Automatic massive add of SPF records on all existing domain zones

COBRAws

Member
Sep 26, 2006
16
0
151
Buenos Aires
HEllo,

I need to automatically add SPF records to all my dns zones I already have set up. I have a ton of domains without proper SPF records added, some of them do have them, but the mayority dont. I have updated the DNS ZONE Templates for future inclusion when an account/domain is addem from now on, so its just for the old accounts/domains.

Is there an automated way I can do this? Its a reall pain in the *** to manually add them.
Thank you,
Jack
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
You'd have to write a Perl script I think. There is a system script around that allows you to rebuild the zone files but it's name currently escapes me. You could probably tweak that.

However since it's mostly just a matter of adding lines onto the ends of your zone files, and you could probably avoid needing to tweak the serial numbers [EDIT] by doing a "service named restart" after doing the mass edit (ie restarting named causes all the zones to be reloaded with the new changes, otherwise you'd have to change the serial number to get the new zone loaded).
 
Last edited:

freedog96150

Well-Known Member
Mar 25, 2005
68
0
156
Nevada, USA
COBRAws said:
HEllo,

I need to automatically add SPF records to all my dns zones I already have set up. I have a ton of domains without proper SPF records added, some of them do have them, but the mayority dont. I have updated the DNS ZONE Templates for future inclusion when an account/domain is addem from now on, so its just for the old accounts/domains.

Is there an automated way I can do this? Its a reall pain in the *** to manually add them.
Thank you,
Jack
I am curious. What did you add to your zone templates to add SPF records to all new accounts. I have had spotty luck with my changes working on all new account creations.
 

COBRAws

Member
Sep 26, 2006
16
0
151
Buenos Aires
freedog96150 said:
I am curious. What did you add to your zone templates to add SPF records to all new accounts. I have had spotty luck with my changes working on all new account creations.
Easy, I just added the following at the end of my DNS ZONE Templates:

%domain%. IN TXT "v=spf1 ip4:xx.xx.xx.xx ip4:xx.xx.xx.xx ip4:xx.xx.xx.xx a mx ptr ~all"
The ip3: values deppends on how many IPs does your domain work on. I have several domains sending emails from different IP numbers, so I just add those IPs I know.

brianoz thanks for boost! Ill search for that perl script.

--EDiT--
I've found a perl script for adding new lines to the dns zone db's
here is the link: http://forums.cpanel.net/showthread.php?t=52803
 
Last edited:

lloyd_tennison

Well-Known Member
Mar 12, 2004
698
1
168
Just remember, servers using strict SPF will reject any email that you forward. See the spf website.
 

sparek-3

Well-Known Member
Aug 10, 2002
1,982
217
343
cPanel Access Level
Root Administrator
lloyd_tennison is right, atleast in the way that I understand SPF.

In order for SPF to work correctly, individual users are going to have to specify what IPs are meant to send e-mail from that domain. This may be the individual's ISP outgoing mail server or it could be any outgoing mail server. The IP of the SMTP server that you use to send out mail from your ISP may not be the same IP as the IP that the SMTP server actually sends the message out to the Internet. All of these are factors in concerns with SPF.

For SPF to really work with cPanel, I think an SPF wizard needs to be added to each individual's control panel. Then individual account owners can specify what IPs are suppose to be able to send out mail for that domain. Then if an account has users that use Bellsouth and Comcast Internet services, they can specify their ISP specific mail server sending IPs through the control panel and have it added to the SPF record for their domain. I would think that some checks would have to be included to insure that the SPF data is accurate or correct.
 

Solokron

Well-Known Member
Aug 8, 2003
851
1
168
Seattle
cPanel Access Level
DataCenter Provider
Don't even dedicated IP accounts default and send via the server's main IP anyhow?

Easy, I just added the following at the end of my DNS ZONE Templates:



The ip3: values deppends on how many IPs does your domain work on. I have several domains sending emails from different IP numbers, so I just add those IPs I know.

brianoz thanks for boost! Ill search for that perl script.

--EDiT--
I've found a perl script for adding new lines to the dns zone db's
here is the link: http://forums.cpanel.net/showthread.php?t=52803