lifeboy
commented
9 months ago I just did another test, after making the change indicated above. On the recipient mail server:
# dig giesler.za.net txt +short
"v=spf1 a -all"
Yet, the email received still has this in the header:
X-Spam-Report:
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -0.1 DMARC_PASS DMARC check passed
* 5.0 SPF_FAIL SPF check failed
I have run into this a couple of times and up to now thought the problem was at the recipients email server, but today this happened again. This is time it's from one PMaiB server to another.
I sent an email from giesler.za.net to abellardss.co.za and the headers from the recipient show this:
However, testing the mail server box2.gtahardware.co.za (where giesler.za.net lives), gives no problem using mxtoolbox.com's email health checker:
So, checking the spf record:
This means all hosts are rejected, except the mx record that is setup for this domain, right? For giesler.za.net, the mx record is:
So why does the spam checker used in PMiaB fail this spf test?
This is the default and I notice this note in the status pages of PMiaB:
Recommended. Prevents use of this domain name for outbound mail by specifying that no servers are valid sources for mail from @www.giesler.za.net. If you do send email from this domain name you should either override this record such that the SPF rule does allow the originating server, or, take the recommended approach and have the box handle mail for this domain (simply add any receiving alias at this domain name to make this machine treat the domain name as one of its mail domains).
Why would the default be to not allow mail sending? Surely it makes more sense to let the system construct a proper spf record for this mail domain on this server?
Would
"v=spf1 a -all"be the correct record for this? If not, what should I make this?