Member_2_6474242
asked on
spf=permerror
I sent an email from my domain to google and i found the error when i go to original message
spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma @xyz.com.f j: mail.international.school. fj not found) I sent an email from my domain to google and i found the error when i go to original message
spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma @xyz.com.f j: mail.com.school.fj not found) smtp.mailfrom=btv1==611743 7fd2d==rsh arma@xyz.c om.fj
spf record = v=spf1 a mx include:_spf.google.com include:mail.com.school.fj include:mailrelay.unwired. com.fj ~all
spf=permerror (google.com: permanent error in processing during lookup of btv1==611a1cd8c90==rsharma @com.schoo l.fj: mail.xyz.com.fj not found) smtp.mailfrom=btv1==611a1c d8c90==rsh arma@com.s chool.fj
spf record =v=spf1 a mx include:mail.xyz.com.fj include:mailrelay.unwired. com.fj ~all
requesting assistance and how i can solve this
spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma
spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma
spf record = v=spf1 a mx include:_spf.google.com include:mail.com.school.fj
spf=permerror (google.com: permanent error in processing during lookup of btv1==611a1cd8c90==rsharma
spf record =v=spf1 a mx include:mail.xyz.com.fj include:mailrelay.unwired.
requesting assistance and how i can solve this
you are including records in the SPF that do not exist
mail.international.school. fj not found) smtp.mailfrom=btv1==611743 7fd2d==rsh arma@xyz.c om.fj
mail.xyz.com.fj not found) smtp.mailfrom=btv1==611a1c d8c90==rsh arma@inter national.s chool.fj
please have a look at the openspf.org and the description on how to configure the SPF record.
www.mxtoolbox.com has under more a tool to validate the SPF record.
the open SPF has the test tool that you can put in your WAN IP from where you are sending the email, and it will tell you whether this IP passes the PFS test as an originator of a message on the domain of the sender.
include:mail.internation.s chool.fj does not exist:
nslookup -q=txt mail.international.school. fj
international.school.fj
primary name server = ns1.unwired.com.fj
responsible mail addr = dns.netops.unwired.com.fj
serial = 2013111212
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
nslookup -q=txt mailrelay.unwired.com.fj
unwired.com.fj
primary name server = ns1.unwired.com.fj
responsible mail addr = FijiHUB_IT_Infrastructure_ Services.d igicelgrou p.com
serial = 2007041945
refresh = 43200 (12 hours)
retry = 900 (15 mins)
expire = 1209600 (14 days)
default TTL = 900 (15 mins)
what it needs to see is the record
nslookup -q=txt _spf.google.com
Non-authoritative answer:
_spf.google.com text =
"v=spf1 include:_netblocks.google. com include:_netblocks2.google .com include:_netblocks3.google .com ~all"
mail.international.school.
mail.xyz.com.fj not found) smtp.mailfrom=btv1==611a1c
please have a look at the openspf.org and the description on how to configure the SPF record.
www.mxtoolbox.com has under more a tool to validate the SPF record.
the open SPF has the test tool that you can put in your WAN IP from where you are sending the email, and it will tell you whether this IP passes the PFS test as an originator of a message on the domain of the sender.
include:mail.internation.s
nslookup -q=txt mail.international.school.
international.school.fj
primary name server = ns1.unwired.com.fj
responsible mail addr = dns.netops.unwired.com.fj
serial = 2013111212
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
nslookup -q=txt mailrelay.unwired.com.fj
unwired.com.fj
primary name server = ns1.unwired.com.fj
responsible mail addr = FijiHUB_IT_Infrastructure_
serial = 2007041945
refresh = 43200 (12 hours)
retry = 900 (15 mins)
expire = 1209600 (14 days)
default TTL = 900 (15 mins)
what it needs to see is the record
nslookup -q=txt _spf.google.com
Non-authoritative answer:
_spf.google.com text =
"v=spf1 include:_netblocks.google.
ASKER
Hi
Please note i do have my mail server(mail.iss.local) but i understand that since that is local it doesn't matter. we are also using smart host(10.0.1.32) but that is internal as well. Do i need to include internal IP's? As far as i know all my external public domain are already defined. Do i need to include public IP's instead of domain names. Doesn't the A record get the current mail server?
Please note i do have my mail server(mail.iss.local) but i understand that since that is local it doesn't matter. we are also using smart host(10.0.1.32) but that is internal as well. Do i need to include internal IP's? As far as i know all my external public domain are already defined. Do i need to include public IP's instead of domain names. Doesn't the A record get the current mail server?
Hi,
You don't need to include any internal IPs, especially any that are non-routable such as 10.X.X.X.
You do need to include whatever IP(s) your email exits onto the internet from - your public exit point.
That needs to be the actual IP and / or the hostname(s) that resolve to those IP(s).
Alan.
You don't need to include any internal IPs, especially any that are non-routable such as 10.X.X.X.
You do need to include whatever IP(s) your email exits onto the internet from - your public exit point.
That needs to be the actual IP and / or the hostname(s) that resolve to those IP(s).
