Mailing List Archive: SPF: Help

SPF record stopping emails.

Index | Next | Previous | View Threaded

usalabs14 at gmail

May 6, 2008, 9:42 PM

Post #1 of 11 (689 views)
Permalink

SPF record stopping emails.

When I added an SPF record (created using the SPF wizard) to my dns service, I couldn't receive emails, but without an SPF, I can both receive and send with no problems at all.

How can I setup an SPF without blocking incoming emails? Even though my smtp server is locked from being a relay, (I tested it with the mx diagnostics at mxtoolbox), without an SPF someone could still spoof my email address and I can get blacklisted at spamhaus.

My domain name's rDNS points to my ISP, because I have a dynamic IP address, the A records at afraid.org get auto updated using a client.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

May 6, 2008, 11:17 PM

Post #2 of 11 (670 views)
Permalink

Re: SPF record stopping emails. [In reply to]

On Wed, May 7, 2008 at 5:42 AM, Terry <usalabs14[at]gmail.com> wrote:
> When I added an SPF record (created using the SPF wizard) to my dns service, I couldn't receive emails, but without an SPF, I can both receive and send with no problems at all.

Creating an SPF record for your domain would only block incoming emails if:

1) You were checking SPF records
2) People were sending email claiming to be from your domain.

> How can I setup an SPF without blocking incoming emails? Even though my smtp server is locked from being a relay, (I tested it with the mx diagnostics at mxtoolbox), without an SPF someone could still spoof my email address and I can get blacklisted at spamhaus.
>
> My domain name's rDNS points to my ISP, because I have a dynamic IP address, the A records at afraid.org get auto updated using a client.

Can you provide details of the rejections from your mail server's logs
and the domain name in question?

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

usalabs14 at gmail

May 7, 2008, 1:45 AM

Post #3 of 11 (671 views)
Permalink

Re: SPF record stopping emails. [In reply to]

There are no errors in the server log, emails have been successfully sent,
but nothing was received by the recipient,

While I had the SPF record in place, I send an email from my gmail account
to my server (using the gmail web interface), nothing was received, so I
tried the opposite, and sent one from my server to my gmail account, nothing
was received, but, remove the SPF record, my server can send to gmail, and
receive from gmail with no problems at all.

The SPF record (using the wizard) reads:-

"v=spf1 a mx ~all"

The domain I'm trying to set up the SPF record is for tezandbabs.net

----- Original Message -----
From: "Rob MacGregor" <rob.macgregor[at]gmail.com>
To: <spf-help[at]v2.listbox.com>
Sent: Tuesday, May 06, 2008 11:17 PM
Subject: Re: [spf-help] SPF record stopping emails.

> On Wed, May 7, 2008 at 5:42 AM, Terry <usalabs14[at]gmail.com> wrote:
>> When I added an SPF record (created using the SPF wizard) to my dns
>> service, I couldn't receive emails, but without an SPF, I can both
>> receive and send with no problems at all.
>
> Creating an SPF record for your domain would only block incoming emails
> if:
>
> 1) You were checking SPF records
> 2) People were sending email claiming to be from your domain.
>
>> How can I setup an SPF without blocking incoming emails? Even though my
>> smtp server is locked from being a relay, (I tested it with the mx
>> diagnostics at mxtoolbox), without an SPF someone could still spoof my
>> email address and I can get blacklisted at spamhaus.
>>
>> My domain name's rDNS points to my ISP, because I have a dynamic IP
>> address, the A records at afraid.org get auto updated using a client.
>
> Can you provide details of the rejections from your mail server's logs
> and the domain name in question?
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: http://www.listbox.com/member/archive/1020/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

May 7, 2008, 3:04 AM

Post #4 of 11 (661 views)
Permalink

Re: SPF record stopping emails. [In reply to]

On Wed, May 7, 2008 at 9:45 AM, Terry <usalabs14[at]gmail.com> wrote:
> There are no errors in the server log, emails have been successfully sent,
> but nothing was received by the recipient,

Just to avoid confusion, you're talking about mails coming *IN* to
your mail server?

> While I had the SPF record in place, I send an email from my gmail account
> to my server (using the gmail web interface), nothing was received, so I
> tried the opposite, and sent one from my server to my gmail account, nothing
> was received, but, remove the SPF record, my server can send to gmail, and
> receive from gmail with no problems at all.

