Ping a Specific Port

Question

Mike B

Asked: 2013-03-02 01:35:09 +0800 CST2013-03-02 01:35:09 +0800 CST 2013-03-02 01:35:09 +0800 CST

Mail rejected because of SPF lookup - can a MX record be a CNAME?

772

We're serving mail for a group of customers, and (only) one of them is seeing (some of) their mails rejected.

The situation is:

Our server: ourdomain.com -> Gets forward and reverse DNS lookup correctly resolved
Served domain: clientdomain.com

Dig over clientdomain.com:

clientdomain.com.       2742    IN      MX      5 mail.clientdomain.com.
mail.clientdomain.com.  2742    IN      A       ip.of.ourdomain.com

Error to mail clients:

Recipient address rejected:
SPF-Result=ourdomain.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'ourdomain.com' (in reply to RCPT TO command)

My main question is...

Would it be better something like

clientdomain.com.         2742    IN      MX      5 mail.clientdomain.com
mail.clientdomain.com.    2742    IN      CNAME   ourserver.com

?

Secondary question... if above answer is NO, what can I do? add an SPF record in favour of ourserver.com? Why aren't other clients noticing this?

Thanks for reading

2 Answers

Voted

jwbensley · Answer 1 · 2013-03-02T01:49:12+08:00

jwbensley

2013-03-02T01:49:12+08:002013-03-02T01:49:12+08:00

For simplicity you could use the below set up. Also I thoroughly recommend you set an SPF record for both domains. SPF aren't fool proof by any stretch of the imagination, but many people force the requirement of them, so it's worth setting up since it's just a DNS entry;

ourdomain.com         IN   MX  5  mail.ourdomain.com
clientdomain.com      IN   MX  5  mail.ourdomain.com
mail.ourdomain.com    IN   A      1.2.3.4

ourdomain.com         IN   TXT    v=spf1 a:mail.ourdomain.com ~all
clientdomain.com      IN   TXT    v=spf1 a:mail.ourdomain.com ~all

2

Ladadadada · Answer 2 · 2013-03-02T03:24:15+08:00

Best Answer

Ladadadada

2013-03-02T03:24:15+08:002013-03-02T03:24:15+08:00

SERVFAIL is not the same as NXDOMAIN. The error message means that they were unable to even contact a name server at all when looking up the SPF records.

It could be their name server or yours that was unable to respond.

If this is your mail server, you should find out what the SPF lookup was and why it failed.

2

Mail rejected because of SPF lookup - can a MX record be a CNAME?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?