I have set up an email server using the info at http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 and at http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1 My outgoing SPF appears to not be set right. I am using PHPMailer on machine1, which connects to a postfix smtp server on machine2. If I set the From: address to [email protected], gmail gives the following headers which include a "temporary" SPF failure which has occured for well over a week. Code: Delivered-To: [email protected] Received: by 10.142.214.8 with SMTP id m8cs41243wfg; Thu, 6 Mar 2008 11:17:35 -0800 (PST) Received: by 10.100.135.16 with SMTP id i16mr305334and.96.1204831053926; Thu, 06 Mar 2008 11:17:33 -0800 (PST) Return-Path: <[email protected]> Received: from machine2.domain.com ([75.126.130.115]) by mx.google.com with ESMTP id d21si5874680and.30.2008.03.06.11.17.21; Thu, 06 Mar 2008 11:17:33 -0800 (PST) Received-SPF: error (google.com: error in processing during lookup of [email protected]: DNS timeout) client-ip=75.126.130.115; DomainKey-Status: good (test mode) Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of [email protected]: DNS timeout) [email protected]; domainkeys=pass (test mode) [email protected] Received: from localhost (unknown [127.0.0.1]) by machine2.domain.com (Postfix) with ESMTP id 1F10615880F9 for <[email protected]>; Thu, 6 Mar 2008 19:17:21 +0000 (UTC) X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 machine2.domain.com 1F10615880F9 DomainKey-Signature: a=rsa-sha1; s=default; d=domain.com; c=simple; q=dns; b=zwz8iw1m96SILh6Fnvb5mmHUHAv8KZ347e0Ff3YI7NYaaYqG6EmRmJpkZ4v7n7cpk MNy1fn2/z9W+dALWfOGQg== X-Virus-Scanned: amavisd-new at localhost.localdomain Received: from machine2.domain.com ([127.0.0.1]) by localhost (machine2.domain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A12UdWHLGcRl for <[email protected]>; Thu, 6 Mar 2008 13:17:12 -0600 (CST) Received: from localhost.localdomain (domain.com [75.126.130.114]) by machine2.domain.com (Postfix) with ESMTP id 0595215880EA for <[email protected]>; Thu, 6 Mar 2008 13:17:12 -0600 (CST) X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 machine2.domain.com 0595215880EA Date: Thu, 6 Mar 2008 11:17:11 -0800 To: [email protected] From: [email protected] Subject: Someone sent you a private message... Message-ID: <[email protected]> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" If I set the From: address to [email protected], I get a "neutral" result: Code: Delivered-To: [email protected] Received: by 10.142.214.8 with SMTP id m8cs41741wfg; Thu, 6 Mar 2008 11:25:39 -0800 (PST) Received: by 10.100.254.18 with SMTP id b18mr440279ani.13.1204831538332; Thu, 06 Mar 2008 11:25:38 -0800 (PST) Return-Path: <[email protected]> Received: from machine2.domain.com ([75.126.130.115]) by mx.google.com with ESMTP id c23si5057562ana.15.2008.03.06.11.25.37; Thu, 06 Mar 2008 11:25:38 -0800 (PST) Received-SPF: neutral (google.com: 75.126.130.115 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=75.126.130.115; DomainKey-Status: good (test mode) Authentication-Results: mx.google.com; spf=neutral (google.com: 75.126.130.115 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]; domainkeys=pass (test mode) [email protected] Received: from localhost (unknown [127.0.0.1]) by machine2.domain.com (Postfix) with ESMTP id 2F25015880F9 for <[email protected]>; Thu, 6 Mar 2008 19:25:37 +0000 (UTC) X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 machine2.domain.com 2F25015880F9 DomainKey-Signature: a=rsa-sha1; s=default; d=domain.com; c=simple; q=dns; b=Uww8zvmvlqm3zNJguEJUiK9dg4TL53rbT8adEe5h1wNY6J35BV5oJNkRPpPbwnFZe Eg/ZfxxmURfM+VKBxuPZw== X-Virus-Scanned: amavisd-new at localhost.localdomain Received: from machine2.domain.com ([127.0.0.1]) by localhost (machine2.domain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teHF5vqr6fZ6 for <[email protected]>; Thu, 6 Mar 2008 13:25:37 -0600 (CST) Received: from localhost.localdomain (domain.com [75.126.130.114]) by machine2.domain.com (Postfix) with ESMTP id E942815880EA for <[email protected]>; Thu, 6 Mar 2008 13:25:36 -0600 (CST) X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 machine2.domain.com E942815880EA Date: Thu, 6 Mar 2008 11:25:36 -0800 To: [email protected] From: [email protected] Subject: Someone sent you a private message... Message-ID: <[email protected]> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" I used the godaddy wizard to generate a txt DNS record which looks like this which I believe says, allow all A record machines to send outgoing mail (machine1 and machine2 both have A records) and include ptr for servers in this domain. Code: v=spf1 a mx ptr include:smtp.secureserver.net ~all What am I doing wrong?
I think I have solved most of my problem. The godaddy spf wizard says this: "If the IP addresses listed in A records for your domain in DNS are also outbound mail servers, you should include this option in your new SPF Record." When I read that, I thought that machine2 should be included because it has an A record in my dns. The wizard to http://old.openspf.org/wizard.html is more explicit and said that only machine1 was included in my spf record. So I added machine2 explicitly to my spf record, and things are good sending with the From: header set to domain.com, with the exception of Yahoo. Does anyone know if DKIM is necessary to send email to Yahoo? Or other sending to Yahoo tricks? Can I install both Domainkeys and DKIM, or just one or the other. It looks like they use the same _domainkey dns TXT record?
You can user both of them all you need do is change the selector. DKIM is an upgrade of domainkeys some sites are still using domainkeys however that is why you need to run them side by side until domainkeys drops away.