Your mail logs should show what's going on. What mail server are you using?

> The SPF record (using the wizard) reads:-
>
> "v=spf1 a mx ~all"
>
> The domain I'm trying to set up the SPF record is for tezandbabs.net

Two of the 4 DNS servers for your domain are down, however currently
no SPF record is shown.

http://www.intodns.com/tezandbabs.net

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

usalabs14 at gmail

May 7, 2008, 12:35 PM

Post #5 of 11 (660 views)
Permalink

Re: SPF record stopping emails. [In reply to]

I'm using postfix together with procmail.

The reason there's no current SPF, is because I removed it, until I can find
a solution.

If I kept it, any person that registers on my forum would not receive the
registration confirmation email, sent by my server, without SPF, they can.

I'm not sure why 2 of the 4 dns servers are down, but in the mean time, I'll
contact the service admin and find out why.

----- Original Message -----
From: "Rob MacGregor" <rob.macgregor[at]gmail.com>
To: <spf-help[at]v2.listbox.com>
Sent: Wednesday, May 07, 2008 3:04 AM
Subject: Re: [spf-help] SPF record stopping emails.

> On Wed, May 7, 2008 at 9:45 AM, Terry <usalabs14[at]gmail.com> wrote:
>> There are no errors in the server log, emails have been successfully
>> sent,
>> but nothing was received by the recipient,
>
> Just to avoid confusion, you're talking about mails coming *IN* to
> your mail server?
>
>> While I had the SPF record in place, I send an email from my gmail
>> account
>> to my server (using the gmail web interface), nothing was received, so I
>> tried the opposite, and sent one from my server to my gmail account,
>> nothing
>> was received, but, remove the SPF record, my server can send to gmail,
>> and
>> receive from gmail with no problems at all.
>
> Your mail logs should show what's going on. What mail server are you
> using?
>
>> The SPF record (using the wizard) reads:-
>>
>> "v=spf1 a mx ~all"
>>
>> The domain I'm trying to set up the SPF record is for tezandbabs.net
>
> Two of the 4 DNS servers for your domain are down, however currently
> no SPF record is shown.
>
> http://www.intodns.com/tezandbabs.net
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: http://www.listbox.com/member/archive/1020/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

steve at teamITS

May 7, 2008, 1:05 PM

Post #6 of 11 (661 views)
Permalink

RE: SPF record stopping emails. [In reply to]

Terry wrote on 5/7/2008 2:35:00 PM:

> If I kept it, any person that registers on my forum would not receive the
> registration confirmation email, sent by my server, without SPF, they can.

What are the hostnames and/or IPs of the mail server(s) you are using to send outgoing mail? (for instance, send yourself a message from your forum software, and look at the message header).

>>> "v=spf1 a mx ~all"
>>>
>>> The domain I'm trying to set up the SPF record is for tezandbabs.net

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Never test for an error that you don't know how to handle.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

usalabs14 at gmail

May 7, 2008, 3:31 PM

Post #7 of 11 (649 views)
Permalink

Re: SPF record stopping emails. [In reply to]

I can't even send or receive now, so I've removed the MX record and
associated A record, and blocked SMTP and POP3 in the firewall, and set my
forum for new user admin validation.

If I keep trying this and that, and sending test emails, I'm more likely to
be classed as spam and my IP address blacklisted, so if nothing works after
the 3rd attempt, it's time to give up trying.

I've set my email server for system messages only, i.e., cron jobs, php,
mysql, ftp and http error messages.

Before I posted my first message on the list, I've been trying for 2 days to
get the correct SPF record set up, but now even without it, emails can not
be sent or received via my server, that's what happens when I mess with
settings.

Thanks for everyone's help, but it's not going to work, unless a
professional is here to set up everything from scratch.

----- Original Message -----
From: "Steve Yates" <steve[at]teamITS.com>
To: <spf-help[at]v2.listbox.com>
Sent: Wednesday, May 07, 2008 1:05 PM
Subject: RE: [spf-help] SPF record stopping emails.

