On Oct 18, 2012, at 11:20, Nick Rosier wrote: > David Mehler wrote: >> Hello, >> >> Does anyone publish SPF records for IPV6 in DNS? The reason I ask is >> my mail server has both an IPV4 and an IPV6 address and when >> connecting to it via webmail that goes to localhost, it seems as if >> the outgoing connection is either IPV4 or IPV6 depending on whether >> that localhost connection got the v4 or v6 address first. I've got an >> IPV4 SPF record which works fine and validates. On the IPV6 side that >> one doesn't and when reading headers it says so. I'd like to fix this. > I've got an SPF records as following: > > bunbun.be. 86400 IN SPF "v=spf1 a mx ptr > ip6:xxxx:xxxx:xxxx/64 -all" > > Haven't noticed any problems.
You should not need to publish IPv6 specific SPF records, if your DNS is set up correctly for both your IPv4 and IPv6 addresses. From the example above; == $ dig +short mx bunbun.be 1000 mx.fakemx.net. 1 mail.rkfomh.net. $ host mail.rkfomh.net mail.rkfomh.net has address 87.98.252.31 mail.rkfomh.net has IPv6 address 2001:41d0:1:c831::1:1 == If that's the IPv6 address Postfix uses to send mail, the simplest form of SPF record would be; "v=spf1 mx -all" Provided it's the only source of mail for this domain etc. David, please provide some data that documents your problem; what is your SPF record, what are the headers that you are reading, and so on? Nick, please validate your SPF record, because the published one for that domain results in a Permerror. Cya, Jona
