Menu
▾
▴
[webmin-l] SPF bind appears wrong and doesn't update slave
|
From: Unknown Q. <web...@un...> - 2005-12-17 13:19:10
|
Hi i've come across a problem with the SPF records in Bind - not sure when it happened, because it was OK before i've just upgraded from Webmin 1.230 to 1.250 but that hasn't solved the problem basically i'm trying to stop AOL bouncing e-mails back because the domain doesn't have an SFP record the domains i'm using all have SPF records on the Master server's Bind set to domain.tld. IN TXT "v=spf1 a mx ~all" and these used to get pushed across to the Slave Bind on the 2nd server however, none of the domain's slave bind records now show the SFP / TXT field - it's just blank i've tried to force updates etc but nothing will push the record from the master to the slave (i've created extra A & MX records to test that other fields get pushed across OK and they work OK) STOP PRESS looking at the slave bind record via https://slave IP:10000/bind8/edit_slave.cgi?index=NNN it only shows the TXT record field as being empty but looking at the slave bind record via https://slave IP:10000/bind8/view_text.cgi?index=NNN&view= does show the line TXT "v=spf1 a mx ~all" so now i'm really confused as to what is the correct live data being output to the world normally i manually create the bind record on the master server and include the line domain.tld. IN TXT "v=spf1 a mx ~all" but i see now that you've got the editable fields for the SPF records but i think you've also got one of the field options WRONG looking at https://master IP:10000/bind8/edit_recs.cgi?index=24&view=&type=SPF you've got a drop-down box for the Action for other senders it gives these options Disallow (-all) Disallow (~all) i think this should say DISCOURAGE Neutral (?all) Allow (+all) Default looking at http://www.openspf.org/mechanisms.html it appears that the settigns should = - fail ~ softfail + pass ? neutral but http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ explains it as +all = Yes; mail may legitimately originate from IP addresses not identified above. -all = No; this domain sends mail only from the IP addresses identified above. ?all = Neutral; this domain makes no statement about whether mail may legitimately originate from IP addresses not identified above. ~all = Discouraged; mail may legitimately originate from IP addresses not identified above, however, use of such IP addresses is discouraged and may not be permitted in the future. there also appears to be a potential problem on the horizon with the 2 versions of SPF spf1 & spf2 should Webmin's bind be able to produce records for both types of SPF record? whilst i'm looking at this i've also come across another minefield http://antispam.yahoo.com/domainkeys Jamie - do you have any plans to implement tools for this into Webmin / Virtulamin sorry to have rambled on so much Regards Martyn |
