Archive for the tag 'record'

SBDavid

Start of Authority (SOA) record

Start of Authority (SOA) record

The SOA record is the first record in a properly configured zone. It contains information about the zone in a string of fields. An SOA record tells the server to be authoritative for the zone. The SOA record takes the format.

Example:

domain.name. IN SOA hostname.domain.name. mailbox.domain.name
serial-number
refresh
retry
expire
minimum-ttl

domain.name - The name of the domain to which the SOA belongs. Instead of writing out the full domain, you can also use ‘@’ in the file to let the nameserver fill this out automatically.

IN - The class of the DNS record. ‘IN’ is an abbreviated form of ‘Internet’.
SOA - The type of DNS record, which in this case is ‘Start of Authority’.

hostname.domain.name - Also known as the ‘hostmaster’ field. It contains the e-mail address of the person responsible for maintaining the zone.

minimum-ttl - The default TTL (Time To Live) for every record in the zone. The default is only used when a particular resource record does not have its own specified TTL value. When changes are being made to a zone, the default is often set at ten minutes or less.

Lowest numbered MX record points to local host

temporarily rejected RCPT : lowest numbered MX record points to local host

If you see the following in exim’s main_log: /var/log/exim_mainlog

This indicates that the domain doesn’t exist in /etc/localdomains. Edit the file with and ensure it’s listed there.

Please also ensure that it isn’t listed in /etc/remotedomains.

SBDavid

SPF record

SPF record

An SPF record is simply a TXT type dns record which is used to store information about what IPs are allowed to send email for a specific domain. A receiving mailserver can do a lookup on this TXT record get get this data, and use the information to decide if an IP sending email from a specific domain really is allowed to be sending email for that domain.

There are a few options you can use with SPF records to govern the severity of encforcement on these rules.

Details on these rules can be found here: http://www.openspf.org/SPF_Record_Syntax

Setup your SPF record to use the -all option insetad of the ?all option so that email can *only* be sent from your server. This means that you *must* get all of your clients to send their smtp through your server, or they will be tagged as spam for spoofing. If they’re blocked on port 25 to your server, tell them to send on port 587 to your server (same thing, just not block by the ISP) value of -all, you can either change your DNS zone manually from:

Directadmin-> Admin Level -> DNS Administration -> domain.com or User Level -> DNS Management

change:

“v=spf1 a mx ip4:4.2.2.2 ?all”

to be

“v=spf1 a mx ip4:4.2.2.2 -all”

of course, where 4.2.2.2 should be replaced by your server IP.

Restart named after making the changes. Allow at least 4 hours for the new records to propogate.