Tuesday, February 23, 2016

domain name system - SPF Record - Sender server SPF record permerror



I cannot seem to get a SPF record working for a client of ours, Google mail keeps failing on the lookup.



My SPF record is




v=spf1 a ip4:80.74.254.215 include:mx1.helloevery1.co.uk include:_spf.google.com include:smtproutes.com include:smtpout.com





The clients main mail server are




smtproutes.com and smtpout.com




These are working fine, SPF passes as expected.



mx1.helloevery1.co.uk is our mail server. It is a simple ISPConfig Postfix setup. We send all mail through 1 account, let's say that is "noreply@example.com".




There is a username and password set up to send through but we change the "from" address in our application. The from address is "enquiry@clientdomain.com".



"enquiry@clientdomain.com" is not set up on mx1.helloevery1.co.uk. It is only on the client servers.



When I send through my SMTP server from the site, I am receiving the following error when I send to my email account.




Received-SPF: permerror (google.com: permanent error in processing during lookup of enquiry@clientdomain.com) client-ip=212.71.234.103;



Authentication-Results: mx.google.com;

spf=permerror (google.com: permanent error in processing during lookup of enquiry@clientdomain.com) smtp.mail=enquiry@clientdomain.com




This looks like it is trying to lookup the domain on my SMTP server (where is not is configured). If I were to set up the domain on my SMTP server and create an account then when I send through my SMTP server then it will try to deliver it locally.



I've always assumed that SPF was just a verification tool to say which server is allowed to send but never really took into account the email it is coming from.



I'm stuck as I can't find a resource on SPF record creation that I can relate to


Answer



An SPF record states which mailservers are allowed to send mail from the sending domain. Basicly, what is in the from: address.




So if you have someone sending mail as "ninja@ninja.com" and the receiving mailserver checks SPF, it looks for an SPF record on "ninja.com" to see if the sending mailserver is listed.



Does this answer your question ?


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...