Re: General DNS / SPF question

2023-01-09 Thread G.W. Haywood via bind-users 

Hi there,

On Mon, 9 Jan 2023, Michael Muller wrote:

Thanks for responding to my question. Again, if there's a better place 
to ask this question, I can go there. ...


Taking this off list.

--

73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General DNS / SPF question

2023-01-09 Thread Michael Muller via bind-users 

Hi G,

Thanks for responding to my question. Again, if there's a better place 
to ask this question, I can go there. I did not see an SPF list on the 
community list sign-up page .


I updated the SPF to include:_spf.google.com instead of include:gmail.com

Here's a log entry for one attempt to my Yahoo address, today (below). 
Email did not arrive in Inbox, nor to Spam.


I have sent you an email from the account. You can reply to me directly 
if you wish, t...@montaguewebworks.com, not the customer's address.


Thanks,

Mik



[2023.01.09] 14:04:20.505 [209.85.221.43][16101147] rsp: 220 
mail.montaguewebworks.com
[2023.01.09] 14:04:20.505 [209.85.221.43][16101147] connected at 
1/9/2023 2:04:20 PM

[2023.01.09] 14:04:20.505 [209.85.221.43][16101147] Country code: US
[2023.01.09] 14:04:20.709 [209.85.221.43][16101147] cmd: EHLO 
mail-wr1-f43.google.com
[2023.01.09] 14:04:20.709 [209.85.221.43][16101147] rsp: 
250-mail.montaguewebworks.com Hello [209.85.221.43]250-SIZE 
41943040250-AUTH LOGIN CRAM-MD5250-8BITMIME250-DSN250 OK

[2023.01.09] 14:04:20.834 [209.85.221.43][16101147] cmd: AUTH LOGIN
[2023.01.09] 14:04:20.834 [209.85.221.43][16101147] rsp: 334 VXNlcm5hbWU6
[2023.01.09] 14:04:20.927 [209.85.221.43][16101147] Authenticating as 
off...@gelinascompany.com

[2023.01.09] 14:04:20.927 [209.85.221.43][16101147] rsp: 334 UGFzc3dvcmQ6
[2023.01.09] 14:04:21.037 [209.85.221.43][16101147] rsp: 235 
Authentication successful
[2023.01.09] 14:04:21.037 [209.85.221.43][16101147] Authenticated as 
off...@gelinascompany.com
[2023.01.09] 14:04:21.130 [209.85.221.43][16101147] cmd: MAIL 
FROM: SIZE=2589
[2023.01.09] 14:04:21.130 [209.85.221.43][16101147] senderEmail(1): 
off...@gelinascompany.com parsed using: 
[2023.01.09] 14:04:21.130 [209.85.221.43][16101147] rsp: 250 OK 
 Sender ok
[2023.01.09] 14:04:21.130 [209.85.221.43][16101147] Sender accepted. 
Weight: 0. Block threshold: 30.
[2023.01.09] 14:04:21.240 [209.85.221.43][16101147] cmd: RCPT 
TO:
[2023.01.09] 14:04:21.240 [209.85.221.43][16101147] rsp: 250 OK 
 Recipient ok

[2023.01.09] 14:04:21.334 [209.85.221.43][16101147] cmd: DATA
[2023.01.09] 14:04:21.334 [209.85.221.43][16101147] Performing PTR host 
name lookup for 209.85.221.43
[2023.01.09] 14:04:21.334 [209.85.221.43][16101147] PTR host name for 
209.85.221.43 resolved as mail-wr1-f43.google.com
[2023.01.09] 14:04:21.334 [209.85.221.43][16101147] rsp: 354 Start mail 
input; end with .
[2023.01.09] 14:04:21.443 [209.85.221.43][16101147] senderEmail(2): 
off...@gelinascompany.com parsed using: Gelinas Office 


[2023.01.09] 14:04:21.443 [209.85.221.43][16101147] rsp: 250 OK
[2023.01.09] 14:04:21.459 [209.85.221.43][16101147] Received message 
size: 2593 bytes
[2023.01.09] 14:04:21.459 [209.85.221.43][16101147] Successfully wrote 
to the HDR file. (c:\SmarterMail\Spool\proc\122619776.hdr)
[2023.01.09] 14:04:21.459 [209.85.221.43][16101147] Data transfer 
succeeded, writing mail to 122619776.eml (MessageID: 
)

[2023.01.09] 14:04:21.552 [209.85.221.43][16101147] cmd: QUIT
[2023.01.09] 14:04:21.552 [209.85.221.43][16101147] rsp: 221 Service 
closing transmission channel
[2023.01.09] 14:04:21.552 [209.85.221.43][16101147] disconnected at 
1/9/2023 2:04:21 PM




Mik Muller, president
Montague WebWorks
20 River Street, Greenfield, MA
413-320-5336
http://MontagueWebWorks.com
Powered by ROCKETFUSION

On 1/7/2023 6:24 PM, G.W. Haywood via bind-users wrote:

Hi there,

On Sat, 7 Jan 2023, Michael Muller wrote:


This is my first time posting here, and I'm not sure if it's the
right place or not to ask my question. This is a general DNS
question, specifically, I think, SPF.


Probably not really the right place but the SPF users' list has been a
bit dead for a while so let's see what happens.

I host email using SmarterMail, and all 400+ customers either use a 
regular email client (desktop app/mobile device) or the webmail 
interface.


One particular customer wants to use Gmail as their email client for
sending email from their domain.


What's the domain?


