Mailing List Archive

Newb - How to setup SPF
Hey guys, I know nothing about hosting, dns, etc but need to setup my SPF records. Mail is either not getting delivered, going to spam folders or hosts like AOL or delaying deliver-ability for a few hours before sending.

what information do you need from me to help? I know my server is linux. It's centos, I have root access and cpanel.

I went into cpanel and enabled spf and domainkeys...

It created one SPF record, but I'm not sure it's correct even tho the emails below say it is...


All the sites, dns and mail server are on ip - 206.214.214.57

Have about 50 sites hosted on this server....

dns/host name is on this domain: http://vps.justmydns.net/

Here's 1 site on the server:
funcabinrentals.com

test email sent to spf-test@openspf.org

SMTP error from remote mail server after RCPT TO:<spf-test@openspf.org>:
host mailout02.controlledmail.com [72.81.252.18]:
550 5.7.1 <spf-test@openspf.org>: Recipient address rejected:
SPF Tests: Mail-From Result="pass": Mail From="info@funcabinrentals.com" HELO
name="vps.justmydns.net" HELO Result="none" Remote IP="206.214.214.57"

test email sent to check-auth@verifier.port25.com

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: pass
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname: vps.justmydns.net
Source IP: 206.214.214.57
mail-from: info@funcabinrentals.com

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=info@funcabinrentals.com
DNS record(s):
funcabinrentals.com. 7200 IN TXT "v=spf1 a mx ip4:206.214.214.57 ?all"
funcabinrentals.com. 7200 IN A 206.214.214.57

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From=info@funcabinrentals.com
DNS record(s):
default._domainkey.funcabinrentals.com. 7200 IN TXT "k=rsa;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANbln5QComvPK6X4UZEZJJwilLMB96VbtaxxV3XOwgTcyGG+6qm/fGjaYXp2F7FsuwM9zZbL+YdmHPFC6s5/7QIUd80AN+9Csho0FbMc2mxfT1kQGWMADmqi+bs/XFFWIQIDAQAB;"

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From=info@funcabinrentals.com
DNS record(s):
funcabinrentals.com. 7200 IN TXT "v=spf1 a mx ip4:206.214.214.57 ?all"
funcabinrentals.com. 7200 IN A 206.214.214.57

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result: ham (2.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.8 MISSING_SUBJECT Missing Subject: header
1.4 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
the message passed the authentication test.

"fail"
the message failed the authentication test.

"softfail"
the message failed the authentication test, and the authentication
method has either an explicit or implicit policy which doesn't require
successful authentication of all messages from that domain.

"neutral"
the authentication method completed without errors, but was unable
to reach either a positive or a negative result about the message.

"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally, or
there was a temporary failure retrieving data required for the
authentication. A later retry may produce a more final result.

"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving data required
for the authentication.

==========================================================
Original Email
==========================================================

Return-Path: <info@funcabinrentals.com>
Received: from vps.justmydns.net (206.214.214.57) by verifier.port25.com
(PowerMTA(TM) v3.6a1) id hp7mfs0hse81 for <check-auth@verifier.port25.com>; Sat, 17
Apr 2010 13:16:35 -0400 (envelope-from <info@funcabinrentals.com>)
Authentication-Results: verifier.port25.com smtp.mail=info@funcabinrentals.com;
mfrom=pass;
Authentication-Results: verifier.port25.com header.From=info@funcabinrentals.com;
domainkeys=pass;
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed);
Authentication-Results: verifier.port25.com header.From=info@funcabinrentals.com;
pra=pass;
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=funcabinrentals.com;
h=Message-ID:Date:Subject:From:To:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:Importance;
b=nXCQsArLjU6M2dT4ijYgv+uGqo3/bfvMkdnr/0Be30gvkn+uRswzt4SJ7flX0ZgQ01bybF4BU0QyD1ZzU6GGB2x0HGTGax0eBdEoLyd5lpHwJxigFIsSFaL4W3adClQD;
Received: from localhost.localdomain ([127.0.0.1] helo=[206.214.214.57])
by vps.justmydns.net with esmtpa (Exim 4.69)
(envelope-from <info@funcabinrentals.com>)
id 1O3DXa-0000ul-4R
for check-auth@verifier.port25.com; Sat, 17 Apr 2010 12:18:30 -0700
Received: from 24.5.214.191 ([24.5.214.191])
(SquirrelMail authenticated user info@funcabinrentals.com)
by 206.214.214.57 with HTTP;
Sat, 17 Apr 2010 12:18:54 -0700
Message-ID: <b3102c0d8d885012349ddd8fd64642e0.squirrel@206.214.214.57>
Date: Sat, 17 Apr 2010 12:18:54 -0700
Subject:
From: info@funcabinrentals.com
To: check-auth@verifier.port25.com
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - vps.justmydns.net
X-AntiAbuse: Original Domain - verifier.port25.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - funcabinrentals.com









