I do SPF checking.
# grep $user mail.log
Sep 10 09:05:48 mx tumgreyspf[13335]: 'SPF Permanent Error: Too many DNS
lookups': QUEUE_ID=""; identity=mailfrom; client-ip=216.32.181.183;
helo=ch1outboundpool.messaging.microsoft.com;
envelope-from=$User(a)vuw.ac.nz; receiver=$user(a)tauatapu.net.nz;
vuw.ac.nz IN TXT v=spf1 ip4:130.195.81.0/24 ip4:130.195.86.0/24
ip4:202.36.141.0/24 ip4:216.235.196.0/22 ip4:216.235.200.0/21
include:mcs.vuw.ac.nz include:mailprimer.cominclude:_spf.learningsourceapp.cominclude:spf.messaging.microsoft.com ~all
1. Is anyone else having this issue with vuw?
2. Should I be doing something to change my config or do others feel
that the vuw spf record is to wide?
D
--
Don Gould
31 Acheson Ave
Mairehau
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699
As you've been very helpful in the past, can I ask the best way forward
in addressing this problem.
In an attempt to reduce spam delivery to a local charity mail server, I
added
FEATURE(`require_rdns')dnl
to the sendmail config. It did help. However, it also blocked some
important clents as well...
barnardos.org.nz - sends via 122-56-8-123.cid.global-gateway.net.nz
logon.i.govt.nz - has no IP address
ecan.govt.nz - sends via onyx.crc.govt.nz which has no IP address
probably being the most important.
How do you address this problem. I'm certain they all must have been
repeatedly contacted?
TIA for all ideas,
Steve
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
MSN: steve(a)greengecko.co.nz
Skype: sholdowa
Ok, cool. thanks Tim, that answers where to point the finger now.
Tim do you mind sharing how you tested that? What tool did you use?
Is there a vwu admin on list who would like to comment? Can you fix
your spf record so it doesn't cause more than 10 recursive look ups or
should I just not bother with spf?
D
On 10/09/2012 1:07 p.m., Tim Price wrote:
>
> The recursive lookups in that SFP record come to 14 according to my
> checking.
>
> vuw.ac.nz IN TXT v=spf1 ip4:130.195.81.0/24
> ip4:130.195.86.0/24 ip4:202.36.141.0/24 ip4:216.235.196.0/22
> ip4:216.235.200.0/21 include:mcs.vuw.ac.nz include:mailprimer.com
> include:_spf.learningsourceapp.cominclude:spf.messaging.microsoft.com
> ~all
>
> ·include:mcs.vuw.ac.nz
>
> omx
>
> ·include:mailprimer.com
>
> oinclude:mailprimer.net.nz
>
> §include:mailprimer.co.nz
>
> §include:mailprimer.com
>
> ·include:mailprimer.net.nz (loop?)
>
> ·include:_spf.learningsourceapp.com
>
> oinclude:sendgrid.net
>
> §include:sendgrid.biz
>
> ·include:spf.messaging.microsoft.com
>
> oinclude:spfa.frontbridge.com
>
> oinclude:spfb.frontbridge.com
>
> oinclude:spfc.frontbridge.com
>
> *From:*nznog-bounces(a)list.waikato.ac.nz
> [mailto:nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Scott Howard
> *Sent:* Monday, September 10, 2012 12:52 PM
> *To:* Don Gould
> *Cc:* nznog
> *Subject:* Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...
>
> On Sun, Sep 9, 2012 at 5:44 PM, Don Gould <don(a)bowenvale.co.nz
> <mailto:don(a)bowenvale.co.nz>> wrote:
>
> 2. Should I be doing something to change my config or do others
> feel that the vuw spf record is to wide?
>
>
> From http://tools.ietf.org/html/rfc4408#section-10.1 :
>
> / SPF implementations MUST limit the number of mechanisms and modifiers
> that do DNS lookups to at most 10 per SPF check, including any
> lookups caused by the use of the "include" mechanism or the
> "redirect" modifier. If this number is exceeded during a check, a
> PermError MUST be returned. The "include", "a", "mx", "ptr", and
> "exists" mechanisms as well as the "redirect" modifier do count
> against this limit. The "all", "ip4", and "ip6" mechanisms do not
> require DNS lookups and therefore do not count against this limit.
> The "exp" modifier does not count against this limit because the DNS
> lookup to fetch the explanation string occurs after the SPF record
> has been evaluated.
> /
>
> Scott
>
--
Don Gould
31 Acheson Ave
Mairehau
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699
I just put up some stats on where the NZ eyeballs appear to be, based on
some website data and sort by Origin ASN.
People here might find it interesting since it might be a rough proxy for
market share.
http://blog.darkmere.gen.nz/2012/09/where-the-nz-eyeballs-are/
--
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
Thanks for posting the actual dates.
I didn't think that one would have to go to third party resources for the answer and I'm also aware of "differing opinions" as regards the nature of the overlaps of audience.
Sorry for the network purists but some people either wear many hats or have to roster those who do. ..!
("Them and us" approach doesn't do anyone any favours IMHO)
Cheers.
Simon Lyall <simon(a)darkmere.gen.nz> wrote:
>
>Colour me confused but when I look online[1] NZNOG 2013 is listed as 21-25
>Jan 2013 which is the week before LCA.
>
>I'd check the NZNOG website for details but...
>
>[1] Here:
>
>http://ws.edu.isoc.org/calendar/index.php?event=DES
>http://www.ripe.net/ripe/meetings/calendar/nznog-2
>http://www.apnic.net/events/calendar/2013/nznog-2013
>
>
>--
>Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
>"To stay awake all night adds a day to your life" - Stilgar | eMT.
>
>_______________________________________________
>NZNOG mailing list
>NZNOG(a)list.waikato.ac.nz
>http://list.waikato.ac.nz/mailman/listinfo/nznog
