SPF

Mon, 11 May 2009 04:40:57 -0700

I have set up Postfix for SPF for my domain simonandkate.net. Incoming emails are being checked fine, but I am not 100% certain on setting up the TXT record for outgoing emails.
I realise my Postfix config is working fine, but thought this list may be able to quickly help me with the outgoing. Can someone with more expertise advise on my TXT record please? 


My mail server is mail.simonandkate.net, IP address is 59.167.212.191.  
MX records are mail.simonandkate.net 10 and mail.bluetie.com 20.


From my reading at openspf.org I have come up with:

TXT v=spf1 a mx ip4:59.167.212.191 ~all


The mx bit to cover the mx records for the domain, the ip4 because  
59.167.212.191 doesn't resolve back to mail.simonandkate.net but to  
ppp212-191.static.internode.on.net.


The ~all to softfail until I make sure all is working OK.


The reason I am not sure is that the two email addresses at  
http://www.openspf.org/Tools for verifying setup respond differently:


1. spf-t...@openspf.org responds with:


May 11 21:17:35 server04 postfix/smtp[26922]: 6A763573DF:  
to=<spf-t...@openspf.org>,  
relay=mailout02.controlledmail.com[72.81.252.18]:25, delay=2.7,  
delays=0.02/0.03/0.85/1.8, dsn=5.7.1, status=bounced (host  
mailout02.controlledmail.com[72.81.252.18] said: 550 5.7.1  
<spf-t...@openspf.org>: Recipient address rejected: SPF Tests:  
Mail-From Result="pass": Mail From="si...@simonandkate.net" HELO  
name="mail.simonandkate.net" HELO Result="permerror" Remote  
IP="59.167.212.191" (in reply to RCPT TO command))



The bounce is normal, as is the address rejection. The Mail From  
result is pass, but the HELO result is a permerror.


2. check-a...@verifier.port25.com responds with:

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.simonandkate.net
Source IP:      59.167.212.191
mail-from:      si...@simonandkate.net

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: smtp.mail=si...@simonandkate.net
DNS record(s):
    simonandkate.net. 3600 IN TXT "v=spf1 a mx ip4:59.167.212.191 ~all"
    simonandkate.net. A (no records)
    simonandkate.net. 3600 IN MX 20 mail.bluetie.com.
    simonandkate.net. 3600 IN MX 10 mail.simonandkate.net.
    mail.bluetie.com. 86400 IN A 206.65.164.155
    mail.simonandkate.net. 3598 IN A 59.167.212.191

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.from=si...@simonandkate.net
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: header.from=si...@simonandkate.net
DNS record(s):
    simonandkate.net. 3600 IN TXT "v=spf1 a mx ip4:59.167.212.191 ~all"
    simonandkate.net. A (no records)
    simonandkate.net. 3600 IN MX 20 mail.bluetie.com.
    simonandkate.net. 3600 IN MX 10 mail.simonandkate.net.
    mail.bluetie.com. 86400 IN A 206.65.164.155
    mail.simonandkate.net. 3598 IN A 59.167.212.191

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result:         ham  (2.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS               SPF: sender matches SPF record
-0.2 BAYES_40               BODY: Bayesian spam probability is 20 to 40%
                            [score: 0.2655]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 2.2 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO



Is my TXT record OK? Do I need the IP4 entry?

Thanks.



--
Simon Wilson
www.simonandkate.net






















					Reply via email to