Simon Wilson wrote:
I have set up Postfix for SPF for my domain simonandkate.net. Incoming
emails are being checked fine, but I am not 100% certain on setting up
the TXT record for outgoing emails.
I realise my Postfix config is working fine, but thought this list may
be able to quickly help me with the outgoing. Can someone with more
expertise advise on my TXT record please?
My mail server is mail.simonandkate.net, IP address is 59.167.212.191.
MX records are mail.simonandkate.net 10 and mail.bluetie.com 20.
From my reading at openspf.org I have come up with:
TXT v=spf1 a mx ip4:59.167.212.191 ~all
The mx bit to cover the mx records for the domain, the ip4 because
59.167.212.191 doesn't resolve back to mail.simonandkate.net but to
ppp212-191.static.internode.on.net.
The ~all to softfail until I make sure all is working OK.
The reason I am not sure is that the two email addresses at
http://www.openspf.org/Tools for verifying setup respond differently:
1. spf-t...@openspf.org responds with:
May 11 21:17:35 server04 postfix/smtp[26922]: 6A763573DF:
to=<spf-t...@openspf.org>,
relay=mailout02.controlledmail.com[72.81.252.18]:25, delay=2.7,
delays=0.02/0.03/0.85/1.8, dsn=5.7.1, status=bounced (host
mailout02.controlledmail.com[72.81.252.18] said: 550 5.7.1
<spf-t...@openspf.org>: Recipient address rejected: SPF Tests:
Mail-From Result="pass": Mail From="si...@simonandkate.net" HELO
name="mail.simonandkate.net" HELO Result="permerror" Remote
IP="59.167.212.191" (in reply to RCPT TO command))
The bounce is normal, as is the address rejection. The Mail From
result is pass, but the HELO result is a permerror.
2. check-a...@verifier.port25.com responds with:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: mail.simonandkate.net
Source IP: 59.167.212.191
mail-from: si...@simonandkate.net
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=si...@simonandkate.net
DNS record(s):
simonandkate.net. 3600 IN TXT "v=spf1 a mx ip4:59.167.212.191 ~all"
simonandkate.net. A (no records)
simonandkate.net. 3600 IN MX 20 mail.bluetie.com.
simonandkate.net. 3600 IN MX 10 mail.simonandkate.net.
mail.bluetie.com. 86400 IN A 206.65.164.155
mail.simonandkate.net. 3598 IN A 59.167.212.191
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.from=si...@simonandkate.net
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.from=si...@simonandkate.net
DNS record(s):
simonandkate.net. 3600 IN TXT "v=spf1 a mx ip4:59.167.212.191 ~all"
simonandkate.net. A (no records)
simonandkate.net. 3600 IN MX 20 mail.bluetie.com.
simonandkate.net. 3600 IN MX 10 mail.simonandkate.net.
mail.bluetie.com. 86400 IN A 206.65.164.155
mail.simonandkate.net. 3598 IN A 59.167.212.191
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)
Result: ham (2.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.2655]
0.0 HTML_MESSAGE BODY: HTML included in message
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
Is my TXT record OK? Do I need the IP4 entry?
Thanks.
Your setup of the SPF record is ok, however you should leave out the "a"
and "mx" directive as they have no use here unless you want to send mail
over "mail.bluetie.com" as well.
This SPF Record should work for you:
TXT v=spf1 ip4:59.167.212.191 -all
The HELO "permerror" is probably because your IP resolves to
ppp212-191.static.internode.on.net but cannot be resolved back to an IP
again, or because your HELO hostname does not match the
reverse-looked-up IP.
However your setup seems fine. :-)
Regards,
Mathias
