danny at easynetworks
Oct 21, 2009, 10:14 PM
Post #15 of 37
(155 views)
Permalink
|
Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
I just don’t know how to set out the txt record.
Danny
-----Original Message-----
From: Alan Doherty [mailto:alan[at]alandoherty.net]
Sent: Thursday, 22 October 2009 2:17 PM
To: spf-help[at]v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2
At 03:58 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, I am the systems engineer of every facet of our domains. Yes, I am the hostmaster.
>
>Yes I have access to our public & private dns records.
>
>We use www.ods.org as our nameservers & delegation.
then complete step 1 as given and I'll test/verify it when done
create the dns entry below
_spf.easynetworks.com.au. IN TXT "v=spf1 a:mail.webconnect.com.au -all"
This is in standard bind format,
if it is parsing/understanding this string that is the source of the problem?
or whatever the problem is with following the instructions please elaborate.
>Danny
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan[at]alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help[at]v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss[at]alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help[at]v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss[at]alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help[at]v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support[at]ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
1