Alan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone
Now i am getting the following. If i test an email from my domain to gmail and yahoo i get the following in headers
Gmail test
spf=neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma @xyz.com.f j) smtp.mailfrom=btv1==61619e e9795==rsh arma@xyz.c om.fj
Return-Path: <btv1==61619ee9795==rsharm a@xyz.com. fj>
Received: from relay.unwired.com.fj (relay.unwired.com.fj. [202.151.16.19])
by mx.google.com with ESMTP id v6si8715624pgc.526.2018.03 .18.17.08. 03
for <vampirerps2007@gmail.com> ;
Sun, 18 Mar 2018 17:08:04 -0700 (PDT)
Received-SPF: neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma @xyz.com.f j) client-ip=202.151.16.19;
Authentication-Results: mx.google.com;
dkim=pass header.i=@xyz.com.fj header.s=s1024 header.b=2oPFVUuP;
spf=neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma @xyz.com.f j) smtp.mailfrom=btv1==61619e e9795==rsh arma@xyz.c om.fj
Received: from - (relay [127.0.0.1]) by relay.unwired.com.fj (Postfix) with ESMTP id D24E712A970 for <vampirerps2007@gmail.com> ; Mon, 19 Mar 2018 12:08:02 +1200 (FJT)
Yahoo test
Received-SPF: none (domain of xyz.com.fj does not designate permitted sender hosts)
Requesting assistance
Now i am getting the following. If i test an email from my domain to gmail and yahoo i get the following in headers
Gmail test
spf=neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma
Return-Path: <btv1==61619ee9795==rsharm
Received: from relay.unwired.com.fj (relay.unwired.com.fj. [202.151.16.19])
by mx.google.com with ESMTP id v6si8715624pgc.526.2018.03
for <vampirerps2007@gmail.com>
Sun, 18 Mar 2018 17:08:04 -0700 (PDT)
Received-SPF: neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma
Authentication-Results: mx.google.com;
dkim=pass header.i=@xyz.com.fj header.s=s1024 header.b=2oPFVUuP;
spf=neutral (google.com: 202.151.16.19 is neither permitted nor denied by best guess record for domain of btv1==61619ee9795==rsharma
Received: from - (relay [127.0.0.1]) by relay.unwired.com.fj (Postfix) with ESMTP id D24E712A970 for <vampirerps2007@gmail.com>
Yahoo test
Received-SPF: none (domain of xyz.com.fj does not designate permitted sender hosts)
Requesting assistance
Using mxtoolbox.com more tools, SPF lookup for xyz.com.fj
Reports no record.
You may intermittent respinse if possible that your NS records reflect different information.
Google reports the source of message as having the IP 202.151.16.19
Reports no record.
You may intermittent respinse if possible that your NS records reflect different information.
Google reports the source of message as having the IP 202.151.16.19
ASKER
The current record at isp is
a mx include:_spf.google.com a:mail.international.schoo l.fj a:mailrelay.unwired.com.fj include:spf.ess.barracudan etworks.co m ~all
a mx include:_spf.google.com a:mail.international.schoo
Not sure where you are getting that info,
nslookup -q=txt xyz.com.fj
Returns no records, SPF is based on the senders domain username@xyz.com.fj.
nslookup -q=txt xyz.com.fj
Returns no records, SPF is based on the senders domain username@xyz.com.fj.
Hi,
Not sure if there are some DNS providers out of date or misconfigured, but I am seeing this from Central Ops:
https://centralops.net/co/ domaindoss ier.aspx?a ddr=xyz.co m.fj&dom_d ns=true
If your emails are entering the internet from IP = 202.151.16.19 perhaps try adding that specific IP to your SPF record, and see if that fixes it at least initially.
Alan.
Not sure if there are some DNS providers out of date or misconfigured, but I am seeing this from Central Ops:
xyz.com.fj IN TXT a mx include:_spf.google.com a:mail.international.school.fj a:mailrelay.unwired.com.fj include:spf.ess.barracudanetworks.com ~all
Source (20180319 - 1749 NZT):https://centralops.net/co/
If your emails are entering the internet from IP = 202.151.16.19 perhaps try adding that specific IP to your SPF record, and see if that fixes it at least initially.
Alan.
ASKER
Hi All
Thanks for all your input
This was an issue with our ISP and they have solved it. They have changed the dns settings at their end
I have also modified my spf record
Thanks for all your input
This was an issue with our ISP and they have solved it. They have changed the dns settings at their end
I have also modified my spf record
ASKER
thanks
Isn't that what I said in my first post:
https://www.experts-exchan ge.com/que stions/290 89154/spf- permerror. html#a4250 0007
You need to include the IP address (or hostname that resolves to that IP address) that your email is coming from in your SPF record.
https://www.experts-exchan
Agree, Alan did mention/suggest the change.
The SPF record was not optimally, correctly setup.
include should commonly use google.com even though it references _spf.google.com the difference, if they transition to something else, the _spf.google.com is discretionary on their part, they could have chosen another lable/record.
using google.com will follow whatever decisions/changes they may make in the future.
openspf.org has the writeup on the standard on when one would use
A
mx
include
PTR
IP
ipv6
etc.
You can request attention/report your question to have it reopened to award points recognizing other's comments/contributions.
The SPF record was not optimally, correctly setup.
include should commonly use google.com even though it references _spf.google.com the difference, if they transition to something else, the _spf.google.com is discretionary on their part, they could have chosen another lable/record.
using google.com will follow whatever decisions/changes they may make in the future.
openspf.org has the writeup on the standard on when one would use
A
mx
include
PTR
IP
ipv6
etc.
You can request attention/report your question to have it reopened to award points recognizing other's comments/contributions.
It appears that you are trying to send from:
Open in new window
The SPF record for that domain is:
Open in new window
I am guessing that the source IP of your email does not match the resolution of any of the items in your SPF record, and hence you are getting the error you pasted above.
You need to include the IP address (or hostname that resolves to that IP address) that your email is coming from in your SPF record.
Thanks,
Alan.