folks, correct me if wrong...please! using an spf record could cripple e-mails sent via an isp's smtp server??? as we know, many of them do not allow you to connect to an smtp server outside of their network... i am guessing the way to do all of this properly is to configure the spf record, and ensure all users are using the submission port to submit outgoing e-mail viw the domain's server. is this correct? any missing points?
_____ From: Francisco Paco Peralta [mailto:[EMAIL PROTECTED] Sent: Thursday, October 11, 2007 8:27 AM To: [email protected] Subject: Re: [qmailtoaster] spf-reject Okay, thanks for the response! The following is the contents of my named.conf file. I really don't see anything with my domain name (velocity-med.com) (see below):. I guess that means that I am not the master, which is fine as I will just have to contact them to have DNS updated with my spf info. **************************************************** # cat /etc/named.conf // // named.conf for Red Hat caching-nameserver // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; include "/etc/rndc.key"; ******************************************************************* I typed in whois for my domain name and that resulted in (excerpted from output): ************************* Name Servers: ns.propagation.net ns2.propagation.net ns3.propagation.net ns4.propagation.net ************************* I will contact my host provider and ask them to fill in the spf info which after using the online tool looks like below: v=spf1 a mx ~all If anything is glowingly wrong please let me know. Francisco "Paco" Peralta ----- Original Message ---- From: Tim Mancour <[EMAIL PROTECTED]> To: [email protected] Sent: Thursday, October 11, 2007 10:20:54 AM Subject: RE: [qmailtoaster] spf-reject If you are the master then there should be a entry in your /etc/named.conf file - something like this: zone "myexample.com" IN { type master; file "myexample.com"; allow-update { none; }; }; There are two other web sites; http:// <http://www.openspf.org/SPF_Record_Syntax> www.dnsstuff.com has a DNSReport tool for testing your DNS settings and http://www.openspf.org/ explains SPF, the syntax and even has a wizard to generate SPF records. Regards, Tim _____ From: Francisco Paco Peralta [mailto:[EMAIL PROTECTED] Sent: Thursday, October 11, 2007 9:52 AM To: [email protected] Subject: Re: [qmailtoaster] spf-reject Just to clarify. This exercise started out with a person emailing me and their email not getting through my server because of their spf settings, but when I checked my own settings it seems I didn't have spf configured correctly either. My question with your suggestion is....I am running BIND (named) on my server and I do see my domain zone but I don't know if it is the "master", how do I find out? How do I know if my server is "just a cache server" or not? Is there a way to determine that? Francisco "Paco" Peralta ----- Original Message ---- From: aledr <[EMAIL PROTECTED]> To: [email protected] Sent: Wednesday, October 10, 2007 10:17:21 PM Subject: Re: [qmailtoaster] spf-reject You should do It in the DNS Server that has your domain zone (master). Probably your own DNS Server (or is it just a cache server?) Regards 2007/10/10, Francisco Paco Peralta <[EMAIL PROTECTED]>: > > The Toaster is running on a dedicated server with an isp. Do I have to put > the spf record in my server (I have BIND running) or is this something my > isp needs to do with his DNS server? > Francisco "Paco" Peralta > > > ----- Original Message ---- > From: Tim Mancour <[EMAIL PROTECTED]> > To: [email protected] > Sent: Wednesday, October 10, 2007 11:15:19 AM > Subject: RE: [qmailtoaster] spf-reject > > > The following site allows you to test their SPF record against the Email's > domain - http://www.seoconsultants.com/tools/spf/ > The server's address passes this test so they have probably recently fixed > there SPF record. > > ________________________________ > > From: Jake Vickers [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 10, 2007 10:48 AM > To: [email protected] > Subject: Re: [qmailtoaster] spf-reject > > > Francisco Paco Peralta wrote: > > Hello List, > > A customer recently informed me that his emails were getting rejected by my > server. I took a look at the smtp logs and found the following (I have > changed the email address to x's to protect the innocent): > > ************************************* > 10-09 15:59:23 tcpserver: status: 1/100 > 10-09 15:59:23 tcpserver: pid 21603 from 208.205.82.13 > 10-09 15:59:23 tcpserver: ok 21603 mail.velocity-med.com:64.182.11.225:25 > :208.205.82.13::58133 > 10-09 15:59:24 CHKUSER accepted sender: from <[EMAIL PROTECTED]::> > remote <l17xexch3.corp.ad.publix.com:unknown:208.205.82.13> rcpt <> : sender > accepted > 10-09 15:59:24 qmail-smtpd: spf-reject: HELO(l17xexch3.corp.ad.publix.com) > from 208.205.82.13. MAILFROM:[EMAIL PROTECTED] > 10-09 15:59:24 tcpserver: end 21603 status 0 > 10-09 15:59:24 tcpserver: status: 0/100 > ************************************* > > Also I did as follows: > ******************* > # cat /var/qmail/control/spfbehavior > 3 > ******************* > > What do I have to do to allow his emails to get through to me? > > Francisco "Paco" Peralta > > > He can either fix his SPF record, or you can lower the criteria on your > system for everyone by adjusting to a value listed on the wiki: > http://wiki.qmailtoaster.com/index.php/Spf > > > -- [ ]'s Aledr - Alexandre "OpenSource Solutions for SmallBusiness Problems" --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
