1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Setting up SPF for outgoing Emails

Discussion in 'Plesk for Linux - 8.x and Older' started by Peter J. Walker, Feb 5, 2009.

  1. Peter J. Walker

    Peter J. Walker Guest

    0
     
    Hi,
    I am new to Plesk 8.6 which is running on a Suse Linux server. I am no expert, just trying to get everything running properly. I do not have a licence for SpamAssassin installed (costs extra).

    I have a number of domains on my server and I want to setup my SPF record correctly. Here is what I have done so far and unfortunately it does not seem to be working. I hope someone can tell me what to do to get this up and running properly as I get a lot of spam on one of my accounts. I use Spam Arrest to kill my incoming spam. However as a lot of the incoming spam is declared as coming from my own Email addresses, I am hoping the SPF record can help to stop that. I have also had spammers using my domain name to send out spam to others (however NOT from my server).

    Anyway, this is what I have done so far (I have substituted mydomain.com for the real domain name):

    1. Used http://old.openspf.org/wizard.html to create a suitable SPF entry.
    2. Entry supplied was: "v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all"
    3. In Plesk 8.6, I went to Domains / mydomain.com / DNS Settings
    4. Clicked on "Add Record"
    5. Record type: TXT
    6. Enter domain name: mail (.mydomain.com was already there)
    7. Enter TXT record: v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all
    8. OK
    9. Then clicked on the Update button to update the DNS records.

    I also made the following additional settings:

    Under Server / Mail

    DomainKeys spam protection
    Allow signing outgoing mail = On
    Verify incoming mail = On

    Switch on SPF spam protection
    SPF checking mode: Reject mails when SPF resolves to "fail" (deny)
    SPF local rules: include:spf.trusted-forwarder.org
    SPF guess rules: a/24 mx/24 ptr
    SPF explanation text: Your message was identified as Spam. If this is wrong please contact us directly

    Switch on spam protection based on DNS blackhole lists
    DNS zones for DNSBL service: sbl.spamhaus.org

    Under Domains / mydomain.com / Mail

    "Use DomainKeys spam protection system to sign outgoing e-mail messages" = On

    -----

    After all that, DomainKeys and SPF should now be set and operating for mydomain.com, but that does not appear to be the case.

    Using Outlook 2003, I sent myself the Microsoft test mail (Tools / E-mail accounts, etc. "Test Account Settings")

    The header of that Email contains the following entries:

    DomainKey-Status: no signature
    Received-SPF: none(mydomain.com: mydomain.com does not designate permitted sender hosts)

    I used http://www.politemail.com/check-spf.aspx to check my SPF and that also tells me I have no SPF record.

    -----------
    My DNS settings for mydomain.com are (xxx.xxx.xxx.198 is my server IP):

    xxx.xxx.xxx.198 / 24 PTR mydomain.com.
    _domainkey.mydomain.com. TXT o=-
    default._domainkey.mydomain.com. TXT p=MHww..... ;
    ftp.mydomain.com. CNAME mydomain.com.
    mydomain.com. NS ns.mydomain.com.
    mydomain.com. A xxx.xxx.xxx.198
    mydomain.com. MX (10) mail.mydomain.com.
    mail.mydomain.com. A xxx.xxx.xxx.198
    mail.mydomain.com. TXT v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all
    ns.mydomain.com. A xxx.xxx.xxx.198
    webmail.mydomain.com. A xxx.xxx.xxx.198
    www.mydomain.com. CNAME mydomain.com.

    ---


    Please tell me how to fix it all so that both Domain Keys and SPF works properly.

    Regards

    Peter
     
  2. Cameleon

    Cameleon Guest

    0
     
    First of all, i would like to remind you that Domain Keys are not working yet !
     
  3. shall

    shall Regular Pleskian

    26
    57%
    Joined:
    Apr 2, 2007
    Messages:
    226
    Likes Received:
    0
    Don't include "mail", just leave that portion blank:
    Unless, of course, you actually send email as "joe@mail.mydomain.com"

    Also, disable the DomainKeys stuff. They don't work.
     
  4. David Alvarez

    David Alvarez Guest

    0
     
    Do I add the Domain Name

    For this line below:

    mail.mydomain.com. TXT v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all

    the ispdomain.com do I change that to the domain that I'm adding to the DNS. Example:

    mail.joesmith.com. TXT v=spf1 a mx include:joesmith.com include:spamarrest.com ~all

    Or leave it as ispdomain?

    Like this?
    mail.joesmith.com. TXT v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all

    Thanks for the help.
     
  5. shall

    shall Regular Pleskian

    26
    57%
    Joined:
    Apr 2, 2007
    Messages:
    226
    Likes Received:
    0
    First, unless you're sending email using "joe@mail.joesmith.com" you should be using this format:
    joesmith.com. TXT v=spf1 a mx ~all
    You do not need to include an include statement for the domain itself, which would only be redundant.

    If you want to allow spamarrest.com to relay mail for joesmith.com you can add that with an include:
    joesmith.com. TXT v=spf1 a mx include:spamarrest.com ~all

    If you also want to allow your ISP to relay mail on your behalf, you can add that with an include as well:
    joesmith.com. TXT v=spf1 a mx include:ispdomain.com include:spamarrest.com ~all

    However, you should make sure that the SPF records for those domains are setup correctly as well. We have a local ISP here that has their SPF record setup on the WRONG domain (idiots!), so instead of ispdomain.com, you would have to use ispdomain.net if you were to relay mal through them - even though all the email accounts are ".com" addresses.

    Finally, unless you've got some gestapo ISP that blocks all SMTP traffic on every port, you should always be able to send mail through your own domain - avoiding the need for an "include" statement. This is the best practice, because it means that unless your site gets hacked or something, your email won't suffer from the poor reputation of the ISP you use. AT&T, Hotmail, Yahoo and GMail regularly get added to spam lists for allowing spam to be sent across their networks. Smaller ISPs get hit this way, too, and often don't even know how to get themselves removed. Avoid allowing them to relay for you, and you'll eliminate one of the most common problems my own clients have had with sending business email.
     
  6. Michael_W

    Michael_W Guest

    0
     
    DomainKeys spam protection

    Is this not used or can I use it now? If it isn't used how can I set it up to use it? I'm trying to prevent my emails appearing as spam...and I found a link that said this is still unused.

    Thank you,
    Michael
     
Loading...