tickets #111147
closedset up spf records for unused opensuse domains
100%
Description
In #109025, Lars mentioned our large collection of unused domains:
opensuse-project.com
opensuse-project.de
opensuse-project.net
opensuse-project.org
opensuse.asia
opensuse.co.in
opensuse.co
opensuse.com.br
opensuse.com.es
opensuse.com.mx
opensuse.com
opensuse.de
opensuse.eu
opensuse.fr
opensuse.gen.tr
opensuse.jp
opensuse.kr
opensuse.me
opensuse.mu
opensuse.mx
opensuse.net
opensuse.org.cn
opensuse.org --- the only one in actual use, I think?
opensuse.pk
I think we ought to add an spf record for all of those: "v=spf1 -all", basically saying "nobody sends anything" from these.
Updated by pjessen almost 2 years ago
- Category set to Email
- Private changed from Yes to No
Comments?
Updated by pjessen almost 2 years ago
- Assignee set to AdaLovelace
I'll update this as I go along - I'm setting a low TTL so any mistake can quickly be corrected.
Domain SPF MX mx12.o.o
opensuse-project.com v=spf1 -all none not defined
opensuse-project.de v=spf1 -all none not defined
opensuse-project.net v=spf1 -all none not defined
opensuse-project.org v=spf1 -all none not defined
opensuse.asia v=spf1 -all mx12 not defined
opensuse.co.in looooong mx12 not defined (this one has the previous longish spf record?)
opensuse.co v=spf1 -all mx12 not defined
opensuse.com.br v=spf1 -all mx12 not defined
opensuse.com.es v=spf1 -all mx12 not defined
opensuse.com.mx v=spf1 -all mx12 not defined
opensuse.com v=spf1 -all mx12 not defined
opensuse.de v=spf1 -all mx12 present (postmaster,abuse,noc,hostmaster,webmaster)
opensuse.eu v=spf1 -all mx12 not defined
opensuse.fr v=spf1 -all mx12 present (postmaster,abuse,noc,hostmaster,webmaster)
opensuse.gen.tr v=spf1 -all mx12 not defined
opensuse.jp mx2.suse.de not defined
opensuse.kr v=spf1 -all mx12 not defined
opensuse.me v=spf1 -all none not defined
opensuse.mu v=spf1 -all none not defined
opensuse.mx v=spf1 -all mx12 not defined
opensuse.net v=spf1 -all none not defined
opensuse.org.cn v=spf1 -all none not defined
opensuse.org v=spf1 ?all mx12 present
opensuse.pk ----- does not seem to work at all ----
Updated by pjessen almost 2 years ago
- Assignee changed from AdaLovelace to pjessen
Updated by pjessen almost 2 years ago
- Status changed from New to In Progress
It seems reasonable to say "if mails cannot be received, it should not be possible to send any either" ? hence, most domains without an MX or with a non-working MX (mx12.o.o) were all assigned "v=spf1 -all".
Some odd ones:
opensuse.de, opensuse.fr - the only domains that mx12.o.o will accept mails to, but only for those addresses listed.
opensuse.mu - in the SOA, it said hostmaster.opensuse.mu
. I have changed it to admin.opensuse.org
opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.
opensuse.co.in - it has the long SPF record we used to use for opensuse.org ?? The SOA says 'a.misconfigured.dns.server.invalid'
opensuse.pk - broken. (also has the long SPF record ....)
Updated by pjessen almost 2 years ago
pjessen wrote:
Some odd ones:
opensuse.de, opensuse.fr - the only domains that mx12.o.o will accept mails to, but only for those addresses listed.
I don't know the history behind these two, but I get the feeling something was done and then forgotten.
I see no issue in amending the SPF record for "opensuse.de" and adding one for "opensuse.fr".
I have corrected the DMARC record for "opensuse.de" too.
opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.
opensuse.co.in - it has the long SPF record we used to use for opensuse.org ?? The SOA says 'a.misconfigured.dns.server.invalid'
opensuse.pk - broken. (also has the long SPF record ....)
I'm going to leave these three alone. if someone knows something about them ....
Updated by pjessen almost 2 years ago
pjessen wrote:
opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.
I sent a test to postmaster@opensuse.jp, it took longer to be rejected:
<postmaster@opensuse.jp>: host mx2.suse.de[195.135.220.15] said: 454 4.7.1
<postmaster@opensuse.jp>: Relay access denied (in reply to RCPT TO command)
Updated by pjessen almost 2 years ago
Okay, looks like mx2.suse.de definitely does not deal with opensuse.p:
<webmaster@opensuse.jp>: host mx2.suse.de[195.135.220.15] said: 554 5.7.1
<webmaster@opensuse.jp>: Relay access denied (in reply to RCPT TO command)
I'll add an SPF record and update the MX to point to mx12.o.o.
Updated by pjessen almost 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
I will leave opensuse.co.in and opensuse.pk as they are, i.e. broken. Both of the SOAs say a.misconfigured.dns.server.invalid
.