On Sat, Sep 17, 2022 at 11:54:57AM +0200, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> On 17.09.22 17:12, li...@sbt.net.au wrote: > > I have mail server on geko.sbt.net.au serving sbt.net.au as well as > > several other TLD domains, > > a while back using help from this list, some write ups and mxtoolbox as > > means of verifying/testing I've set SPF/DKIM/DMARC (or so I thought...) > > > > as it seemed to pass all test I was able to run, I assumed it was set up > > correctly, just now, noticed I get rejected from my own gmail address with > > SPF/DKIM (1) (it was working OK in the past) > > > > checking with mxtoolbox: > > > > I get NO SPF for geko.sbt.net.au, I do get SPF for sbt.net.au > > do I need SPF record for both mail host as well as domain ? > > you only need SPF for geko.sbt.net.au if you want to stop other servers for > impoersonating geko.sbt.net.au (sending it in EHLO/HELO), or if you send > mail from geko.sbt.net.au. > > > what else am I missing or stuffed up ? > > > (1) > > Sep 16 13:04:55 geko postfix/smtp[2651]: BC9EB200534: to=<x...@gmail.com>, > > relay=gmail-smtp-in.l.google.com[172.217.194.26]:25, delay=11, > > delays=0.01/0.04/2/8.8, dsn=5.7.26, status=bounced (host > > gmail-smtp-in.l.google.com[172.217.194.26] said: 550-5.7.26 This message > > does not pass authentication checks (SPF and DKIM both 550-5.7.26 do not > > pass). SPF check for [sbt.net.au] does not pass with ip: 550-5.7.26 > > [103.106.168.106].To best protect our users from spam, the message > > 550-5.7.26 has been blocked. Please visit 550-5.7.26 > > https://support.google.com/mail/answer/81126#authentication for more 550 > > 5.7.26 information. p2-20020a170902e74200b00176a0d8780csi2398305plf.285 - > > gsmtp (in reply to end of DATA command)) > > your domain is registered to ns1.netregistry.net. nameservers: > > Name Server: NS1.NETREGISTRY.NET > Name Server: NS2.NETREGISTRY.NET > Name Server: NS3.NETREGISTRY.NET > > however, NS records say otherwise: > > sbt.net.au. 3600 IN NS ns1.yourdnshost.net. > sbt.net.au. 3600 IN NS ns2.yourdnshost.net. > sbt.net.au. 3600 IN NS ns3.yourdnshost.net. > > these servers have the same IP addresses, but such discrepancy can cause you > troubles. > > currently 8.8.8.8 (and 1.1.1.1) fail to return response for your domain: > > % dig mx sbt.net.au @8.8.8.8 > > ; <<>> DiG 9.16.27-Debian <<>> mx sbt.net.au @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21196 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > also, your nameservers fail to return answer for type ANY: > > % dig any geko.sbt.net.au @ns1.yourdnshost.net. > ;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au > failed: timed out. > ;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au > failed: timed out. > > this may and may not cause with google DNS issues. > however, it indicates something broken with your DNS. > google is apparently one of those having problems. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > I drive way too fast to worry about cholesterol. That's wierd. I can see lots of DNS records for sbt.net.au: > host sbt.net.au sbt.net.au has address 103.106.168.106 sbt.net.au mail is handled by 10 geko.sbt.net.au. > host -t txt sbt.net.au sbt.net.au descriptive text "v=spf1 ip4:103.106.168.106 ip4:103.106.168.105 ip4:125.168.124.3 include:_spf.google.com ~all" > host -t any sbt.net.au sbt.net.au mail is handled by 10 geko.sbt.net.au. sbt.net.au has address 103.106.168.106 sbt.net.au descriptive text "v=spf1 ip4:103.106.168.106 ip4:103.106.168.105 ip4:125.168.124.3 include:_spf.google.com ~all" cheers, raf
