I'm no SPF expert, meybe some of you are Not so long ago, it began to be necesssary to authenticate in order to be able to send emails to the Google gmail-system. At my company we run our own email-server(ns2.ourdomain.dk/x.x.x.69) - mostly for internal use. So I set a SPF-record for the domain 'ourdomain.dk' in our dns like this
"v=spf1 a:ns2.ourdomain.dk ip4:x.x.x.69 ~all"
So now, we care allowed to send emails to gmail-addresses directly from this email server After the email arrives at the receiver the detailed info about the email says:
Received-SPF: pass (google.com: domain of [email protected] designates x.x.x.69 as permitted sender) client-ip=x.x.x.69;
Fine. Now I would like to FORWARD emails from a web-server, ns3.ourdomain.dk at x.x.x.70, that runs on a different machine, using the internal mail-server, x.x.x.69 as a "smart-host". Exim4 runs on that web-server and sends the email to the internal email-server, that forwards it to Google. We have been doing this for years. So i change the dns SPF text-record for 'ourdomain.dk'to
"v=spf1 a:ns2.ourdomain.dk a:ns3.ourdomain.dk ip4:x.x.x.69 ip4:x.x.x.70 ~all"
But now we get Received-SPF: none (google.com: ns3.ourdomain.dk does not designate permitted sender hosts) client-ip=x.x.x.69;
Although the host ns3.ourdomain.dk SHOULD be allowed to send... Has any of you experience with thus stuff?
Hans Otto
Take a look at the
Return-Pathheader of your forwarded email. It likely resemblesReturn-Path: <[email protected]>. This causes Gmail to search for the SPF record at ns3.ourdomain.dk rather than directly at ourdomain.dk.To resolve this, you have two options: add an SPF record to ns3.ourdomain.dk, or, better yet, configure Exim to use ourdomain.dk as the return path.