DNS Zone Templates for SPF records

mrgold

Registered
Mar 4, 2005
3
0
151
Adelaide, Australia
Hi All

A couple of questions -

I am implementing SPF records as TXT entries in the DNS of all my existing sites in order to mitigate against spoof emails using my domain names. I want to change the zone template for new accounts also. Which template do I need to change - is it just the 'standard' template.
What are the other templates for.

Second question - when will Cpanel support SPF type DNS records.

Thanks

Martin
 
Last edited:

Spiral

BANNED
Jun 24, 2005
2,020
8
193
On ours, we actually added the SPF record to all 3 of the templates even though
some domains might not actually be used for email. Doesn't hurt though.
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
mickalo said:
how exactly did you do this? Can you post a sample?
Sure, no problem ....

Code:
%domain%. IN TXT "v=spf1 ip4:x.x.x.x  a mx a:(hostname) mx:(hostname) mx:(mail server) mx:%domain% include:(mail server) ~all"
Add the above line to your DNS templates but with the following changes:

x.x.x.x = your server's ip address bound to Exim
(you could use %ip% if you use mostly shared IP accounts)

(hostname) = your server's hostname

(mail server) = your server's mail server (or primary domain name)

If you have multiple IP addresses bound to Exim, you can add additional
"ip4:x.x.x.x" sections in line to the SPF line

Hope that helps ....

Pretty simple and works!



NOTE: Adding SPF to the templates will only effect new accounts and will not change existing domains but you can
update those by modifying the respective /var/named/(domain).db files or rebuilding the DNS for the domains
 
Last edited:

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Spiral said:
Sure, no problem ....

Code:
%domain%. IN TXT "v=spf1 ip4:x.x.x.x  a mx a:(hostname) mx:(hostname) mx:(mail server) mx:%domain% include:(mail server) ~all"
Add the above line to your DNS templates but with the following changes:

x.x.x.x = your server's ip address bound to Exim
(you could use %ip% if you use mostly shared IP accounts)

(hostname) = your server's hostname

(mail server) = your server's mail server (or primary domain name)

If you have multiple IP addresses bound to Exim, you can add additional
"ip4:x.x.x.x" sections in line to the SPF line

Hope that helps ....

Pretty simple and works!



NOTE: Adding SPF to the templates will only effect new accounts and will not change existing domains but you can
update those by modifying the respective /var/named/(domain).db files or rebuilding the DNS for the domains
This one here:
Code:
x.x.x.x = your server's ip address bound to Exim
(you could use %ip% if you use mostly shared IP accounts)
what does this mean ... which IP are you referring too here?

I assume we could edit all the exisiting DNS zone files and add this to them them via the WHM >> Edit DNS zones ... correct?

Mickalo
 

tweakservers

Well-Known Member
Mar 30, 2006
379
0
166
mickalo said:
This one here:
Code:
x.x.x.x = your server's ip address bound to Exim
(you could use %ip% if you use mostly shared IP accounts)
what does this mean ... which IP are you referring too here?

I assume we could edit all the exisiting DNS zone files and add this to them them via the WHM >> Edit DNS zones ... correct?

Mickalo
Usually that's your primay share IP address. You may get that from the dnsreport.com in the MX zone.
 

mrgold

Registered
Mar 4, 2005
3
0
151
Adelaide, Australia
Spiral said:
Sure, no problem ....

Code:
%domain%. IN TXT "v=spf1 ip4:x.x.x.x  a mx a:(hostname) mx:(hostname) mx:(mail server) mx:%domain% include:(mail server) ~all"
Add the above line to your DNS templates but with the following changes:

x.x.x.x = your server's ip address bound to Exim
(you could use %ip% if you use mostly shared IP accounts)

(hostname) = your server's hostname

(mail server) = your server's mail server (or primary domain name)

If you have multiple IP addresses bound to Exim, you can add additional
"ip4:x.x.x.x" sections in line to the SPF line

Hope that helps ....

Pretty simple and works!



NOTE: Adding SPF to the templates will only effect new accounts and will not change existing domains but you can
update those by modifying the respective /var/named/(domain).db files or rebuilding the DNS for the domains
Thanks. I'm using a much simpler entry, in the 'standard' template -

%domain%. IN TXT "v=spf1 a mx -all"

Note that the "~" you've used gives a soft response, whereas I am using a "-" which gives a fail response..

This entry produces good test results.

SPF org suggests adding a

%domain%. IN SPF "v=spf1 a mx -all", but this isn't supported yet on my server.

I also have the following templates -

simple
simple.rej
simple.orig
standard.rej
standard.orig
and some ftp templates.

When are each of these templates used ? I'm assuming that the 'standard' template is the one used when I create a new site ?

Martin
 

freedog96150

Well-Known Member
Mar 25, 2005
68
0
156
Nevada, USA
Anyone answer as to when the additional template files are used???