Hi there,
Until at least May 2025 the SPF record for pangolin.slitaz.org was
"v=spf1 ip4:178.32.102.8 ~all"
and there was no SPF record for by.slitaz.org. This can be seen in
the headers added by my mail server to the most recent mail which it
accepted from the forum:
8<----------------------------------------------------------------------
X-SPF-hello: pass ([pangolin.slitaz.org]=[v=spf1 ip4:178.32.102.8 ~all])
(DNS lookups=[0] void lookups=[0])
X-SPF-mfrom: none ([by.slitaz.org]=none)
8<----------------------------------------------------------------------
The SPF record has now been changed to:
"v=spf1 a a:pangolin.slitaz.org ~all"
which directs recipients to check the A record for pangolin.slitaz.org
for an IP address to match against the connecing IP.
Unfortunately the A record gives the wrong IP address:
8<----------------------------------------------------------------------
$ dig +short pangolin.slitaz.org
141.94.188.35
$
8<----------------------------------------------------------------------
which results in our mail server tempfailing the message unless I do
something about it...
8<----------------------------------------------------------------------8<----------------------------------------------------------------------
Jul 4 13:58:49 mail6 sm-mta[26405]: <-- EHLO pangolin.slitaz.org
Jul 4 13:58:49 mail6 x3[20026]: xm_spf_query(): [178.32.102.8] scope=>[helo] identity=>[pangolin.slitaz.org]
Jul 4 13:58:49 mail6 x3[20026]: xm_spf_query(): [178.32.102.8] SPF RECORD for [pangolin.slitaz.org]=>[v=spf1 a a:pangolin.slitaz.org ~all]
Jul 4 13:58:49 mail6 x3[20026]: xm_spf_query(): [178.32.102.8] spf [helo] result code [softfail]
8<----------------------------------------------------------------------8<----------------------------------------------------------------------
I can cope with this, but it needs to be fixed at the sending end.
It's better to use literal IPs in the record if you can, and in any
case, duplication of 'a' mechanisms in the record is best avoided.
--
73,
Ged.