Re: Double messages in comp.protocols.dns.bind
In article , Barry Margolin wrote: > It looks like there are two mail-to-news gateways running for > bind-users, so every message to the list is being posted twice to the > newsgroup. ... But at least messages are now being posted to the newsgroup - the gatewaying, at least as seen from here and from Google, went AWOL on 4 June 09. Postings from 15 Aug onward have now appeared. So thank you, ISC, even if the gatewaying is now a little overenthusiastic. :-) Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I have a question concerning the spf
I use bind, and I have a configuration that seems normal to me on my server Here fakessh.eu. IN MX 10fakessh.eu. fakessh.eu. IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" problem is when I'm trying to configure my mail server via check-a...@verifier.port25.com and check-au...@verifier.port25.com spf field is marked as neutral, also follows senderid as neutral how to have the SPF OK, knowing that neutral is not really an answer I have enclosed a return from this location check-au...@verifier.port25.com This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at . Thank you for using the verifier, The Port25 Solutions, Inc. team == Summary of Results == SPF check: neutral DomainKeys check: pass DKIM check: pass Sender-ID check: neutral SpamAssassin check: ham == Details: == HELO hostname: r13151.ovh.net Source IP: 94.23.60.214 mail-from: fake...@fakessh.eu -- SPF check details: -- Result: neutral (SPF-Result: Neutral) ID(s) verified: smtp.mail=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 -- DomainKeys check details: -- Result: pass ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" -- DKIM check details: -- Result: pass (matches From: fake...@fakessh.eu) ID(s) verified: header.d=fakessh.eu Canonicalized Headers: From:'20'"fake...@fakessh.eu"'20''0D''0A' To:'20'check-a...@verifier.port25.com,'0D''0A' '20'check-au...@verifier.port25.com'0D''0A' Date:'20'Mon,'20'24'20'Aug'20'2009'20'18:17:05'20'+0200'0D''0A' MIME-Version:'20'1.0'0D''0A' Content-Type:'20'text/plain;'0D''0A' '20''20'charset="us-ascii"'0D''0A' Content-Transfer-Encoding:'20'7bit'0D''0A' Message-Id:'20'<200908241817.06403.fake...@fakessh.eu>'0D''0A' DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple;'20'd=fakessh.eu;'20'h=from:to:date'0D''0A' '09':mime-version:content-type:content-transfer-encoding:message-id;'0D''0A' '09''20's=mail;'20'bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;'20'b= Canonicalized Body: '0D''0A' DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. -- Sender-ID check details: -- Result: neutral (SPF-Result: Neutral) ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 -- SpamAssassin check details: -- SpamAssassin v3.2.5 (2008-06-10) Result: ham (2.7 points, 5.0 required) pts rule name description -- -- 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) -2.6 BAYES_00 BODY: Bayesian
RE: I have a question concerning the spf
You've specified your policy as "neutral" in your SPF record with "?all". Try "-all", or "+all" if you're not ready to put some meat on your SPF plate. -- Chris Faehl Hosting Engineering Systems Manager, RightNow Technologies -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of fakessh Sent: Monday, August 24, 2009 10:32 AM To: Bind users; Bind users Subject: I have a question concerning the spf I use bind, and I have a configuration that seems normal to me on my server Here fakessh.eu. IN MX 10fakessh.eu. fakessh.eu. IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" problem is when I'm trying to configure my mail server via check-a...@verifier.port25.com and check-au...@verifier.port25.com spf field is marked as neutral, also follows senderid as neutral how to have the SPF OK, knowing that neutral is not really an answer I have enclosed a return from this location check-au...@verifier.port25.com This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at . Thank you for using the verifier, The Port25 Solutions, Inc. team == Summary of Results == SPF check: neutral DomainKeys check: pass DKIM check: pass Sender-ID check: neutral SpamAssassin check: ham == Details: == HELO hostname: r13151.ovh.net Source IP: 94.23.60.214 mail-from: fake...@fakessh.eu -- SPF check details: -- Result: neutral (SPF-Result: Neutral) ID(s) verified: smtp.mail=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 -- DomainKeys check details: -- Result: pass ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" -- DKIM check details: -- Result: pass (matches From: fake...@fakessh.eu) ID(s) verified: header.d=fakessh.eu Canonicalized Headers: From:'20'"fake...@fakessh.eu"'20''0D''0A' To:'20'check-a...@verifier.port25.com,'0D''0A' '20'check-au...@verifier.port25.com'0D''0A' Date:'20'Mon,'20'24'20'Aug'20'2009'20'18:17:05'20'+0200'0D''0A' MIME-Version:'20'1.0'0D''0A' Content-Type:'20'text/plain;'0D''0A' '20''20'charset="us-ascii"'0D''0A' Content-Transfer-Encoding:'20'7bit'0D''0A' Message-Id:'20'<200908241817.06403.fake...