SPF doesn't work on rollernet MXes for my domain

Need help? Ask here.

Moderator: Moderators

Post Reply
sebiklamar
Posts: 8
Joined: Tue Oct 10, 2006 2:34 am

SPF doesn't work on rollernet MXes for my domain

Post by sebiklamar »

My SPF configuration is not respected by rollernet mail servers.

my SPF record for klamar.name:

Code: Select all

klamar.name.            3600    IN      TXT     "v=spf1 redirect=spf.iseja.net"
my SPF record for spf.iseja.net:

Code: Select all

spf.iseja.net.          3600    IN      TXT     "v=spf1 a:mail.iseja.net -all"
As you can see, the SPF configuration only (-ALL) allows mail.iseja.net as sending server.
This configuration was verified as working as of <mailto:check-auth@verifier.port25.com> and <http://www.dnsstuff.com/pages/spf.htm>.

However, the rollernet servers (I configured as backup mx) don't respect my SPF record:

Code: Select all

# connect from a host not listed in SPF record, here foo.example.com
$ telnet mail.rollernet.us 25
Trying 208.11.75.2...
Connected to mail.rollernet.us.
Escape character is '^]'.
220 mail.rollernet.us ESMTP Postfix
helo ...
250 mail.rollernet.us
mail from:<...@klamar.name>
250 2.1.0 Ok
rcpt to:<...@sebi.klamar.name>
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
When sending mail from another, SPF-enabled domain gmx.de SPF at rollernet works (configuration is "v=spf1 ip4:213.165.64.0/23 -all"):

Code: Select all

$ telnet mail.rollernet.us 25
Trying 208.11.75.2...
Connected to mail.rollernet.us.
Escape character is '^]'.
220 mail.rollernet.us ESMTP Postfix
helo ...
250 mail.rollernet.us
mail from:<...@gmx.de>
250 2.1.0 Ok
rcpt to:<...@sebi.klamar.name>
554 5.7.1 <...@sebi.klamar.name>: Recipient address rejected: Please see http://spf.pobox.com/why.html?sender=...%40gmx.de&ip=...&receiver=mail.rollernet.us
quit
221 2.0.0 Bye
Connection closed by foreign host.
What have I done wrong?


TIA -- SEBi
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

It looks fine now. We do run caching DNS servers, whereas dnsstuff does direct non-caching queries for most of its tests. If SPF was enabled before, it probably cached the null lookup for the TTL time.

Code: Select all

~$ telnet mail.rollernet.us 25
Trying 208.11.75.2...
Connected to mail.rollernet.us.
Escape character is '^]'.
220 mail.rollernet.us ESMTP Postfix
HELO whiskers.rollernet.us
250 mail.rollernet.us
mail from:<asdf@klamar.name>
250 2.1.0 Ok
rcpt to:<asdf@sebi.klamar.name>
554 5.7.1 <asdf@sebi.klamar.name>: Recipient address rejected: Please see http://spf.pobox.com/why.html?sender=asdf%40klamar.name&ip=208.11.75.226&receiver=mail.rollernet.us
Technical Support support@rollernet.us
Roller Network LLC
Post Reply