1 (edited by luqe 2010-09-05 23:20:04)

Topic: adding SPF and DKIM record for ISP relayhost

i recently using relayhost with my ISP smtp as a relay
because my mail server IP always blocked on yahoo, gmail and hotmail

so i use my ISP smtp server to send mail from the iredmail

when i send mail to yahoo, i get header like this:
Received-SPF: fail (mta1079.mail.ac4.yahoo.com: domain of luqe@mydomain.net does not designate 125.160.6.xxx as permitted sender)

125.160.6.xxx is my ISP IP address, not my mail server

and also this:
Authentication-Results: mta1079.mail.ac4.yahoo.com  from=unhas.ac.id; domainkeys=neutral (no sig);  from=mydomain.net; dkim=permerror (bad sig)

how to fix that ?

thanks

2

Re: adding SPF and DKIM record for ISP relayhost

First, it's better to contact your ISP for help.

If you can't contact them, you can try to add SPF records in YOUR DNS server, for example:

yourdomain.com. 3600 IN TXT "v=spf1 mx mx:your_isp_server.com -all

# OR

yourdomain.com. 3600 IN TXT "v=spf1 ip4:125.160.6.xxx -all

If your ISP has many SMTP servers, maybe use "mx" instead of "ip4" is better.

Reference: http://www.openspf.org/

3 (edited by maxie_ro 2010-09-08 14:27:58)

Re: adding SPF and DKIM record for ISP relayhost

ZhangHuangbin wrote:

If your ISP has many SMTP servers, maybe use "mx" instead of "ip4" is better.

Note: Usually it's not a good ideea to use the MX records, especially if you don't have control over the ISP's domain (which nobody does). Use the "include" directive instead, e.g.

yourdomain.com. 3600 IN TXT "v=spf1 mx a:smtp.yourdomain.com ?include:isp.com -all

This is because some ISPs I know of have different outgoing servers than incoming MXs. MX usually are only used for receiving mail, not for sending. Example:
mx01.isp.com -> receive mail
mx02.isp.com -> receive mail
smtp01.isp.com -> send mail
smtp02.isp.com -> send mail

smtp* do not appear in DNS as MX entry, so using mx:isp.com is futile.

4

Re: adding SPF and DKIM record for ISP relayhost

It's useful, Thanks for your sharing, @maxie_ro smile

5

Re: adding SPF and DKIM record for ISP relayhost

Uhm, I forgot to add that, but keep in mind that if you add your ISP's relay host to your domain's SPF record, anyone sending mail using your ISP relay host could pretend it's you, unless your ISP uses ip-vs-domain-based access tables for relay (some don't).