[milters] Archive

Lists Index Date Thread Search

Article: 1865
From: Grant Taylor
Date: 2008-05-13 15:23:27 -0400
Subject: Re: "SPF result TempError: DNS request refused"

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

On 05/13/08 12:14, Jon Rowlan wrote:
> SPF is a special record that is set up in DNS. Some mail servers 
> insist on it I am given to believe (hotmail etc).

*nod*

""legacy SPF uses a txt DNS resource record in the domain in question. 
Newer SPF uses a newer type resource record of "spf".  However not all 
filter implementations know about the spf resource record nor do many 
DNS servers know how to serve up an spf resource record.

> You would need to get your DNS query to resolve the SPF from DNS 
> somehow.

*nod*

nslookup -query=txt <domain>.<tld>

> A DNS query on the domain is one thing, a check on the MX is another, 
> but if SPF is required and it isn't present your mail will failed to 
> be delivered. I don't know how to force nslookup or dig to check SPF.

nslookup -query=a <domain>.<tld>

vs

nslookup -query=mx <domain>.<tdl>

vs

nslookup -query=txt <domain>.<tld>

> Check your destination domain on something like dnsstuff.com that may 
> enlighten you on how DNS is set up at the remote end. This site will 
> also explain SPF more fully.

I don't believe this problem to be a DNS issue, rather an issue with 
what is in the SPF record, and how milter-spiff is handling it.

The SPF txt rr in question is effectively:

nslookup -query=txt <dom>.<tld>

v=spf1 a:.<other-dom-1>.<tld> a:.<other-dom-2>.<tld> -all

I believe the problem is that I was told to set the SPF txt record to be 
above including the "." (dot) between the "a:" and the domains.  I 
believe the problem is that milter-spiff is looking for a literal host 
named ".other-dom-1.tld".  I believe that the .<domain>.<tld> was 
intended to mean that any system with in the domain could send on behalf 
of the domain in question, but I don't think that is working out quite 
right.  I don't know if SPF is meant to allow wild cards like that or if 
it is an errant value in the SPF txt record.

I was trying to find out what could / would cause the errors that I 
reported from milter-spiff.



Grant. . . .

Lists Index Date Thread Search