On Oct 18, 2012, at 14:01, Nick Rosier wrote: >>> I've got an SPF records as following: >>> >>> bunbun.be. 86400 IN SPF "v=spf1 a mx ptr >>> ip6:xxxx:xxxx:xxxx/64 -all" >>> >>> Haven't noticed any problems. >> >> You should not need to publish IPv6 specific SPF records, if your DNS >> is set up correctly for both your IPv4 and IPv6 addresses. >> >> >From the example above; >> >> == >> $ dig +short mx bunbun.be >> 1000 mx.fakemx.net. >> 1 mail.rkfomh.net. >> >> $ host mail.rkfomh.net >> mail.rkfomh.net has address 87.98.252.31 >> mail.rkfomh.net has IPv6 address 2001:41d0:1:c831::1:1 >> == >> >> If that's the IPv6 address Postfix uses to send mail, the simplest form >> of SPF record would be; >> >> "v=spf1 mx -all" >> >> Provided it's the only source of mail for this domain etc. > It's not the only possible source of mail so I am/was playing safe. >> >> David, please provide some data that documents your problem; what is >> your SPF record, what are the headers that you are reading, and so on? >> >> Nick, please validate your SPF record, because the published one for >> that domain results in a Permerror. > Can you indicate how to specify an IPv6 subnet? Not sure if I need it but I > have some other hosts which can send mail.
Hosts within that IPv6 subnet? This should be a valid SPF record, given that 'bunbun.be' seems to have no A record available; "v=spf1 ip6:2001:41d0:1:c831::/64 mx ptr -all" Note the double colon before the /64. The 'ip6' statement is listed first because if that results in a 'Pass', no lookups are done for the 'mx' or 'ptr', IIRC. I would suggest always validating your SPF record whenever you make a change, especially with more complex setups, using a website like this for example; http://www.kitterman.com/spf/validate.html Cya, Jona
