SPF with server IP or Domain IP?

J

janton

Verified User
Joined
Sep 17, 2009
Messages
145
Hello All,

After reading into all the email adjustments on this forum i now understand i need to have:
SPF
DKIM


But after changing this all hotmail and gmail still tells me it's incorrect for the domain i intended to get correctly configured. Because when i send a email from my server domain it says all pass:

Here the CORRECT code i have with my main server domain when i send a mail from there
Code: 
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 11.11.11.111) [email protected]; dkim=pass header.d=domainx.nl; x-hmca=pass
X-Message-Status: n:0:n
X-SID-PRA: Bla - Janton <[email protected]>
X-DKIM-Result: Pass
X-AUTH-Result: PASS
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: NhFq/7gR1vSB3Hsu7yuiqdiS3o1dCMIxmLd1DI1Six7uJxjS6s+Eufte8Z9QASMpV17BaNiqqYIBvJtSd05aa8ZK/J47CLWQYhiyAY/+YJSIsoW6Ni26MBq81wh91fnG
Received: from vps1.domainx.nl ([11.11.11.111]) by COL0-MC3-F23.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Mon, 19 Dec 2011 11:49:49 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=domainx.nl; s=x;
	h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=tavyMhDr/KLsCokcXlqnDxKSO3SvWe9Cme7+d4++W2E=;
	b=AbY30dDiBxvH+vihtz8GdEBeKffCPJ1Vspl0wV4J3JQ35PAra5yugbaGReNVNNtz/pTxCdZkOJkQFO2SMET4g7noOxV5FLf5ii1h1UtHBHbgEqfYQ+aA+ftMhzSSrTqm;


But if i send from my other domain (so a domain with a different IP)
Code: 
x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnjvpvcDb633lOmLaZ5hEL/B8t2WYWD3ZHLv7yzJUMP7z3aqhQNe8w1ndGgyzvY6mgqXUYWxoPNWOxKYGdWztn5g==
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 11.11.11.111) [email protected]; dkim=permerror header.d=domain.com; x-hmca=none
X-Message-Status: n:0:n
X-SID-PRA: Support Vla <[email protected]>
X-DKIM-Result: PermError
X-AUTH-Result: NONE
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: NhFq/7gR1vRkBBa9+Gb4DOPrV6RhcUCnALglDT8mH/9X5i8KdHXFb6Mop5GQb8kPaopuHzabaAExHFgZhN2yqt44xA+nn3/Aq1Yz0hcg3Tv/t5hD8/tUWOI0BDfpQxJdsp9JDX4rhJI=
Received: from vps1.domain.nl ([11.11.11.111]) by COL0-MC1-F14.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Tue, 20 Dec 2011 01:55:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=domain.com; s=x;
	h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=6FkMvDnY0iUyHSqSRoxsTIrXb4Js85NTwql9USBbmeE=;
	b=eyqee3jr9YROEnZJODgnUXz0I4nO48BHRE9uYURNPJK3KuRWkkR2Wb+1yu3OvHXj37NTCoPhNV90o7jl7O8/Xvw4tOgt/qbnf0A3HBJbpa9uQ5xHzOzci+pKSj4L3AzF;

i see in both DNS settings the same line:
domainx.nl. TXT "v=spf1 a mx ip4:11.11.11.111 -all"
and
domain.com.TXT "v=spf1 a mx ip4:11.11.11.111 -all"

but shouldn't be the DNS settings for domain.com. have a different ip? or should it have the ip from the server and not from the domain?


when i check my SPF with:
dig domain.com txt

domain.com. 10667 IN TXT "=spf1 a mx ip4:11.11.11.111 -al"


Somehow i see "al" and not "all" > but i see "all" in my DNS in directadmin? also when i check it with a external site i see "-all" so maybe this hasn't got to do with any of this.
 
i get different results from testing sites:

Known SPF records: "=spf1 a mx ip4:11.11.11.111 -al"

(This doesn't seems to be a valid SPF record.)
 
Also i found this information, with my main server domain it respons correct but with the domain.com it doesn't return "Authoritative answers can be found from" :

Code: 
-bash-3.2# nslookup -q=txt x._domainkey.domainx.nl
Server:         194.60.207.52
Address:        194.60.207.52#53

Non-authoritative answer:
x._domainkey.domainx.nl  text = "v=DKIM1\; k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAK8KlnUXYsrLIKp/LIQ7BnII2h79iteP9VlpsEFtm8KzvFP4hTCVUzgtg4j9CEZ5oOzC7Yk5No5kPv3lNfWdFjNr5vPcnhY5B0HeSJAyPZqV6sUYvqWia/j8nOyoSyoYKwIDAQAB"

Authoritative answers can be found from:
domainx.nl       nameserver = ns2.domainx.nl.
domainx.nl       nameserver = ns1.domainx.nl.
ns1.domainx.nl   internet address = 11.11.11.11
ns2.domainx.nl   internet address = 11.11.11.121

See here below the trouble maker:

Code: 
-bash-3.2# nslookup -q=txt x._domainkey.domain.com
Server:         194.60.207.52
Address:        194.60.207.52#53

Non-authoritative answer:
x._domainkey.domain.com text = "=DKIM1\; k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALY6jpDFBakO1cuJtebMUM+DrLmVv3B4TdUjimSH0kg6WZxCSHxjqzuh4mgk+1Qri4TIK6d3VIxd+cFNWIeJVZ2wK1/jCteipFFB+1WEzT6dCmfIo4vKYzN3uipUsDmYIwIDAQA"

Authoritative answers can be found from:

With the other one it gives more information?
 
Last edited:
I have located the DKIM problem but it seems simular to my prefious SPF problem :S

somehow the first and last letter is deleted in the dns? very very straing? perhaps a bug?

i see this in my DNS in directadmin
"v=spf1 a mx ip4:11.11.11.111 -all"

but when i type:
dig domain.com txt
i get:
"=spf1 a mx ip4:11.11.11.111 -al"


And now it seems that my KDIM has the simular problem:
http://dkimcore.org/c/keycheck

i see:
=DKIM1; k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALY6jpDFBakO1cuJtebMUM+Dr
LmVv3B4TdUjimSH0kg6WZxCSHxjqzuh4mgk+1Qri4TIK6d3VIxd+cFNWIeJVZ2wK1/jCteipFF
B+1WEzT6dCmfIo4vKYzN3uipUsDmYIwIDAQA


but when i look in my DNS i see:
"v=DKIM1; k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALY6jpDFBakO1cuJtebMUM+DrLmVv3B4TdUjimSH0kg6WZxCSHxjqzuh4mgk+1Qri4TIK6d3VIxd+cFNWIeJVZ2wK1/jCteipFFB+1WEzT6dCmfIo4vKYzN3uipUsDmYIwIDAQAB"



What the ???
 
Perhaps this is no problem and DNS information need to be updated on all world machines?

Because somehow i now get a "pass" in gmail, but in hotmail i still see a dkim=permerror and X-AUTH-Result: NONE
 
Last edited:
It seems I found the issue, I had a zonetransfer for my DNS this wasn't going well.. I now changed it all back so it only works with my own nameserver, so now i will try to figure out what i did wrong for the zonetransfer.
 
You must log in or register to reply here.
Back
Top