• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs SPF record creation not working correctly

T

TomBoB

Regular Pleskian
User name: TomBoB

TITLE

SPF record creation not working correctly

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.7.1908 (Core)‬
Product Plesk Obsidian
Version 18.0.24

PROBLEM DESCRIPTION

under specific circumstances, the SPF record is not created, or is created faulty, when a subscriptions DNS settings are reset to the servers DNS template.

STEPS TO REPRODUCE

server configured with one ipv4 and one ipv6 address and enabled and used for every subscription.

pick a subscription with
Hosting type: Forwarding
forwarding type: Moved permanently (code 301)
[Mail is enabled and used]

then attempt to restore DNS settings to servers DNS template.

that subscriptions DNS settings
reset to default

> only shows ipv4, ipv6 is set to none
1) if you leave as is, and restore default, no SPF record is created
or
2) keep ipv4 as is, choose the ipv6 from dropdown menu
SPF record is created but faulty: v=spf1 mx ip4:<ip.mail> ip6:realipv6 ~all

-
the servers DNS template:
<domain>. NS ns1.digitalocean.com.
<domain>. NS ns2.digitalocean.com.
<domain>. NS ns3.digitalocean.com.
<domain>. A <ip.web>
<domain>. AAAA <ipv6.web>
<domain>. MX (10) <domain>.
<domain>. TXT v=spf1 mx ip4:<ip.mail> ip6:<ipv6.mail> ~all
_dmarc.<domain>. TXT v=DMARC1; p=reject
ftp.<domain>. CNAME <domain>.
mail.<domain>. A <ip.mail>
mail.<domain>. AAAA <ipv6.mail>
webmail.<domain>. A <ip.webmail>
webmail.<domain>. AAAA <ipv6.webmail>

ACTUAL RESULT

no, or faulty SPF record is created

EXPECTED RESULT

correct SPF record is created

ANY ADDITIONAL INFORMATION

easy to correct by manually adding correct SPF record; but would be nice if it worked as intended out the box.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
TomBoB said:
> only shows ipv4, ipv6 is set to none
1) if you leave as is, and restore default, no SPF record is created
Click to expand...
It is expected behavior.
For example, the pattern "<domain>. AAAA <ipv6>" should not be inserted in the zone, when there is no ipv6 for the domain, right?
I guess, "<domain>. TXT v=spf1 mx ip4:<ip.mail> ip6:<ipv6.mail> ~all" with an empty string instead of "<ipv6.mail>" would be incorrect record, but I did not check it.
TomBoB said:
2) keep ipv4 as is, choose the ipv6 from dropdown menu
SPF record is created but faulty: v=spf1 mx ip4:<ip.mail> ip6:realipv6 ~all
Click to expand...
I agree, it looks incorrect.
The bug is created: PPPM-11665
 
Hi Igor,

further to above, I think there is an underlying issue. Came across it during maintenance.

Again ipv4 and ipv6 is set up server wide for all sites. Under tools & settings, ip addresses, there are 140 sites using ipv4, but only 138 using ipv6. A comparison showed that the two sites missing from the ipv6 listing are exactly two sites that have above
> forwarding type:
> Moved permanently (code 301)
and show the odd ipv6 display of
> only shows ipv4, ipv6 is set to none

when checking those two sites with https://ipv6-test.com/validate.php it shows that ipv6 is in fact working correctly.

So in short, it appears that subscriptions with a hosting type of forwarding (301) somehow aren't correctly included in Plesks internal ipv6 usage referencing. Which then seems to lead to above issue further down the line.

Thought it might help
 
You must log in or register to reply here.

Similar threads

C
Issue SPF record munged in update
Replies
3
Views
1K
Dave W
Dave W
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
711
cmartinez127
C
P
Issue SPF error sending IP 127.0.0.1
Replies
8
Views
2K
Peter Debik
P
T
Resolved Lets Encrypt renewal - wildcard seems to want to use http challenge
Replies
2
Views
1K
TomBoB
T
C
Resolved Webmail will not resolve on new domain
Replies
4
Views
1K
Ch3vr0n
C
Back
Top