-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Newb - How to setup SPF [ In reply to ]
On 17-Apr-10, at 3:25 PM, jack tripper wrote:

> Hey guys, I know nothing about hosting, dns, etc but need to setup
> my SPF records. Mail is either not getting delivered, going to spam
> folders or hosts like AOL or delaying deliver-ability for a few
> hours before sending.

First of all. Having an SPF policy is not a guarantee of
deliverability. That is not it's purpose. If you are having problems
with the deliverability of email originating from your server look for
other reasons.

Now, having said that, you should still have an SPF policy as it will
reduce, and hopefully in the future completely prevent, the forgery of
your domains. That is the purpose of SPF.

> All the sites, dns and mail server are on ip - 206.214.214.57
>
>
> Here's 1 site on the server:
> funcabinrentals.com


Using the domain and IP address you quoted above as examples the SPF
policy you have in place is correct although it does contain some
redundancies.

v=spf1 a mx ip4:206.214.214.57 ?all

Since both 'a' and 'mx' resolve to the same IP address that is already
stated in the SPF policy '206.214.214.57' they are redundant and only
serve to create unnecessary lookups. They can be removed so your SPF
policy should look like this.

v=spf1 ip4:206.214.214.57 ?all

Also, you should have a clear understanding of the various 'all'
mechanisms. Although '?all' can be used for testing, normally you'd
want to use '~all' as no receiver should reject mail using that.
Eventually, once you are satisfied that your SPF policy is correct,
you should change it to '-all'. That way forgeries of your domain can
be dealt with properly.

As for Domain Keys, maybe someone else can chime in or you can ask on
another more appropriate mailing list.



--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Newb - How to setup SPF [ In reply to ]
ok from the information supplied their are two problems i can see with the spf records you currently have

A the spf record for funcabinrentals.com {known as an mfrom or envelope-sender spf record}
is unnecessarily long and slow to process {redundatnt information and mis-ordered
it currently reads "v=spf1 a mx ip4:206.214.214.57 ?all"
order should always be ip4 then A then MX {and MX should only be used if absolutely necessary as it is a waste of time/effort in most cases}

it would be faster and just as accurate to have
"v=spf1 ip4:206.214.214.57 ?all" as both the a and mx eventually resolve to the same ip anyway

next the helo you greet with "vps.justmydns.net" has no spf record at all and should be the same "v=spf1 ip4:206.214.214.57 -all"
{note the -all as helo spf records have 0 possibility of legitimately coming from another ip, as your servername being used as a greeting by any other server is a clear forgery attempt}

lastly you mention you have 50ish domains, so to enable better caching for receivers etc. the simplest would be to create 1 "provider" spf record and then use includes in all your client domains to reference that one central policy.

ie as justmydns.net is the primary name of the box it would be a good candidate for the provider name

so you could setup
vps.justmydns.net with "v=spf1 ip4:206.214.214.57 -all"
and
_client-spf.justmydns.net with "v=spf1 ip4:206.214.214.57 ?all"

then for all "client" domains such as funcabinrentals.com
you setup an spf of "v=spf1 include:_client-spf.justmydns.net ?all"

so if you say move ip in the future 1 edit to _client-spf.justmydns.net gets included in all 50 domains automatically without any extra work



