<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Mike,<br>
<br>
I've just fixed the lack of IPv6 in the SPF record. I'm very wary of
updating our mailman install, as there are a lot of lists on it, and
lots of people would be very upset if a "yum upgrade mailman" did
something horrible. I'm not even supposed to be looking after our
mail system any more, I just do the minimum necessary fixes to keep
it working.<br>
<br>
Let's see if the IPv6 SPF record is enough to keep us going for now.
:-/<br>
<br>
Thanks!<br>
Jules.<br>
<br>
<br>
<div class="moz-cite-prefix">On 11/11/2016 16:06, Mike Brudenell
wrote:<br>
</div>
<blockquote
cite="mid:CAPXCWaugC0GE41EFnC2OTRwoy=uv-QhwBJELQiSwuSuHg9ubHw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi, Jules -
<div><br>
</div>
<div>There's still a problem with the SPF record for the <a
moz-do-not-send="true" href="http://zend.to" target="_blank">zend.to</a>
domain I'm afraid…</div>
<div><br>
</div>
<div>We're seeing messages arriving from IPv6 addresses, which
aren't listed in your SPF record and so are not generating
SOFTFAIL results for SPF checks.</div>
<div><br>
</div>
<div>For example a message at 12:42 had this Received header</div>
<div><br>
</div>
<blockquote style="margin:0px 0px 0px
40px;border:none;padding:0px">
<div>
<div>Received: from <a moz-do-not-send="true"
href="http://falcon.ecs.soton.ac.uk">falcon.ecs.soton.ac.uk</a>
(<a moz-do-not-send="true"
href="http://falcon.ecs.soton.ac.uk">falcon.ecs.soton.ac.uk</a>.
[2001:630:d0:f102::25e])</div>
</div>
<div>
<div> by <a moz-do-not-send="true"
href="http://mx.google.com">mx.google.com</a> with
ESMTPS id vg1si10581610wjb.19.2016.11.11.06.42.24</div>
</div>
<div>
<div> (version=TLS1 cipher=AES128-SHA bits=128/128);</div>
</div>
<div>
<div> Fri, 11 Nov 2016 06:42:24 -0800 (PST)</div>
</div>
</blockquote>
<div><br>
</div>
<div>showing Google had received it from [2001:630:d0:f102::25e]</div>
<div><br>
</div>
<div>The MX option in your SPF record picks up the various IPv6
addresses of your site's <u style="font-weight:bold">inbound</u> mail
servers, but I guess [2001:630:d0:f102::25e] is an
outbound-only server so doesn't have MX records point to it,
hence doesn't get included in the SPF data.</div>
<div><br>
</div>
<div>You need to list the IP addresses/netblocks of all your
outbound servers in the SPF record for <a
moz-do-not-send="true" href="http://zend.to">zend.to</a></div>
<div><br>
</div>
<div>In passing (and the IT staff might already know) the SPF
record for your main <a moz-do-not-send="true"
href="http://soton.ac.uk">soton.ac.uk</a> domain is right at
the maximum number of DNS lookups SPF permits: 10. I hope
no-one adds and more entries requiting lookups to it!</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Mike B-)</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 11 November 2016 at 11:24, Jules <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:Jules@zend.to" target="_blank">Jules@zend.to</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> I've just added an
SPF record for the domain.<br>
Any thoughts on fixing the "on behalf of" issue?<br>
<br>
Thanks!<br>
Jules.
<div>
<div class="h5"><br>
<br>
<div class="m_2849635567719331640moz-cite-prefix">On
11/11/2016 09:16, Stewart Campbell wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div class="m_2849635567719331640WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">I
sent an email regarding this a while ago.
