LinkBack URL
About LinkBacksDoes the exim that cpanel installs use SPF?
If so do I need to enable it somehow?
Does the exim that cpanel installs use SPF?
Does the exim that cpanel installs use SPF?
If so do I need to enable it somehow?
It's compiled in, but it doesn't use it automatically (thank goodness). You'll have to enable it by adding the appropriate commands in exim.conf:
http://www.exim.org/exim-html-4.50/d..._7.html#TOC272
Bear in mind, that if you install it, it will at the very least, deny any email your clients forward from their ISP accounts to their POP3 accounts on their cPanel account, among other things. Remember, it is not RFC compliant and does break the SMTP rules on mail delivery.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
i'm very sure how it works so far... because i sent a mail from my cell phone ( who use a smtp like smtp.wirelessinbox.com instead of my own smtp mail.domain.com ) and the mail get through to the customer... without warning or anything...
And from what i see in dnsreport.com, the spf are there... Does it means that exim doesn't use it ? but the spf entry is in the dns zone ?
That should be checked at the receiving end I think , if the recieving mailserver has spf checks enabled it should be accepted. I guess they did not have it enabled.Originally Posted by fred123123
Shashank Wagh.
Systems Administrator.
http://www.shashank.net
Can anyone think of anything else? I dont have any one that forwards there ISP mail there pop3 and i think you can just add a server to the SPF record if they do.
I enabled this on one server and its not blocking anything, even when I try sending from a php script on another server. Any tips?
As SPF is not universally used and also still has bugs not to mention RFC issues,
I DO NOT recommend that you configure your server to actually perform SPF checks
and certainly do not perform any filtering based on SPF .... that is just asking for trouble.
Really the best use for SPF at this point is just as an advisor system on the client end.
In example, I have an SPF checking extension installed in my Mozilla Thunderbird
email program on my laptop which just simply tells me whether email messages
have a valid SPF or not but does not do any filtering because of it which is good.
Just as a side note, I do recommend that you add an SPF record to all your domains
in your DNS server (BIND records) and update the DNS templates so that new domains
added will automatically have a valid SPF record. With this, your mail will still get through
to those few networks who are stupid enough to already have SPF filtering enabled.
Would you be willing to point me in the right direction regarding altering the DNS templates to do a basic SPF config for new customers?
You have to do the DNS config and then configure exim to run SPF checks, Im not sure how to properly configure exim.
I simply added the following to the DNS zone templates ....
Where ...%domain%. IN TXT "v=spf1 ip4:MYIP1 ip4:MYIP2 a mx a:MYSERVER mx:MYSERVER mx:MYSERVDOM mx:%domain% include:MYSERVDOM ~all"
MYIP1 is the primary IP number on my server
MYIP2 is the secondary IP number on my server
MYSERVER is the hostname of my server
MYSERVERDOM is the base domain name of my server
Again, I **DO NOT** recommend that you turn on SPF checking in Exim and that you
DO NOT perform any SPF filtering but I do recommend that you go ahead and add
the SPF entries to your DNS zone files so you don't have any problems communicating
with other hosts who were dumb enough to turn on SPF filtering on their end.
So if I am reading this right (been up for hours%domain%. IN TXT "v=spf1 ip4:MYIP1 ip4:MYIP2 a mx a:MYSERVER mx:MYSERVER mx:MYSERVDOM mx:%domain% include:MYSERVDOM ~all"), these are in this format:
MYSERVER = server.myserverdomain.com
MYSERVERDOM = myserverdomain.com
█ HostOrca - hostorca.co.uk
█ UK and US Reliable Shared Hosting Solutions
█ Where Customer Service Counts!
Yes, you got it!
and this is just on the MYSERVERDOM record or all DNS records? Nothing is real clear in SPF's own documentation for web hosting companies..
Lloyd F Tennison
The latter - all DNS records.
It's a fun task if you have many DNS records to update . . .
Recently we finally decided to set the SPF record by default.
We recommend to use the simpliest way of setting up the DNS zones. Edit both, /var/cpanel/zonetemplates/standard and /var/cpanel/zonetemplates/standardvirtualftp and add the single line at the bottom:
This will work on every cPanel server automatically.Code:%domain%. IN TXT "v=spf1 a mx ptr ip4:%ftpip% a:%nameserver% a:%nameserver2% -all"
This will address 99,9% of the possible setups and caused us no issues on several thousands of hosted domains. They may communicate with AOL/Hotmail and so on with no problems.
Enjoy!
Reliable web-hosting, good resellers plans, web-design.
ISProHosting.com
Reply With Quote