At 20:25 17/04/2010 Saturday, jack tripper wrote:
>Hey guys, I know nothing about hosting, dns, etc but need to setup my SPF records. Mail is either not getting delivered, going to spam folders or hosts like AOL or delaying deliver-ability for a few hours before sending.
>
>what information do you need from me to help? I know my server is linux. It's centos, I have root access and cpanel.
>
>I went into cpanel and enabled spf and domainkeys...
>
>It created one SPF record, but I'm not sure it's correct even tho the emails below say it is...
>
>
>All the sites, dns and mail server are on ip - 206.214.214.57
>
>Have about 50 sites hosted on this server....
>
>dns/host name is on this domain: http://vps.justmydns.net/
>
>Here's 1 site on the server:
>funcabinrentals.com
>
>test email sent to spf-test@openspf.org
>
> SMTP error from remote mail server after RCPT TO:<spf-test@openspf.org>:
> host mailout02.controlledmail.com [72.81.252.18]:
> 550 5.7.1 <spf-test@openspf.org>: Recipient address rejected:
> SPF Tests: Mail-From Result="pass": Mail From="info@funcabinrentals.com" HELO
>name="vps.justmydns.net" HELO Result="none" Remote IP="206.214.214.57"
>
>test email sent to check-auth@verifier.port25.com
>
>==========================================================
>Summary of Results
>==========================================================
>SPF check: pass
>DomainKeys check: pass
>DKIM check: neutral
>Sender-ID check: pass
>SpamAssassin check: ham
>
>==========================================================
>Details:
>==========================================================
>
>HELO hostname: vps.justmydns.net
>Source IP: 206.214.214.57
>mail-from: info@funcabinrentals.com
>
>----------------------------------------------------------
>SPF check details:
>----------------------------------------------------------
>Result: pass
>ID(s) verified: smtp.mail=info@funcabinrentals.com
>DNS record(s):
> funcabinrentals.com. 7200 IN TXT "v=spf1 a mx ip4:206.214.214.57 ?all"
> funcabinrentals.com. 7200 IN A 206.214.214.57
>
>----------------------------------------------------------
>DomainKeys check details:
>----------------------------------------------------------
>Result: pass
>ID(s) verified: header.From=info@funcabinrentals.com
>DNS record(s):
> default._domainkey.funcabinrentals.com. 7200 IN TXT "k=rsa;
>p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANbln5QComvPK6X4UZEZJJwilLMB96VbtaxxV3XOwgTcyGG+6qm/fGjaYXp2F7FsuwM9zZbL+YdmHPFC6s5/7QIUd80AN+9Csho0FbMc2mxfT1kQGWMADmqi+bs/XFFWIQIDAQAB;"
>
>----------------------------------------------------------
>DKIM check details:
>----------------------------------------------------------
>Result: neutral (message not signed)
>ID(s) verified:
>
>NOTE: DKIM checking has been performed based on the latest DKIM specs
>(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
>older versions. If you are using Port25's PowerMTA, you need to use
>version 3.2r11 or later to get a compatible version of DKIM.
>
>----------------------------------------------------------
>Sender-ID check details:
>----------------------------------------------------------
>Result: pass
>ID(s) verified: header.From=info@funcabinrentals.com
>DNS record(s):
> funcabinrentals.com. 7200 IN TXT "v=spf1 a mx ip4:206.214.214.57 ?all"
> funcabinrentals.com. 7200 IN A 206.214.214.57
>
>----------------------------------------------------------
>SpamAssassin check details:
>----------------------------------------------------------
>SpamAssassin v3.2.5 (2008-06-10)
>
>Result: ham (2.8 points, 5.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
>-0.0 SPF_PASS SPF: sender matches SPF record
> 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
>-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 1.8 MISSING_SUBJECT Missing Subject: header
