I have somedomain.com on IP 1.1.1.1
I send/receive mail using Outlook connecting to mail.somedomain.com
So my DNS records for somedomain.com are the typical:
www.somedomain.com >>> A >>> 1.1.1.1
somedomain.com >>> A >>> 1.1.1.1
somedomain.com >>> MX >>> mail.somedomain.com
mail.somedomain.com >>> A >>> 1.1.1.1
But I also send some mails (using directly PHP mail function) from another server that is on anotherdomain.com and IP 2.2.2.2
I tried to setup SPF record using Microsoft wizard (the old days Open SPF wizard does NOT work anymore)
The SPF created by the wizard is this:
v=spf1 a mx ip4:1.1.1.1 mx:mail.somedomain.com ip4:2.2.2.2 -all
But I get some mails returning back when sent from 2.2.2.2 with the message: SPF Failed - not authorized message
Do you know what the right SPF value is for this scenario?
EDIT 1: as asked by Minsuk Song I post the SPF failed message
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
private@tiscali.it
SMTP error from remote mail server after MAIL FROM: SIZE=120379:
host imp-3.mail.tiscali.it [213.205.33.247]: 550 5.1.0 SPF Failed - not authorized
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 116808 characters long; only the first
------ 106496 or so are included here.
Return-path:
Received: from mild by server081.mildfred.com with local (Exim 4.77)
(envelope-from )
id 1SRRp1-001a8D-8Z; Mon, 07 May 2012 13:34:07 -0400
To:
Subject: ...
EDIT 2: as correctly noticed by nickgrim when I send mail from IP 2.2.2.2 I send them using an address that is on the somedomain.com (which is on IP 1.1.1.1). The reason I do this is that in case the mail gets rejected for any reason (as it happened) I get notified on an existing address
.
Answer
At first, correct SPF record for your domain somedomain.com
is...
somedomain.com. IN TXT "v=spf1 mx ip4:2.2.2.2 -all"
which means you will send mails only from your mail server (defined in MX record) mail.somedomain.com
or a host with ip address 2.2.2.2
.
And these mails should have somedomain.com
in their "HELO" or "MAIL FROM" identity during mail transactions.
Marco, would you show the mail header that returned as authorization failed?
No comments:
Post a Comment