@fakessh.eu>'0D''0A' DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple;'20'd=fakessh.eu;'20'h=from:to:date'0D''0A' '09':mime-version:content-type:content-transfer-encoding:message-id;'0D''0A' '09''20's=mail;'20'bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;'20'b= Canonicalized Body: '0D''0A' DNS record(s): mail._domainkey.fakessh.eu. 38400 IN TXT "k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9fPmEi5XsPtXlqwyWX0sho5YXtCz+YVTS8EbKTFn6POlxMgAj6x/FjMEv2TnRm02AEXMK6we68pWR+SkEufjwQ+7zGpOp2wdLLLNBjatX/bzxQoQmpOuQJzA9hi9NTShZLM4TJVdTCBIp62M0ryHmeW2GiFOrw+8mX5x3nNt7BQIDAQAB" NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. -- Sender-ID check details: -- Result: neutral (SPF-Result: Neutral) ID(s) verified: header.from=fake...@fakessh.eu DNS record(s): fakessh.eu. 38400 IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.186.232 fakessh.eu. 38400 IN MX 10 fakessh.eu. fakessh.eu. 38400 IN A 87.98.1
Re: Double messages in comp.protocols.dns.bind
In article , Sam Wilson wrote: > In article , > Barry Margolin wrote: > > > It looks like there are two mail-to-news gateways running for > > bind-users, so every message to the list is being posted twice to the > > newsgroup. ... > > But at least messages are now being posted to the newsgroup - the > gatewaying, at least as seen from here and from Google, went AWOL on 4 > June 09. Postings from 15 Aug onward have now appeared. You're right, I hadn't even noticed that the newsgroup has been silent for several months. > > So thank you, ISC, even if the gatewaying is now a little > overenthusiastic. :-) It's gotten worse. Today I'm seeing quadruple messages in the "I have a question concerning the spf" thread. Two plain text messages, and two that are just a big block of base64 encoding. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Double messages in comp.protocols.dns.bind
It's gotten worse. Today I'm seeing quadruple messages in the "I have a question concerning the spf" thread. Two plain text messages, and two that are just a big block of base64 encoding. Strangely enough, just for that thread, we got 2 identical messages on bind-us...@lists.isc.org. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Double messages in comp.protocols.dns.bind
On Monday 24 August 2009 at 23:32 (CET), Andy Shellam wrote: > > It's gotten worse. Today I'm seeing quadruple messages in the "I have a > > question concerning the spf" thread. Two plain text messages, and two > > that are just a big block of base64 encoding. > > Strangely enough, just for that thread, we got 2 identical messages on > bind-us...@lists.isc.org. Which was addressed to the list twice: To: Bind users , Bind users -- Regards, Ruben Laban Systems and Network Administrator ISM eCompany ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I have a question concerning the spf
At Mon, 24 Aug 2009 18:32:11 +0200, fakessh wrote: > > I use bind, and [...] > fakessh.eu. IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all" > [...] > how to have the SPF OK, knowing that neutral is not really an answer The following is always OK. "v=spf1 +all" Personally, i don't use SPF. Postfix folks don't like that as well, google the archives if you would like to see the evidence ;; Sincerely, -- Byung-Hee HWANG ∑ WWW: http://izb.knu.ac.kr/~bh/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.7.0a2 - deny-answer-addresses
At Fri, 21 Aug 2009 10:42:31 -0500 (CDT),
"Jeremy C. Reed" wrote:
> > deny-answer-addresses {
> > 127/8; 192.168/16; 10/8; 172.16/12;
> > } except-from {
> > "zen.spamhaus.org";
> > "dnsbl-1.uceprotect.net";
> > "dnsbl-1.uceprotect.net";
>
> This is repeated, resulting in "already exists" (via the RBT code).
>
> Maybe we can improve the configuration failure logging for this.
How about the patch copied below? With this it would fail like this:
24-Aug-2009 16:46:41.334
/Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to add
dnsbl-1.uceprotect.net for deny-answer-addresses: already exists
24-Aug-2009 16:46:41.334 loading configuration: already exists
24-Aug-2009 16:46:41.334 exiting (due to fatal error)
[1]6321 exit 1 ./named -c named.conf -g
---
JINMEI, Tatuya
Index: server.c
===
RCS file: /proj/cvs/prod/bind9/bin/named/server.c,v
retrieving revision 1.540
diff -u -r1.540 server.c
--- server.c5 Aug 2009 17:35:33 - 1.540
+++ server.c24 Aug 2009 23:47:35 -
@@ -431,7 +431,14 @@
* for baz.example.com, which is not the expected result.
* We simply use (void *)1 as the dummy data.
*/
- CHECK(dns_rbt_addname(*rbtp, name, (void *)1));
+ result = dns_rbt_addname(*rbtp, name, (void *)1);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(nameobj, ns_g_lctx, ISC_LOG_ERROR,
+ "failed to add %s for %s: %s",
+ str, confname, isc_result_totext(result));
+ goto cleanup;
+ }
+
}
return (result);
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
