This shows you the differences between two versions of the page.
- | Both sides previous revision Previous revision Next revision |
- | system:annoyances [2021-04-27T01:35:30+0000] michael_paoli |
---|---|
+ | Previous revision Next revision Both sides next revision |
+ | system:annoyances [2021-04-27T02:27:03+0000] michael_paoli |
@@ Line -479,3 +479,55 @@ | |
add trailing " -all" for those that don't have it | |
Our active sending TTLs look rather short, should probably nudge 'em up to ... 3600 or so? ... at least after they're tested out okay. | |
</file> | |
<file> | |
And after updating, we have: | |
balug.org. 3600 IN TXT "v=spf1 ip4:96.86.170.229 ip6:2001:470:1f05:19e::2 -all" | |
lists.balug.org. 3600 IN TXT "v=spf1 ip4:96.86.170.229 ip6:2001:470:1f05:19e::2 -all" | |
tmp.balug.org. 3600 IN TXT "v=spf1 ip4:96.86.170.228 ip6:2001:470:1f05:19e::f -all" | |
berkeleylug.com. 172800 IN TXT "v=spf1 -all" | |
sf-lug.com. 172800 IN TXT "v=spf1 -all" | |
sf-lug.net. 172800 IN TXT "v=spf1 -all" | |
sflug.com. 172800 IN TXT "v=spf1 -all" | |
sflug.net. 172800 IN TXT "v=spf1 -all" | |
sflug.org. 86400 IN TXT "v=spf1 -all" | |
So ... that now looks better. | |
And let's do a little retest on our earlier: | |
$ spfquery --scope mfrom --identity balug.org --ip-address $(dig +short balug.org. A); echo "$?" | |
pass | |
balug.org: 96.86.170.229 is authorized to use 'balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched) | |
balug.org: 96.86.170.229 is authorized to use 'balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched) | |
Received-SPF: pass (balug.org: 96.86.170.229 is authorized to use 'balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from=balug.org; client-ip=96.86.170.229 | |
0 | |
$ spfquery --scope mfrom --identity lists.balug.org --ip-address $(dig +short balug.org. A); echo "$?" | |
pass | |
lists.balug.org: 96.86.170.229 is authorized to use 'lists.balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched) | |
lists.balug.org: 96.86.170.229 is authorized to use 'lists.balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched) | |
Received-SPF: pass (lists.balug.org: 96.86.170.229 is authorized to use 'lists.balug.org' in 'mfrom' identity (mechanism 'ip4:96.86.170.229' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from=lists.balug.org; client-ip=96.86.170.229 | |
0 | |
$ spfquery --scope mfrom --identity balug.org --ip-address 8.8.8.8; echo "$?" | |
fail | |
Please see http://www.openspf.org/Why?s=mfrom;id=balug.org;ip=8.8.8.8;r=balug-sf-lug-v2.balug.org | |
balug.org: Sender is not authorized by default to use 'balug.org' in 'mfrom' identity (mechanism '-all' matched) | |
Received-SPF: fail (balug.org: Sender is not authorized by default to use 'balug.org' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from=balug.org; client-ip=8.8.8.8 | |
1 | |
$ spfquery --scope mfrom --identity lists.balug.org --ip-address 8.8.8.8; echo "$?" | |
fail | |
Please see http://www.openspf.org/Why?s=mfrom;id=lists.balug.org;ip=8.8.8.8;r=balug-sf-lug-v2.balug.org | |
lists.balug.org: Sender is not authorized by default to use 'lists.balug.org' in 'mfrom' identity (mechanism '-all' matched) | |
Received-SPF: fail (lists.balug.org: Sender is not authorized by default to use 'lists.balug.org' in 'mfrom' identity (mechanism '-all' matched)) receiver=balug-sf-lug-v2.balug.org; identity=mailfrom; envelope-from=lists.balug.org; client-ip=8.8.8.8 | |
1 | |
$ | |
So, that looks much better now. | |
</file> | |
<file> | |
wordpress also sends mail: | |
From www-data@balug.org Tue Apr 27 02:12:48 2021 | |
From: WordPress <wordpress@berkeleylug.com> | |
So, @berkeleylug.com needs to be set up to send - and at least minimally receive, email (e.g. postmaster ...) | |
So, ... SPF first, as that has the longer TTL presently ... | |
from: | |
berkeleylug.com. 172800 IN TXT "v=spf1 -all" | |
to: | |
berkeleylug.com. 3600 IN TXT "v=spf1 ip4:96.86.170.229 ip6:2001:470:1f05:19e::2 -all" | |
</file> |