Facebook
Twitter
D
davetidwell
Guest
Hi everyone,
I'm running a fedora core 6 root server with Plesk 8.2. I am having a challenge configuring and setting up Sender Policy Framework in a manner that works!
There are two sides to the problem;
1 - Setting up SPF protection on the inbound side
I have configured my server as follows via the plesk control panel;
Switch on SPF spam protection is enabled
SPF Checking mode = Reject mails when SPF resolves to "softfail"
SPF Local Rules = include:trusted.forwarder.org
SPF Guess = a/24 mx/24 ptr
SPF Explanation Text = Sender Policy Framework Failure!! Your mail will not be accepted by this server. Please use a valid email host with public A and MX records to send mail to me!
I also have spam protection based on DNS blackhole lists as ON with the following zones;
sbl.spamhaus.org;zen.spamhaus.org;dnsbl.ahbl.org;combined.rlb.msrbl.net;relays.mail-abuse.org
Despite all of these settings my server doesn't appear to be rejecting mail where I can clearly see in the headers that the mail has failed the SPF check with a SoftFail. Have I misconfigured something? Is there a way to test the configuration fails for typo's, white space or bad declarations on the SPF areas?
Secondly - and probably most importantly I attempted to add a TXT DNS record to cover SPF on the outbound side.
Method - I used the DNS Template functions available on the main server Plesk Control Panel to create a new DNS template for SPF features.
The Method used was to add the following record tempate;
<domain>.TXT "v=spf1 a mx mx:mail.<domain> IP4:<ip> -all" and the new TXT DNS mask is accepted by the server. Please note irrespective of whether or not I enter the string with ""'s or not I do not see any errors created. I've attempted setting up the new DNS template both with and without the ""'s in the string declaration and it seems to make zero different.
Then, at each hosted domain on the server I recover the DNS to default, causing the local domain to recreate its DNS records based on the new template. This works without failure.
The trouble is it just doesn't work! If I then go to a DNS or SPF testing function and test the domains or the server they all FAIL the SPF test - indicating no suitable TXT DNS record found.
Can you smart folks perhaps help me out with this? SPAM is such a horrendous hassle that I'm keen to do my bit, irrespective of whether or not you happen to believe that SPF has a role to play
There's arguments both ways - but in any case, I'm really keen to prevent spammers from spoofing my domain names in their outbound mail campaigns - ending up with my domain users getting blacklisted in the worst case when they are doing nothing wrong! Ahm, yeah, I do have POP3 locks and requiring authentication on all domains for the purposes of sending mail via the domains on the machine.
Looking forward to your best recommendations and help!
Thanks
Dave Tidwell
Toronto, Canada
I'm running a fedora core 6 root server with Plesk 8.2. I am having a challenge configuring and setting up Sender Policy Framework in a manner that works!
There are two sides to the problem;
1 - Setting up SPF protection on the inbound side
I have configured my server as follows via the plesk control panel;
Switch on SPF spam protection is enabled
SPF Checking mode = Reject mails when SPF resolves to "softfail"
SPF Local Rules = include:trusted.forwarder.org
SPF Guess = a/24 mx/24 ptr
SPF Explanation Text = Sender Policy Framework Failure!! Your mail will not be accepted by this server. Please use a valid email host with public A and MX records to send mail to me!
I also have spam protection based on DNS blackhole lists as ON with the following zones;
sbl.spamhaus.org;zen.spamhaus.org;dnsbl.ahbl.org;combined.rlb.msrbl.net;relays.mail-abuse.org
Despite all of these settings my server doesn't appear to be rejecting mail where I can clearly see in the headers that the mail has failed the SPF check with a SoftFail. Have I misconfigured something? Is there a way to test the configuration fails for typo's, white space or bad declarations on the SPF areas?
Secondly - and probably most importantly I attempted to add a TXT DNS record to cover SPF on the outbound side.
Method - I used the DNS Template functions available on the main server Plesk Control Panel to create a new DNS template for SPF features.
The Method used was to add the following record tempate;
<domain>.TXT "v=spf1 a mx mx:mail.<domain> IP4:<ip> -all" and the new TXT DNS mask is accepted by the server. Please note irrespective of whether or not I enter the string with ""'s or not I do not see any errors created. I've attempted setting up the new DNS template both with and without the ""'s in the string declaration and it seems to make zero different.
Then, at each hosted domain on the server I recover the DNS to default, causing the local domain to recreate its DNS records based on the new template. This works without failure.
The trouble is it just doesn't work! If I then go to a DNS or SPF testing function and test the domains or the server they all FAIL the SPF test - indicating no suitable TXT DNS record found.
Can you smart folks perhaps help me out with this? SPAM is such a horrendous hassle that I'm keen to do my bit, irrespective of whether or not you happen to believe that SPF has a role to play
There's arguments both ways - but in any case, I'm really keen to prevent spammers from spoofing my domain names in their outbound mail campaigns - ending up with my domain users getting blacklisted in the worst case when they are doing nothing wrong! Ahm, yeah, I do have POP3 locks and requiring authentication on all domains for the purposes of sending mail via the domains on the machine.Looking forward to your best recommendations and help!
Thanks
Dave Tidwell
Toronto, Canada
