/29 "
> _sidm1.gvomail.com. 300 IN TXT "ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
>
>
>
>
> from my understanding of BIND doesn't having multiple gvomail.com. 300 IN TXT mean that every 300 seconds it will rotate through one? because the check results seem to change every 300 seconds
> ----- Original Message -----
> From: "alan" <spfdiscuss@alandoherty.net>
> To: spf-help@v2.listbox.com
> Sent: Monday, April 5, 2010 5:10:53 AM GMT -06:00 US/Canada Central
> Subject: Re: [spf-help] SPF, SID and LONG records
>
> At 08:40 05/04/2010 Monday, Aaron Moon wrote:
>> I am entering this into a BIND dns server so when you use
>> gvomail.com. IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.%{d2} -all"
>> what is the include:_spf1.%{d2} mean? or should i be doing this
>
> it is entered just as typed
> %{d2} means the first and second parts of the domain ie gvomail.com but takes less characters thus is more efficient
> it is only interpereted by the spf client when reading the record so to bind its just palain text
>
>
>> gvomail.com. IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.gvomail.com include:_spf2.gvomail.com -all"
>
> this is also doable but increases the number of characters used unneccisarilly
>
>
>
>> also where you have
>>
>>> _spf1.gvomail.com. IN TXT "v=spf1 ip4:12.132.193.34/31 ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31 ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 "
>>> IN TXT "ip4:12.132.193.240/29 ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
>>
>> I assume the blank for the second txt record is supposed to be
>>
>> _spf2.gvomail.com. jus want to be sure before I commit these records on a live system.
>
> no on bind the name is entered once all following entries are added to that name till a new name is entered
> heres a tiny excerpt from my own dns server to illustrate
>
> $TTL 86400 ; 1 day
> @ IN SOA ns1.ssol.ie. hostmaster.alandoherty.net. (
> 2009122000 ; serial
> 43200 ; refresh (12 hours)
> 7200 ; retry (2 hours)
> 2419200 ; expire (4 weeks)
> 86400 ; minimum (1 day)
> )
> NS puck.nether.net.
> NS ns1.ssol.ie.
> NS ns1.alandoherty.net.
> NS ns1.twisted4life.com.
> NS ns2.ssol.ie.
> NS ns2.alandoherty.net.
> NS ns3.alandoherty.net.
> A 195.2.202.63
> MX 5 mx0.alandoherty.net.
> MX 10 mx10.alandoherty.net.
> MX 20 mx20.alandoherty.net.
> MX 30 mx30.alandoherty.net.
> TXT "v=spf1 redirect=%{l}._spf1.%{d2}._mail.%{d2}"
> ; SPF "v=spf1 redirect=%{l}._spf1.%{d2}._mail.%{d2}"
> TXT "spf2.0/mfrom redirect=%{l}._sid-mfrom.%{d2}._mail.%{d2}"
> TXT "spf2.0/pra redirect=%{l}._sid-pra.%{d2}._mail.%{d2}"
> RP . alan.gothic.ie.
> RP . _contact.alandoherty.net.
> $ORIGIN alandoherty.net.
> c-esmtpsa 3600 A 195.2.202.63
>
> MX 0 .
> TXT "v=spf1 -all"
> RP . _contact
> camera A 193.120.128.254
> MX 0 .
> TXT "v=spf1 -all"
> RP . alan.gothic.ie.
> flatsvr 3600 A 193.120.238.109
> MX 10 mx20
> MX 20 mx10
> MX 30 mx30
> TXT "v=spf1 redirect=%{l}._helo-spf1.%{d2}"
> TXT "spf2.0/mfrom redirect=%{l}._helo-sid-mfrom.%{d2}"
> TXT "spf2.0/pra redirect=%{l}._helo-sid-pra.%{d2}"
> RP . alan.gothic.ie.
> RP . _contact
>
>
>
>> -Aaron
>>
>> ----- Original Message -----
>> From: "alan" <spfdiscuss@alandoherty.net>
>> To: spf-help@v2.listbox.com
>> Sent: Wednesday, March 31, 2010 11:00:50 PM GMT -06:00 US/Canada Central
>> Subject: Re: [spf-help] SPF, SID and LONG records
>>
>> executive summary for the non-readers
>>
>> btw mail me when they are available online and I'll query them direct to look for typos, before you try an automated tester and assume their is an error below and possibly revert
>>
>>> so now the final zone file is 450 - namelength - number of strings is what total must be less than for success
>>>
>>> gvomail.com. IN TXT "v=spf1 ip4:12.97.188.59 ip4:12.204.164.254 include:_spf1.%{d2} -all"
>>> gvomail.com. IN TXT "spf2.0/mfrom ip4:12.97.188.59 ip4:12.204.164.254 ip4:12.132.193.34/31 include:_sidm1.%{d2} -all"
>>> gvomail.com. IN TXT "spf2.0/pra ip4:12.97.188.59 ip4:12.204.164.254 include:_sidp1.%{d2} ?all"
>>>
>>> 235 grand! <450-12-3=435
>>>
>>> _spf1.gvomail.com. IN TXT "v=spf1 ip4:12.132.193.34/31 ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31 ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 "
>>> IN TXT "ip4:12.132.193.240/29 ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
>>>
>>> 411 grand! <450-18-2=430
>>>
>>> _sidm1.gvomail.com. IN TXT "spf2.0/mfrom ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31 ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 ip4:12.132.193.240/29 "
>>> IN TXT "ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 -all"
>>>
>>> 401 grand! <450-19-2=429
>>>
>>> _sidp1.gvomail.com. IN TXT "spf2.0/pra ip4:12.132.193.34/31 ip4:12.132.193.36/31 ip4:12.132.193.46/31 ip4:12.132.193.48/31 ip4:12.97.188.252 ip4:12.204.164.117 ip4:12.68.140.11 ip4:12.68.140.12/30 ip4:12.68.140.16/31 ip4:12.68.140.18 "
>>> IN TXT "ip4:12.132.193.240/29 ip4:12.132.193.248/30 ip4:12.132.193.252 ip4:12.132.193.191 ip4:12.132.193.192/30 ip4:12.97.188.200/29 ip4:12.97.188.208/28 ip4:12.97.188.224/28 ip4:12.97.188.240/30 ip4:12.97.188.244/31 ?all"
>>>
>>> 420 grand! <450-19-2=429
>>>
>>>
>>> you will note as i saw we had wiggle room i ditched the short dns names
>>> so now for spf v1 clients 2 lookups, for sender-id checkers at rcpt-time 2 lookups, and pra checks at data time 2 lookups
>>> fairly compact IMHO
>>>
>>> also NB in text records ensure the first has the trailing space or when they are concatenated {joined} by the receiver they will become messed-up due to lack of necessary space seperator
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework:
http://www.openspf.org [
http://www.openspf.org]
Modify Your Subscription:
http://www.listbox.com/member/ [
http://www.listbox.com/member/]
Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com -------------------------------------------
Sender Policy Framework:
http://www.openspf.org [
http://www.openspf.org]
Modify Your Subscription:
http://www.listbox.com/member/ [
http://www.listbox.com/member/]
Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com -------------------------------------------
Sender Policy Framework:
http://www.openspf.org [
http://www.openspf.org]
Modify Your Subscription:
http://www.listbox.com/member/ [
http://www.listbox.com/member/]
Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com