I helped set up the settings at gmail for the SMTP server, and did
the google-siteverification and added _include:gmail.com_ to the SPF
TXT record,


The gmail.com SPF record is just a redirect - wasteful.  I'd suggest

include:_spf.google.com

instead.


as well as DKIM and DMARC configured. I get green lights for the
domain from Dmarcian (well, they said I had a duplicate SPF value,
which I have removed).

The emails that get sent *do* arrive for other users on my email 
server, but *not* to email addresses off-server, ie; @live.com


I can see the traffic from gmail in my logs, and it appears the 
emails are sent, but they do not arrive.


Stumped. Any spare brain cells available out there would be appreciated.


Can you show us a log of one of the transactions?  Or perhaps get the
customer to try to send mail to me, I should be able to see everything
that's needed in our server logs.
-- 
Visit

Re: General DNS / SPF question

2023-01-08 Thread G.W. Haywood via bind-users 

Hi there,

On Sun, 8 Jan 2023, Mark Andrews wrote:


Please don't hijack an existing thread by replying to an existing message for a 
unrelated subject. It is bad form. Just create a new message and send it to 
bind-us...@isc.org.


Oh, blast, I missed that, sorry.

--

73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General DNS / SPF question

2023-01-07 Thread G.W. Haywood via bind-users 

Hi there,

On Sat, 7 Jan 2023, Michael Muller wrote:


This is my first time posting here, and I'm not sure if it's the
right place or not to ask my question. This is a general DNS
question, specifically, I think, SPF.


Probably not really the right place but the SPF users' list has been a
bit dead for a while so let's see what happens.

I host email using SmarterMail, and all 400+ customers either use a 
regular email client (desktop app/mobile device) or the webmail interface.


One particular customer wants to use Gmail as their email client for
sending email from their domain.


What's the domain?


I helped set up the settings at gmail for the SMTP server, and did
the google-siteverification and added _include:gmail.com_ to the SPF
TXT record,


The gmail.com SPF record is just a redirect - wasteful.  I'd suggest

include:_spf.google.com

instead.


as well as DKIM and DMARC configured. I get green lights for the
domain from Dmarcian (well, they said I had a duplicate SPF value,
which I have removed).

The emails that get sent *do* arrive for other users on my email server, 
but *not* to email addresses off-server, ie; @live.com


I can see the traffic from gmail in my logs, and it appears the emails 
are sent, but they do not arrive.


Stumped. Any spare brain cells available out there would be appreciated.


Can you show us a log of one of the transactions?  Or perhaps get the
customer to try to send mail to me, I should be able to see everything
that's needed in our server logs.

--

73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General DNS / SPF question

2023-01-07 Thread Mark Andrews 
Please don’t hijack an existing thread by replying to an existing message for a 
unrelated subject. It is bad form. Just create a new message and send it to 
bind-us...@isc.org. 

-- 
Mark Andrews

> On 8 Jan 2023, at 09:07, Michael Muller via bind-users 
>  wrote:
> 
> 
> Hello everyone,
> 
> This is my first time posting here, and I'm not sure if it's the right place 
> or not to ask my question. This is a general DNS question, specifically, I 
> think, SPF.
> 
> (Btw, I do use Bind in my system, so that's why I'm here.)
> 
> I host email using SmarterMail, and all 400+ customers either use a regular 
> email client (desktop app/mobile device) or the webmail interface.
> 
> One particular customer wants to use Gmail as their email client for sending 
> email from their domain. I helped set up the settings at gmail for the SMTP 
> server, and did the google-siteverification and added include:gmail.com to 
> the SPF TXT record, as well as DKIM and DMARC configured. I get green lights 
> for the domain from Dmarcian (well, they said I had a duplicate SPF value, 
> which I have removed).
> 
> The emails that get sent *do* arrive for other users on my email server, but 
> *not* to email addresses off-server, ie; @live.com
> 
> I can see the traffic from gmail in my logs, and it appears the emails are 
> sent, but they do not arrive.
> 
> Stumped. Any spare brain cells available out there would be appreciated.
> 
> Thanks,
> 
> Mik
> 
> Mik Muller, president
> Montague WebWorks
> 20 River Street, Greenfield, MA
> 413-320-5336
> http://MontagueWebWorks.com
> Powered by ROCKETFUSION
> On 1/7/2023 3:11 PM, Anders Löwinger wrote:
>> Hi
>> 
>> I have some trouble with the parental-agents. Anyone seen this before/can 
>> give me a clue to get this working?
>> 
>> Tried with my two recursive resolvers first, then localhost. No difference.
>> 
>> From the log
>> 
>> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response 
>> from 2a00:f680:100:1501::32#53
>> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response 
>> from 2a00:f680:10:1501::33#53
>> named[3428351]: zone lowinger.se/IN (signed): checkds: empty DS response 
>> from 127.0.0.1#53
>> 
>> zone "lowinger.se" {
>> 
>> type primary;
>> file "lowinger.se";
>> dnssec-policy lowinger-policy;
>> inline-signing yes;
>> // parental-agents {
>> // 2a00:f680:100:1501::32;
>> // 2a00:f680:100:1501::33;
>> // };
>>   
>> parental-agents { 127.0.0.1; };
>> };
>> 
>> BIND 9.18.10-1+ubuntu22.04.1+isc+1-Ubuntu (Stable Release) 
>> 
>> 
>> dig has no problem resolving the DS record.
>> 
>> # dig @127.0.0.1 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> # dig @2a00:f680:100:1501::32 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> # dig @2a00:f680:100:1501::33 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> 
>> 
>> 
>> -- 
>> Regards / Med vänlig hälsning
>> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>> 
>> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users