Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum
  Print view Previous topic | Next topic 
Author Message
Stever
 Post subject:
PostPosted: Mon Jul 26, 2010 3:41 pm 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
adrian18w wrote:
Ok, that didn't seem to work. Spf record not found "Received-SPF: neutral (google.com: 74.207.235.111 is neither permitted nor denied by best guess record for domain of www-data@mail.adrianm.com) client-ip=74.207.235.111;"

You are sending mail from www-data@mail.adrianm.com, so you need an SPF record for mail.adrianm.com. The SPF record for adrianm.com does not apply to subdomains.

Or you could change your config to make the mail from your server come from www-data@adrianm.com.
Top
   
Reply with quote  
adrian18w
 Post subject:
PostPosted: Tue Jul 27, 2010 5:15 am 
Offline
Senior Newbie

Joined: Sun Jan 03, 2010 1:09 pm
Posts: 13
Website: http://adrianm.com
Location: NJ, USA
Stever wrote:
adrian18w wrote:
Ok, that didn't seem to work. Spf record not found "Received-SPF: neutral (google.com: 74.207.235.111 is neither permitted nor denied by best guess record for domain of www-data@mail.adrianm.com) client-ip=74.207.235.111;"

You are sending mail from www-data@mail.adrianm.com, so you need an SPF record for mail.adrianm.com. The SPF record for adrianm.com does not apply to subdomains.

Or you could change your config to make the mail from your server come from www-data@adrianm.com.

So how can I create a spf for a subdomain in the Linode DNS manager?
Top
   
Reply with quote  
BrianJM
 Post subject:
PostPosted: Tue Jul 27, 2010 9:53 am 
Offline
Junior Member

Joined: Thu Jun 03, 2010 4:44 pm
Posts: 35
adrian18w wrote:
So how can I create a spf for a subdomain in the Linode DNS manager?


Take a look at this post: http://linode.com/forums/viewtopic.php?p=26166&sid=179baaa0559fa31b0e217592cbfdf35d#26166
Top
   
Reply with quote  
Stever
 Post subject:
PostPosted: Tue Jul 27, 2010 10:35 am 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
adrian18w wrote:
So how can I create a spf for a subdomain in the Linode DNS manager?


Add a new txt record, and set the "name" field in the linode DNS manager to the subdomain.

Quote:
- adrianm.com
name: mail
value: v=spf1 a -all

It is also good practice to set an SPF record for any hosts that do not send mail. So my normal SPF setup for a domain where I send and receive all mail for the domain on the same host will look something like so:
Code:
Name       Value
           v=spf1 mx -all
mail       v=spf1 a -all
www        v=spf1 -all

The first line means any mail from @example.com must originate from the server(s) that receive mail for @example.com.
The second line means mail from @mail.example.com must originate from the host mail.example.com, and it also means that any host that uses a HELO greeting of mail.example.com must match the IP for mail.example.com.
The last line says all mail claiming to be from @www.example.com should be discarded. Any host that has an A record but doesn't send mail can be given one of these lines.


Last edited by Stever on Tue Jul 27, 2010 10:58 am, edited 1 time in total.

Top
   
Reply with quote  
adrian18w
 Post subject:
PostPosted: Tue Jul 27, 2010 10:46 am 
Offline
Senior Newbie

Joined: Sun Jan 03, 2010 1:09 pm
Posts: 13
Website: http://adrianm.com
Location: NJ, USA
Stever wrote:
adrian18w wrote:
So how can I create a spf for a subdomain in the Linode DNS manager?


Add a new txt record, and set the "name" field in the linode DNS manager to the subdomain.

Quote:
- adrianm.com
name: mail
value: v=spf1 a -all


Doesn't work.

"The following errors were generated:
# Record conflict - CNAMES must be unique"

Thanks :)
Top
   
Reply with quote  
Stever
 Post subject:
PostPosted: Tue Jul 27, 2010 11:10 am 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
adrian18w wrote:
# Record conflict - CNAMES must be unique"

http://www.openspf.org/DNS#Resource-Record
Quote:
CNAME
roughly saying: "this is not an official name. Look there instead." If a domain has a CNAME RR, there cannot be another kind of RR (there's one exception, which will not be discussed here). For e-mail, and thus for SPF, you will need to look at the official domain name. Example: "alias.example.org. CNAME canonicalname.example.org." means you need to define an SPF policy for canonicalname.example.org and not for alias.example.org.


I would probably suggest that you change the CNAME you have in place for mail to an A record.
Top
   
Reply with quote  
adrian18w
 Post subject:
PostPosted: Tue Jul 27, 2010 11:34 am 
Offline
Senior Newbie

Joined: Sun Jan 03, 2010 1:09 pm
Posts: 13
Website: http://adrianm.com
Location: NJ, USA
Stever wrote:
adrian18w wrote:
# Record conflict - CNAMES must be unique"

http://www.openspf.org/DNS#Resource-Record
Quote:
CNAME
roughly saying: "this is not an official name. Look there instead." If a domain has a CNAME RR, there cannot be another kind of RR (there's one exception, which will not be discussed here). For e-mail, and thus for SPF, you will need to look at the official domain name. Example: "alias.example.org. CNAME canonicalname.example.org." means you need to define an SPF policy for canonicalname.example.org and not for alias.example.org.


I would probably suggest that you change the CNAME you have in place for mail to an A record.

Ok, so that would mean I would have to use an IP address instead of a domain. This might be a problem, because google wants you to use a CNAME when directing mail.adrianm.com to google apps (ghs.google.com), or I could just change the CNAME to mail1.adrianm.com.
Top
   
Reply with quote  
hoopycat
 Post subject:
PostPosted: Tue Jul 27, 2010 12:33 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
mail.adrianm.com can't be both the name of your server and an alias of ghs.google.com. The best long-term option might be to rename the server, since if it's not the mail server, it's confusing to call it "mail." (See RFC 1178 for guidance.) However, using something like ghs.adrianm.com as the alias for ghs.google.com would be a decently quick and technically valid fix.
Top
   
Reply with quote  
adrian18w
 Post subject:
PostPosted: Sun Aug 01, 2010 9:18 am 
Offline
Senior Newbie

Joined: Sun Jan 03, 2010 1:09 pm
Posts: 13
Website: http://adrianm.com
Location: NJ, USA
Ok, thanks guys. Everything works now :D
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Email/SMTP Related Forum


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group