I have two websites hosted on the same server. I set up the second site after I had already set up the first site and its corresponding email server. This is more of a DNS question. The first server has been working trouble free for a long time, and its SPF record checks out just fine and I send mail with no issues. I set up a second web server using an apache vhost, and I used iRedAdmin to set up a second email domain. The problem appears to lie with my SPF record, and whenever I send mail form the second domain, it gets flagged as spam. I've set it up using the original mail server as its MX, but I've never done two e-mail server on the same IP address and I'm not sure if I'm mucking it up.
Here are the two SPF records for reference (hostnames obfuscated):
This works fine:
v=spf1 a mx a:server1.com mx:mail.server1.com ip4:x.x.x.x ~all
This does not work:
v=spf1 a mx a:server2.com mx:mail.server1.com ip4:x.x.x.x ~all
And ideas? Server 2 insofar as mail is concerned is simply a front for server1. You can send mail to test@server2.com, but it gets routed through the iredmail server at server1.com.
Any insight would be appreciated as I need my messages to stop being flagged as spam.
Received-SPF: neutral (google.com: x.x.x.x is neither permitted nor denied by best guess record for domain of mymail@server2.com) client-ip=x.x.x.x;
Ok. I don't care if you guys know my ip addresses, I just need to know why gmail sends this to the spam folder. According to the headers in the message, it passes the SPF tests and etc.
Delivered-To: spuy767@gmail.com
Received: by 10.58.206.18 with SMTP id lk18csp38915vec;
Fri, 22 Feb 2013 11:17:09 -0800 (PST)
X-Received: by 10.68.203.100 with SMTP id kp4mr4779507pbc.186.1361560628737;
Fri, 22 Feb 2013 11:17:08 -0800 (PST)
Return-Path: <clay@claygarland.com>
Received: from signtelligence.com ([198.71.84.238])
by mx.google.com with ESMTP id d10si3813292paz.55.2013.02.22.11.17.08;
Fri, 22 Feb 2013 11:17:08 -0800 (PST)
Received-SPF: pass (google.com: domain of clay@claygarland.com designates 198.71.84.238 as permitted sender) client-ip=198.71.84.238;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of clay@claygarland.com designates 198.71.84.238 as permitted sender) smtp.mail=clay@claygarland.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by signtelligence.com (Postfix) with ESMTP id DD33E5362890
for <spuy767@gmail.com>; Fri, 22 Feb 2013 23:17:07 +0400 (MSK)
X-Virus-Scanned: Debian amavisd-new at signtelligence.com
Received: from signtelligence.com ([127.0.0.1])
by localhost (signtelligence.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id NhgKkX5jwSBC for <spuy767@gmail.com>;
Fri, 22 Feb 2013 23:17:07 +0400 (MSK)
Received: from claygarland.com (localhost.localdomain [127.0.0.1])
by signtelligence.com (Postfix) with ESMTPA id 76033536288F
for <spuy767@gmail.com>; Fri, 22 Feb 2013 23:17:06 +0400 (MSK)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 22 Feb 2013 14:17:06 -0500
From: clay@claygarland.com
To: <spuy767@gmail.com>
Subject: It's been a long time.
Message-ID: <59b5ce9cc073e86a1bc8bd15475a9a8c@claygarland.com>
X-Sender: clay@claygarland.com
User-Agent: RoundCube WebMail
Hey. I just wanted to say hello. It's been a long time since we've
talked. My new phone number is (xxx) xxx-xxxx. Give me a ring!
Peace,
Clay
Best Answer
First of all, you seem to have redundant syntax in your records.
I'm taking a guess because we would really need the right domains and IP to conclude anything for sure.
If the SPF above is the SPF of server1.com then;
is synonymous to
Also, if 192.168.1.254 is the IP of an A record of an MX record, then it too is redundant.
On a side note, I hope 192.168.1.254 is an obfuscated IP...your SPF should NOT have non-routable IP listed in them.
So lets assume that you are sending emails using the MX records on server1.com from both domains, your SPF records would look like this;
On server1.com;
On server2.com;
On top of that, if both domains are having the same MX records, then you could use the same SPF on both domains.
On server1.com and server2.com
The + in front of the mx makes sure the result would be a Pass as opposed to a Neutral result. Especially since you are using a soft fail (~all)
Finally, I would suggest you read the OpenSPF Syntax documentation.