Domains that have SPF/DKIM/DMARC set up will
have problems even sending mail to this list
as it sends all list emails ‘on behalf of’ the
sender. My domain does not have this list in
its SPF record so it will fail.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US"> <a moz-do-not-send="true"
class="m_2849635567719331640moz-txt-link-abbreviated"
href="mailto:zendto-bounces@zend.to"
target="_blank">zendto-bounces@zend.to</a> [<a
moz-do-not-send="true"
class="m_2849635567719331640moz-txt-link-freetext"
href="mailto:zendto-bounces@zend.to"
target="_blank">mailto:zendto-bounces@zend.to</a><wbr>]
<b>On Behalf Of </b>Mike Brudenell<br>
<b>Sent:</b> 11 November 2016 09:08<br>
<b>To:</b> ZendTo Users <a
moz-do-not-send="true"
class="m_2849635567719331640moz-txt-link-rfc2396E"
href="mailto:zendto@zend.to" target="_blank"><zendto@zend.to></a><br>
<b>Subject:</b> [ZendTo] A head's up about the
mailing list</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Just a head's up to the
person/people who run the mailing list…</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">For the past few months
Google are now flagging all messages form
the list with a a red "this message is a
little suspicious" question mark indicator
because there's no valid SPF or DKIM for it.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">It needs one or both of:</p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal"> an SPF record setting
up for the "<a moz-do-not-send="true"
href="http://zend.to" target="_blank">zend.to</a>"
domain that authorises the mail servers
transmitting the list's messages to do so,
and/or</li>
<li class="MsoNormal"> DKIM signatures being
added to the messages, ideally with "d=<a
moz-do-not-send="true"
href="http://zend.to" target="_blank">zend.to</a>"
as the attribute in the signature.</li>
</ul>
<div>
<p class="MsoNormal">Adding either or both
of these should eliminate the warnings.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Cheers,</p>
</div>
<div>
<p class="MsoNormal">Mike B-)</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">-- </p>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="color:#666666">Systems
Administrator & Change Manager</span></p>
</div>
<div>
<p class="MsoNormal"><span
style="color:#666666">IT Services,
University of York, Heslington, York
YO10 5DD, UK</span></p>
</div>
<div>
<p class="MsoNormal"><span
style="color:#666666">Tel: <a
moz-do-not-send="true"
href="tel:%2B44-%280%291904-323811"
value="+441904323811"
target="_blank">+44-(0)1904-323811</a></span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span
style="color:#666666">Web:
<a moz-do-not-send="true"
href="http://www.york.ac.uk/it-services"
target="_blank">
www.york.ac.uk/it-services</a></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="color:#666666">Disclaimer:
<a moz-do-not-send="true"
href="http://www.york.ac.uk/docs/disclaimer/email.htm"
target="_blank">
www.york.ac.uk/docs/<wbr>disclaimer/email.htm</a></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_2849635567719331640mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
ZendTo mailing list
<a moz-do-not-send="true" class="m_2849635567719331640moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to" target="_blank">ZendTo@zend.to</a>
<a moz-do-not-send="true" class="m_2849635567719331640moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.<wbr>uk/mailman/listinfo/zendto</a></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<pre class="m_2849635567719331640moz-signature" cols="72">Jules
--
Julian Field MEng MBCS CITP CEng
<a moz-do-not-send="true" class="m_2849635567719331640moz-txt-link-abbreviated" href="http://www.Zend.To" target="_blank">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</font></span></div>
______________________________<wbr>_________________
ZendTo mailing list
<a moz-do-not-send="true" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a moz-do-not-send="true" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" rel="noreferrer" target="_blank">http://mailman.ecs.soton.ac.<wbr>uk/mailman/listinfo/zendto</a>
</blockquote></div>
<div>
</div>--
<div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font color="#666666">Systems Administrator & Change Manager</font></div><div><font color="#666666">IT Services, University of York, Heslington, York YO10 5DD, UK</font></div><div><font color="#666666">Tel: +44-(0)1904-323811</font></div><div><font color="#666666">
</font></div><div><font color="#666666">Web:<span style="white-space:pre"> </span><a moz-do-not-send="true" href="http://www.york.ac.uk/it-services" target="_blank">www.york.ac.uk/it-services</a></font></div><div><font color="#666666">Disclaimer:<span style="white-space:pre"> </span><a moz-do-not-send="true" href="http://www.york.ac.uk/docs/disclaimer/email.htm" target="_blank">www.york.ac.uk/docs/disclaimer/email.htm</a></font></div></div></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng MBCS CITP CEng
'Every morning when I wake,
Dear Lord, a little prayer I make,
O please do keep Thy lovely eye
On all poor creatures born to die
And every evening at sun-down
I ask a blessing on the town,
For whether we last the night or no
I'm sure is always touch-and-go.
We are not wholly bad or good
Who live our lives under Milk Wood,
And Thou, I know, wilt be the first
To see our best side, not our worst.
O let us see another day!
Bless us all this night, I pray,
And to the sun we all will bow
And say, good-bye - but just for now!'
- Dylan Thomas
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre></body></html>