Re: ot: SPF/DKIM woes

2022-09-18 Thread Simon Wilson
- Message from Viktor Dukhovni - Date: Sat, 17 Sep 2022 23:26:34 -0400 From: Viktor Dukhovni Reply-To: postfix-users@postfix.org Subject: Re: ot: SPF/DKIM woes To: postfix-users@postfix.org On Sat, Sep 17, 2022 at 10:39:46AM -0400, Viktor Dukhovni wrote: If this

Re: ot: SPF/DKIM woes

2022-09-18 Thread Viktor Dukhovni
On Sun, Sep 18, 2022 at 06:34:11PM +1000, li...@sbt.net.au wrote: > I'll try to summarize how it went: The summary largely misses the point. Your DNS provider had a major outage (plausibly a DDoS, though they haven't said so outright). DNS queries from many sources were consequently dropped. D

Re: ot: SPF/DKIM woes

2022-09-18 Thread Benny Pedersen
raf skrev den 2022-09-18 01:47: The logfile message showed that the envelope sender domain was sbt.net.au, not geko.sbt.net.au. fair, but spamassassin should say spf_helo_pass on this subdomain i have lost ip now, but myhostname in postfix should be spf helo pass dig mx.junc.eu txt dig junc.

Re: ot: SPF/DKIM woes

2022-09-18 Thread lists
thank you, everyone, much appreciate advice and testing! I'll try to summarize how it went: user is India complained he couldn't access geko.sbt.net.au mail server as there was an issue with some 'links' at data centre reported few hours earlier, I assumed it was related and didn't try to test n

Re: ot: SPF/DKIM woes

2022-09-17 Thread Viktor Dukhovni
On Sat, Sep 17, 2022 at 10:39:46AM -0400, Viktor Dukhovni wrote: > If this domain was in fact served by netregistry.net, that could well > have been the problem. There is an ongoing over 24hour DNS outage at > netregistry.net (where, e.g., they seem to be dropping all DNS queries > from most Goog

Re: ot: SPF/DKIM woes

2022-09-17 Thread raf
On Sat, Sep 17, 2022 at 01:46:10PM +0200, Benny Pedersen wrote: > li...@sbt.net.au skrev den 2022-09-17 09:12: > > I have mail server on geko.sbt.net.au serving sbt.net.au as well as > > several other TLD domains, > > https://dmarcian.com/spf-survey/?domain=geko.sbt.net.au > > there is no spf t

Re: ot: SPF/DKIM woes

2022-09-17 Thread raf
On Sat, Sep 17, 2022 at 11:54:57AM +0200, Matus UHLAR - fantomas wrote: > On 17.09.22 17:12, li...@sbt.net.au wrote: > > I have mail server on geko.sbt.net.au serving sbt.net.au as well as > > several other TLD domains, > > a while back using help from this list, some write ups and mxtoolbox as

Re: ot: SPF/DKIM woes

2022-09-17 Thread postfix
It has been my experience that it is beneficial to include SPF and DMARC records for the mail server's hostname along with the domain name. Domain example.com with mail server mail.example.com: @IN TXT "v=spf1 a mx -all" mail IN TXT "v=spf1 include:example.com -all" _dma

Re: ot: SPF/DKIM woes

2022-09-17 Thread Viktor Dukhovni
On Sat, Sep 17, 2022 at 11:54:57AM +0200, Matus UHLAR - fantomas wrote: > your domain is registered to ns1.netregistry.net. nameservers: > > Name Server: NS1.NETREGISTRY.NET > Name Server: NS2.NETREGISTRY.NET > Name Server: NS3.NETREGISTRY.NET > > however, NS records say otherwise: > > sbt.net.

Re: ot: SPF/DKIM woes

2022-09-17 Thread lists
On Sat, September 17, 2022 7:54 pm, Matus UHLAR - fantomas wrote: > your domain is registered to ns1.netregistry.net. nameservers: > > Name Server: NS1.NETREGISTRY.NET > Name Server: NS2.NETREGISTRY.NET > Name Server: NS3.NETREGISTRY.NET > > > however, NS records say otherwise: > > sbt.net.au.

Re: ot: SPF/DKIM woes

2022-09-17 Thread Benny Pedersen
Matus UHLAR - fantomas skrev den 2022-09-17 11:54: % dig any geko.sbt.net.au @ns1.yourdnshost.net. ;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au failed: timed out. ;; Connection to 203.209.194.250#53(203.209.194.250) for geko.sbt.net.au failed: timed out. https://mul

Re: ot: SPF/DKIM woes

2022-09-17 Thread Benny Pedersen
li...@sbt.net.au skrev den 2022-09-17 09:12: I have mail server on geko.sbt.net.au serving sbt.net.au as well as several other TLD domains, https://dmarcian.com/spf-survey/?domain=geko.sbt.net.au there is no spf there, dmarc will not pass on missing subdomains, spf will be none avoid unneed

Re: ot: SPF/DKIM woes

2022-09-17 Thread Benny Pedersen
raf skrev den 2022-09-17 11:30: "v=spf1 ip4:103.106.168.106 ip4:103.106.168.105 ip4:125.168.124.3 include:_spf.google.com ~all" include _spf.google.com is unneeded https://dmarcian.com/spf-survey/?domain=sbt.net.au sbt.net.au will pass without, if the ip that send email to google is liste

Re: ot: SPF/DKIM woes

2022-09-17 Thread Benny Pedersen
li...@sbt.net.au skrev den 2022-09-17 09:12: I get NO SPF for geko.sbt.net.au, I do get SPF for sbt.net.au you need spf rr pr enveloper sender domains, and that include subdomains, only dmarc dont need subdomains dmarc, confused ?, yes but it imho very simple, and lastly remember envelope se

Re: ot: SPF/DKIM woes

2022-09-17 Thread Matus UHLAR - fantomas
On 17.09.22 17:12, li...@sbt.net.au wrote: I have mail server on geko.sbt.net.au serving sbt.net.au as well as several other TLD domains, a while back using help from this list, some write ups and mxtoolbox as means of verifying/testing I've set SPF/DKIM/DMARC (or so I thought...) as it seemed t

Re: ot: SPF/DKIM woes

2022-09-17 Thread raf
On Sat, Sep 17, 2022 at 05:12:40PM +1000, li...@sbt.net.au wrote: > I have mail server on geko.sbt.net.au serving sbt.net.au as well as > several other TLD domains, > a while back using help from this list, some write ups and mxtoolbox as > means of verifying/testing I've set SPF/DKIM/DMARC (or so

ot: SPF/DKIM woes

2022-09-17 Thread lists
I have mail server on geko.sbt.net.au serving sbt.net.au as well as several other TLD domains, a while back using help from this list, some write ups and mxtoolbox as means of verifying/testing I've set SPF/DKIM/DMARC (or so I thought...) as it seemed to pass all test I was able to run, I assumed