> 1.4 EMPTY_MESSAGE Message appears to have no textual parts and no
> Subject: text
>
>==========================================================
>Explanation of the possible results (adapted from
>draft-kucherawy-sender-auth-header-04.txt):
>==========================================================
>
>"pass"
> the message passed the authentication test.
>
>"fail"
> the message failed the authentication test.
>
>"softfail"
> the message failed the authentication test, and the authentication
> method has either an explicit or implicit policy which doesn't require
> successful authentication of all messages from that domain.
>
>"neutral"
> the authentication method completed without errors, but was unable
> to reach either a positive or a negative result about the message.
>
>"temperror"
> a temporary (recoverable) error occurred attempting to authenticate
> the sender; either the process couldn't be completed locally, or
> there was a temporary failure retrieving data required for the
> authentication. A later retry may produce a more final result.
>
>"permerror"
> a permanent (unrecoverable) error occurred attempting to
> authenticate the sender; either the process couldn't be completed
> locally, or there was a permanent failure retrieving data required
> for the authentication.
>
>==========================================================
>Original Email
>==========================================================
>
>Return-Path: <info@funcabinrentals.com>
>Received: from vps.justmydns.net (206.214.214.57) by verifier.port25.com
>(PowerMTA(TM) v3.6a1) id hp7mfs0hse81 for <check-auth@verifier.port25.com>; Sat, 17
>Apr 2010 13:16:35 -0400 (envelope-from <info@funcabinrentals.com>)
>Authentication-Results: verifier.port25.com smtp.mail=info@funcabinrentals.com;
>mfrom=pass;
>Authentication-Results: verifier.port25.com header.From=info@funcabinrentals.com;
>domainkeys=pass;
>Authentication-Results: verifier.port25.com; dkim=neutral (message not signed);
>Authentication-Results: verifier.port25.com header.From=info@funcabinrentals.com;
>pra=pass;
>DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=funcabinrentals.com;
> h=Message-ID:Date:Subject:From:To:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:Importance;
> b=nXCQsArLjU6M2dT4ijYgv+uGqo3/bfvMkdnr/0Be30gvkn+uRswzt4SJ7flX0ZgQ01bybF4BU0QyD1ZzU6GGB2x0HGTGax0eBdEoLyd5lpHwJxigFIsSFaL4W3adClQD;
>Received: from localhost.localdomain ([127.0.0.1] helo=[206.214.214.57])
> by vps.justmydns.net with esmtpa (Exim 4.69)
> (envelope-from <info@funcabinrentals.com>)
> id 1O3DXa-0000ul-4R
> for check-auth@verifier.port25.com; Sat, 17 Apr 2010 12:18:30 -0700
>Received: from 24.5.214.191 ([24.5.214.191])
> (SquirrelMail authenticated user info@funcabinrentals.com)
> by 206.214.214.57 with HTTP;
> Sat, 17 Apr 2010 12:18:54 -0700
>Message-ID: <b3102c0d8d885012349ddd8fd64642e0.squirrel@206.214.214.57>
>Date: Sat, 17 Apr 2010 12:18:54 -0700
>Subject:
>From: info@funcabinrentals.com
>To: check-auth@verifier.port25.com
>User-Agent: SquirrelMail/1.4.20
>MIME-Version: 1.0
>Content-Type: text/plain;charset=iso-8859-1
>Content-Transfer-Encoding: 8bit
>X-Priority: 3 (Normal)
>Importance: Normal
>X-AntiAbuse: This header was added to track abuse, please include it with any abuse
>report
>X-AntiAbuse: Primary Hostname - vps.justmydns.net
>X-AntiAbuse: Original Domain - verifier.port25.com
>X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
>X-AntiAbuse: Sender Address Domain - funcabinrentals.com
>
>
>
>
>
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Newb - How to setup SPF [ In reply to ]
You may want to read a kind of tutorial for newbies here
http://www.tai.ro/2010/04/03/postfix-with-dkim-domainkeys-spf-and-sender-id/
(Postfix with DKIM, Domainkeys, SPf and Sender-ID).

Cheers




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com