Re: [exim] Adding authentication results headers for SPF and…

Top Page
Delete this message
Reply to this message
Author: Konstantin Boyandin
Date:  
To: exim-users
CC: Evgeniy Berdnikov
Subject: Re: [exim] Adding authentication results headers for SPF and DKIM
On 12/15/2015 02:37 PM, Evgeniy Berdnikov wrote:
> On Tue, Dec 15, 2015 at 06:58:30AM +0600, Konstantin Boyandin wrote:
>> The core problem, however, was inadequate nameservers in
>> resolv.conf. They were unable to get properly all the requests in
>> time. To test that, I ran spfquery utility from command line, and it
>> complained about 'temporary errors' (when 'include' parts were
>> present in SPF record).
>
> If DNS returns TempFail, this does NOT mean it runs "improperly".


The word was 'inadequate', methinks. Too slow, and returning, at times
out-of-date results.

After I switched to certain public DNS servers, the failures ceased to
happen.

> In most cases it means only that queries from this DNS were unreplied,
> and there are lot of reasons for this: network connectivity problems,
> link load, misconfiguration of sender's DNS and so on.


The point was Exim has nothing to do with that. However, logging such
problems to Exim log could be helpful.

> As for 'include' statements in SPF records, they have no direct relation
> to DNS temporary failures, but each 'include' increases number of queries
> and hereby increases the probability of TempFail.


Correct. Every 'include' element means there are several more DNS
queries to perform; if they are likely to fail, the overall probability
of SPF check failure will only grow.

Thanks for your insights.

Sincerely,
Konstantin