> Terry wrote on 5/7/2008 2:35:00 PM:
>
>> If I kept it, any person that registers on my forum would not receive the
>> registration confirmation email, sent by my server, without SPF, they
>> can.
>
> What are the hostnames and/or IPs of the mail server(s) you are using to
> send outgoing mail? (for instance, send yourself a message from your
> forum software, and look at the message header).
>
>
>>>> "v=spf1 a mx ~all"
>>>>
>>>> The domain I'm trying to set up the SPF record is for tezandbabs.net
>
>
> -----
> SPF FAQ: http://www.openspf.org/FAQ
> Common mistakes: http://www.openspf.org/FAQ/Common_mistakes
>
> - Steve Yates
> - ITS, Inc.
> - Never test for an error that you don't know how to handle.
>
> ~ Taglines by Taglinator - www.srtware.com ~
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: http://www.listbox.com/member/archive/1020/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

May 7, 2008, 10:54 PM

Post #8 of 11 (648 views)
Permalink

Re: SPF record stopping emails. [In reply to]

On Wed, May 7, 2008 at 11:31 PM, Terry <usalabs14[at]gmail.com> wrote:
> I can't even send or receive now, so I've removed the MX record and
> associated A record, and blocked SMTP and POP3 in the firewall, and set my
> forum for new user admin validation.

Keep in mind that DNS changes can take up to 24 hours to take effect.
However, I strongly doubt that SPF is at the heart of your problem.
If nothing else, it wouldn't have stopped you receiving email and
there should have been something in your mail server logs.

--
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

usalabs14 at gmail

May 7, 2008, 11:15 PM

Post #9 of 11 (649 views)
Permalink

Re: SPF record stopping emails. [In reply to]

Before I removed the MX and associated A records, I played around with the
SPF record, and found, that instead of using:-

"v=spf1 a mx ~all"

I used:-

"v=spf1 mx ~all"

This seemed to work for about an hour, then nothing.

----- Original Message -----
From: "Rob MacGregor" <rob.macgregor[at]gmail.com>
To: <spf-help[at]v2.listbox.com>
Sent: Wednesday, May 07, 2008 10:54 PM
Subject: Re: [spf-help] SPF record stopping emails.

> On Wed, May 7, 2008 at 11:31 PM, Terry <usalabs14[at]gmail.com> wrote:
>> I can't even send or receive now, so I've removed the MX record and
>> associated A record, and blocked SMTP and POP3 in the firewall, and set
>> my
>> forum for new user admin validation.
>
> Keep in mind that DNS changes can take up to 24 hours to take effect.
> However, I strongly doubt that SPF is at the heart of your problem.
> If nothing else, it wouldn't have stopped you receiving email and
> there should have been something in your mail server logs.
>
> --
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: http://www.listbox.com/member/archive/1020/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

May 7, 2008, 11:49 PM

Post #10 of 11 (643 views)
Permalink

Re: SPF record stopping emails. [In reply to]

On Thu, May 8, 2008 at 7:15 AM, Terry <usalabs14[at]gmail.com> wrote:
> Before I removed the MX and associated A records, I played around with the
> SPF record, and found, that instead of using:-
>
>
> "v=spf1 a mx ~all"
>
> I used:-
>
> "v=spf1 mx ~all"
>
> This seemed to work for about an hour, then nothing.

In that case, I'll say with a high degree of certainty that your
problem has nothing to do with SPF. That second record is a *subset*
of the first one. If the first record caused SPF rejections then the
second certainly would.

It could be lack of glue records (see my previous link to intoDNS) or
it could be something like firewalling or routing problems, or any
number of things, you *really* need to review your mail logs. Try
http://www.mxtoolbox.com/index.aspx and see the blacklist page, as
you're on a number of them. Their diagnostics show that your server
is at least responding.

--
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

scott at kitterman

May 8, 2008, 9:37 AM

Post #11 of 11 (641 views)
Permalink

Re: SPF record stopping emails. [In reply to]

On Wed, 7 May 2008 12:35:00 -0700 "Terry" <usalabs14[at]gmail.com> wrote:
>I'm using postfix together with procmail.
>
>The reason there's no current SPF, is because I removed it, until I can
find
>a solution.
>
>If I kept it, any person that registers on my forum would not receive the
>registration confirmation email, sent by my server, without SPF, they can.
>
>I'm not sure why 2 of the 4 dns servers are down, but in the mean time,
I'll
>contact the service admin and find out why.
>

It sounds to me like you have a Postfix issue. You might want someone who
knows about Postfix and SPF to look into the details of your setup.

http://www.spfconsulting.com/

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com