So I am quite new to mail servers and looking for help with setting up SPF properly for this environment:
mailserver (IP 11.11.11.11, example.com, random.com, test.com)
relay server (IP 22.22.22.22, srv2.example.com)
I have multiple domains hosted on my mailserver (example.com) that all use the relay server (srv2.example.com) to communicate. I have following entries set in my DNS zone file for example.com:
- @ IN MX 10 srv2
- @ IN TXT "v=spf1 +mx +a a:22.22.22.22 a:ip6:2001:0db8:85a3:0000:0000:8a2e:0370:7334 include:srv2.example.com -all"
This would be the Zone File for another domain hosted on my mailserver (example.com):
- @ IN TXT "v=spf1 +mx +a a:ip4:22.22.22.22 a:ip6:2001:0db8:85a3:0000:0000:8a2e:0370:7334 -all"
Doing a test and sending myself a mail to googlemail results with this response:
spf=pass (google.com: domain of admin@example.com designates 22.22.22.22 as permitted sender) smtp.mailfrom=admin@example.com;
But my settings somehow still can't be correct as when I test the mail somewhere else I get following result:
SPF check details: Result: neutral ID(s) verified: smtp.mail=admin@example.com DNS record(s):
Sender-ID check details: Result: neutral ID(s) verified: smtp.mail=admin@example.com DNS record(s):
My first question I ask myself: Why can the response be neutral if I set either ~all or -all? If I dig deeper and use this website http://spf.myisp.ch to check my SPF entry I get this:
The hosts , have no SPF entries defined although they are referenced. This violates RFC4408.
What comes now in my head is that "," probably is referencing to srv2.example.com and that means that my relay server itself has no SPF entry.
There is many question in my head about SPF and relaying, sadly http://www.openspf.org which seems to be a great place to get more information seems to be offline for some time now.