Your spf record is broken: dovecot.org. 39942 IN TXT "v=spf1 a -all" -- Jim Flowers <jflowers at ezo.net> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Wed, 2007-11-28 at 11:17 -0400, Jim Flowers wrote:> Your spf record is broken: > > dovecot.org. 39942 IN TXT "v=spf1 a -all"Care to tell also why? dovecot.org's mails are sent from the same IP as its A record. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20071128/d2f9ce6e/attachment-0002.bin>
11/28/2007 7:17 AM Jim Flowers spake the following:> Your spf record is broken: > > dovecot.org. 39942 IN TXT "v=spf1 a -all" > > -- > Jim Flowers <jflowers at ezo.net> > >Checking to see if there is a valid SPF record. Found v=spf1 record for dovecot.org v=spf1 a -all evaluating... SPF record passed validation test with pySPF (Python SPF library)!on -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
> > Your spf record is broken: > > > > dovecot.org. 39942 IN TXT "v=spf1 a -all" > > Care to tell also why? dovecot.org's mails are sent from the same IP as > its A record.Hmmm. I would have listed mx as well but thats just me. But just listing a is likely better in that there are less lookups for the receiving system. One thing that bugs me is why we must now implement domainkeys on top of SPF. SPF pretty much does everything domainkeys does but simpler. Implementing domainkeys I hear will require Exim be recompilled on the machine it needs to be used on too. http://wiki.exim.org/DomainKeys Matt
I may be sorry I brought this up. There's nothing wrong with your TXT record. This server acts as a virus/spam processor for mail relayed from a legacy server (for historical reasons). It filters with MailScanner/SpamAssassin. Looking through the SpamAssassin debug code, it checks my relay as the 'Envelope-from' and fails on -all. Although the information is there, the SpamAssassin plugin isn't sophisticated enough to trace it back to the originating server. And, yes - it assigns a minor score (default 0.69) for SPF_FAIL and I don't lose any digests as Bayes just overwhelms it. As long as your unqualified domain name has an A record and a matching PTR record SPF should work just fine (as long as there aren't any relays in-between). Sorry for any inconvenience. Thanks for your excellent project. On Wed, 28 Nov 2007 17:28:32 +0200, Timo Sirainen wrote> On Wed, 2007-11-28 at 11:17 -0400, Jim Flowers wrote: > > Your spf record is broken: > > > > dovecot.org. 39942 IN TXT "v=spf1 a -all" > > Care to tell also why? dovecot.org's mails are sent from the same IP > as its A record.-- Jim Flowers <jflowers at ezo.net>