On 17.09.22 17:12, li...@sbt.net.au wrote:
I have mail server on geko.sbt.net.au serving sbt.net.au as well as
several other TLD domains,
a while back using help from this list, some write ups and mxtoolbox as
means of verifying/testing I've set SPF/DKIM/DMARC (or so I thought...)
as it seemed to pass all test I was able to run, I assumed it was set up
correctly, just now, noticed I get rejected from my own gmail address with
SPF/DKIM (1) (it was working OK in the past)
checking with mxtoolbox:
I get NO SPF for geko.sbt.net.au, I do get SPF for sbt.net.au
do I need SPF record for both mail host as well as domain ?
you only need SPF for geko.sbt.net.au if you want to stop other servers for
impoersonating geko.sbt.net.au (sending it in EHLO/HELO), or if you send
mail from geko.sbt.net.au.
what else am I missing or stuffed up ?
(1)
Sep 16 13:04:55 geko postfix/smtp[2651]: BC9EB200534: to=<x...@gmail.com>,
relay=gmail-smtp-in.l.google.com[172.217.194.26]:25, delay=11,
delays=0.01/0.04/2/8.8, dsn=5.7.26, status=bounced (host
gmail-smtp-in.l.google.com[172.217.194.26] said: 550-5.7.26 This message
does not pass authentication checks (SPF and DKIM both 550-5.7.26 do not
pass). SPF check for [sbt.net.au] does not pass with ip: 550-5.7.26
[103.106.168.106].To best protect our users from spam, the message
550-5.7.26 has been blocked. Please visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for more 550
5.7.26 information. p2-20020a170902e74200b00176a0d8780csi2398305plf.285 -
gsmtp (in reply to end of DATA command))
your domain is registered to ns1.netregistry.net. nameservers:
Name Server: NS1.NETREGISTRY.NET
Name Server: NS2.NETREGISTRY.NET
Name Server: NS3.NETREGISTRY.NET
however, NS records say otherwise:
sbt.net.au. 3600 IN NS ns1.yourdnshost.net.
sbt.net.au. 3600 IN NS ns2.yourdnshost.net.
sbt.net.au. 3600 IN NS ns3.yourdnshost.net.
these servers have the same IP addresses, but such discrepancy can cause you
troubles.
currently 8.8.8.8 (and 1.1.1.1) fail to return response for your domain:
% dig mx sbt.net.au @8.8.8.8
; <<>> DiG 9.16.27-Debian <<>> mx sbt.net.au @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21196
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
also, your nameservers fail to return answer for type ANY:
% dig any geko.sbt.net.au @ns1.yourdnshost.net.
;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au
failed: timed out.
;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au
failed: timed out.
this may and may not cause with google DNS issues.
however, it indicates something broken with your DNS.
google is apparently one of those having problems.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
