Project

General

Profile

Actions
Copy link

tickets #111147

closed

set up spf records for unused opensuse domains

Added by pjessen almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
pjessen
Category:
Email
Target version:
-
Start date:
2022-05-16
Due date:
% Done:

100%

Estimated time:

Description

In #109025, Lars mentioned our large collection of unused domains:

opensuse-project.com
opensuse-project.de
opensuse-project.net
opensuse-project.org
opensuse.asia
opensuse.co.in
opensuse.co
opensuse.com.br
opensuse.com.es
opensuse.com.mx
opensuse.com
opensuse.de
opensuse.eu
opensuse.fr
opensuse.gen.tr
opensuse.jp
opensuse.kr
opensuse.me
opensuse.mu
opensuse.mx
opensuse.net
opensuse.org.cn
opensuse.org   --- the only one in actual use, I think?
opensuse.pk

I think we ought to add an spf record for all of those: "v=spf1 -all", basically saying "nobody sends anything" from these.

Actions
Copy link
 #1

Updated by pjessen almost 2 years ago

  • Category set to Email
  • Private changed from Yes to No

Comments?

Actions
Copy link
 #2

Updated by pjessen almost 2 years ago

  • Assignee set to AdaLovelace

I'll update this as I go along - I'm setting a low TTL so any mistake can quickly be corrected. 

Domain                  SPF             MX                mx12.o.o
opensuse-project.com    v=spf1 -all     none              not defined
opensuse-project.de     v=spf1 -all     none              not defined
opensuse-project.net    v=spf1 -all     none              not defined
opensuse-project.org    v=spf1 -all     none              not defined
opensuse.asia           v=spf1 -all     mx12              not defined
opensuse.co.in          looooong        mx12              not defined    (this one has the previous longish spf record?)
opensuse.co             v=spf1 -all     mx12              not defined
opensuse.com.br         v=spf1 -all     mx12              not defined
opensuse.com.es         v=spf1 -all     mx12              not defined
opensuse.com.mx         v=spf1 -all     mx12              not defined
opensuse.com            v=spf1 -all     mx12              not defined
opensuse.de             v=spf1 -all     mx12              present (postmaster,abuse,noc,hostmaster,webmaster)
opensuse.eu             v=spf1 -all     mx12              not defined
opensuse.fr             v=spf1 -all     mx12              present (postmaster,abuse,noc,hostmaster,webmaster)
opensuse.gen.tr         v=spf1 -all     mx12              not defined
opensuse.jp                             mx2.suse.de       not defined
opensuse.kr             v=spf1 -all     mx12              not defined
opensuse.me             v=spf1 -all     none              not defined
opensuse.mu             v=spf1 -all     none              not defined
opensuse.mx             v=spf1 -all     mx12              not defined
opensuse.net            v=spf1 -all     none              not defined
opensuse.org.cn         v=spf1 -all     none              not defined
opensuse.org            v=spf1 ?all     mx12              present
opensuse.pk             ----- does not seem to work at all ----
Actions
Copy link
 #3

Updated by pjessen almost 2 years ago

  • Assignee changed from AdaLovelace to pjessen
Actions
Copy link
 #4

Updated by pjessen almost 2 years ago

  • Status changed from New to In Progress

It seems reasonable to say "if mails cannot be received, it should not be possible to send any either" ? hence, most domains without an MX or with a non-working MX (mx12.o.o) were all assigned "v=spf1 -all".

Some odd ones:
opensuse.de, opensuse.fr - the only domains that mx12.o.o will accept mails to, but only for those addresses listed.
opensuse.mu - in the SOA, it said hostmaster.opensuse.mu. I have changed it to admin.opensuse.org
opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.
opensuse.co.in - it has the long SPF record we used to use for opensuse.org ?? The SOA says 'a.misconfigured.dns.server.invalid'
opensuse.pk - broken. (also has the long SPF record ....)

Actions
Copy link
 #5

Updated by pjessen almost 2 years ago

pjessen wrote:

Some odd ones:
opensuse.de, opensuse.fr - the only domains that mx12.o.o will accept mails to, but only for those addresses listed.

I don't know the history behind these two, but I get the feeling something was done and then forgotten.
I see no issue in amending the SPF record for "opensuse.de" and adding one for "opensuse.fr".
I have corrected the DMARC record for "opensuse.de" too.

opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.
opensuse.co.in - it has the long SPF record we used to use for opensuse.org ?? The SOA says 'a.misconfigured.dns.server.invalid'
opensuse.pk - broken. (also has the long SPF record ....)

I'm going to leave these three alone. if someone knows something about them ....

Actions
Copy link
 #6

Updated by pjessen almost 2 years ago

pjessen wrote:

opensuse.jp - mails go to mx2.suse.de, unknowns are rejected.

I sent a test to postmaster@opensuse.jp, it took longer to be rejected:

<postmaster@opensuse.jp>: host mx2.suse.de[195.135.220.15] said: 454 4.7.1
    <postmaster@opensuse.jp>: Relay access denied (in reply to RCPT TO command)
Actions
Copy link
 #7

Updated by pjessen almost 2 years ago

Okay, looks like mx2.suse.de definitely does not deal with opensuse.p:

<webmaster@opensuse.jp>: host mx2.suse.de[195.135.220.15] said: 554 5.7.1
    <webmaster@opensuse.jp>: Relay access denied (in reply to RCPT TO command)

I'll add an SPF record and update the MX to point to mx12.o.o.

Actions
Copy link
 #8

Updated by pjessen almost 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

I will leave opensuse.co.in and opensuse.pk as they are, i.e. broken. Both of the SOAs say a.misconfigured.dns.server.invalid.

Actions
Copy link

Also available in: Atom PDF