smck83 / expurgate-solo Goto Github PK

Hi.

I set the parameters as specified on the README and changed the DNS on my domain, but is not working.

I used https://vamsoft.com/support/tools/spf-policy-tester to test my policy.

The part +1 msDomain argument after macro expansion: "116.223.107.40.116.223.107.40.domain.cc._spf.domain.cc._spf.domain.cc". seems to be duplicated and causing error.

+0 msSPF check starting.
IP: 40.107.223.116
Sender: [email protected]
Domain: domain.cc
EHLO/HELO domain:
+0 msTXT record found.
Line #1: "v=spf1 include:%{ir}.%{d}._spf.domain.cc -all"
+0 msStarting SPF policy evaluation.
Policy: "v=spf1 include:%{ir}.%{d}._spf.domain.cc -all"
+0 msThe policy passed syntax validation.
+0 msEvaluating SPF mechanisms.
+0 msEvaluating mechanism "include".
Qualifier: "pass"
Domain argument: "%{ir}.%{d}._spf.domain.cc"
DNS limits status: DNS terms 0 of 10 allowed. Void lookups 0 of 2 allowed. See RFC7208 Section 4.6.4.
+0 msDomain argument after macro expansion: "116.223.107.40.domain.cc._spf.domain.cc".
+0 msEntering recursive evaluation.
+0 msSPF check starting.
IP: 40.107.223.116
Sender: [email protected]
Domain: 116.223.107.40.domain.cc._spf.domain.cc
EHLO/HELO domain:
+0 msRetrieving DNS TXT record for "116.223.107.40.domain.cc._spf.domain.cc".
+99 msTXT record found.
Line #1: "v=spf1 include:%{ir}.%{d}._spf.domain.cc -all"
+0 msStarting SPF policy evaluation.
Policy: "v=spf1 include:%{ir}.%{d}._spf.domain.cc -all"
+0 msThe policy passed syntax validation.
+0 msEvaluating SPF mechanisms.
+0 msEvaluating mechanism "include".
Qualifier: "pass"
Domain argument: "%{ir}.%{d}._spf.domain.cc"
DNS limits status: DNS terms 1 of 10 allowed. Void lookups 0 of 2 allowed. See RFC7208 Section 4.6.4.
+1 msDomain argument after macro expansion: "116.223.107.40.116.223.107.40.domain.cc._spf.domain.cc._spf.domain.cc".
+0 msEntering recursive evaluation.
+0 msSPF check starting.
IP: 40.107.223.116
Sender: [email protected]
Domain: 116.223.107.40.116.223.107.40.domain.cc._spf.domain.cc._spf.domain.cc
EHLO/HELO domain:
+0 msRetrieving DNS TXT record for "116.223.107.40.116.223.107.40.domain.cc._spf.domain.cc._spf.domain.cc".
+98 msNo SPF policy was found in (no TXT record).
+0 msPolicy evaluation finished with SPF "none". No SPF policy was found.
+0 msReturned from recursive evaluation.
+0 msThe "include" mechanism returned with SPF "none" result. Returning SPF "permerror".
+0 msFinished SPF policy evaluation.
DNS limits status: DNS terms 2 of 10 allowed. Void lookups 0 of 2 allowed. See RFC7208 Section 4.6.4.
+0 msThere was an error during the policy evaluation.
Error message: "The "include" mechanism returned with SPF "none" result. Returning SPF "permerror"."
+0 msPolicy evaluation finished with SPF "permerror".
+0 msReturned from recursive evaluation.
+0 msThe "include" mechanism returned with SPF "permerror" result. Returning SPF "permerror".
+0 msFinished SPF policy evaluation.
DNS limits status: DNS terms 2 of 10 allowed. Void lookups 0 of 2 allowed. See RFC7208 Section 4.6.4.
+0 msThere was an error during the policy evaluation.
Error message: "The "include" mechanism returned with SPF "none" result. Returning SPF "permerror"."
+0 msPolicy evaluation finished with SPF "permerror".
TEST SUMMARY
The evaluation completed in 198 ms, with 4 errors and 0 warning.
Result: SPF permerror
Permanent error. Fixing the problem requires intervention of the policy publisher.
Error message: "The "include" mechanism returned with SPF "none" result. Returning SPF "permerror"."

Hi.

I have a few domains and tried to create one NS entry on each DNS and put the SPF v=spf1 include:%{ir}.%{d}._spf.yourdomain.com -all, but the only one working is the one which I put in the ZONE setting. Is there any way to make the expurgate to respond to N domains instead of only one? My idea is each domain will use their own NS.

Hi there,

This is not an issue, but more of a question.

If I have to use your script and serve SPF records for multiple domains from a single server/docker instance, what should I use in 'ZONE' option in the docker command?

For example, lets say I've got domains mydomain.com, mydomain.net and mydomain.org. Am assuming I have to:

1. copy existing spf record to
   _sd6sdyfn.mydomain.com
   _sd6sdyfn.mydomain.net
   _sd6sdyfn.mydomain.org

2. Run the command:

docker run -t -p 9001:9001 -p 53:53/udp -e ZONE=_spf -e MY_DOMAINS="mydomain.com mydomain.net mydomain.org" -e SOURCE_PREFIX="_sd6sdyfn" --dns 1.1.1.1 --dns 8.8.8.8 smck83/expurgate-solo

3. Create a NS record pointing my server ip:
   spf.ns.mydomain.net pointing to x.x.x.x

4. Change SPF record for each domain pointing to NS record
   _spf.mydomain.com NS pointing to spf.ns.mydomain.net
   _spf.mydomain.net NS pointing to spf.ns.mydomain.net
   _spf.mydomain.org NS pointing to spf.ns.mydomain.net

Have I understood it correctly or do I need to make some changes to the 'ZONE' option in the docker command?

First of all, thanks for your work. Instead of paying and subscribing to similar services, am using your Expurgate-Solo. It helped me save some money and sorted out my email delivery issues.

Will the docker images work on ARM VMs and RPi?

Thanks,