[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

Re: Online Satellite Pass Predictions

Steve Meuse wrote:

> IMNSHO, yes. If we expend effort on providing new services they should be for paying members. We need to give more of a reason for people to become members. (don't get me on a rant about the email forwarding service :)

The one that's broken by the improper use of SPF records in the 
amsat.org DNS server?

The amsat.org domain/zone file has an inappropriate DNS TXT SPF record 
set for the zone amsat.org.

Any serious mail server using SPF record filtering won't accept mail 
from anyone using it their amsat.org address.

nate@durango:~$ dig amsat.org txt

; <<>> DiG 9.3.2 <<>> amsat.org txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;amsat.org.                     IN      TXT

amsat.org.              604800  IN      TXT     "v=spf1 a mx 
a:slowpoke.ucsd.edu ~all"

amsat.org.              152458  IN      NS      hamradio.ucsd.edu.

hamradio.ucsd.edu.      72500   IN      A

;; Query time: 133 msec
;; WHEN: Mon May 22 21:22:18 2006
;; MSG SIZE  rcvd: 132

To explain SPF: The TXT record for SPF in the AMSAT DNS zone says in 
essence to all mail servers that implement SPF:

"The only mail server you should EVER receive mail from that has an 
amsat.org DNS record is the machine called slowpoke.ucsd.edu."

This means that if you receive mail from your AMSAT mail address and try 
to respond to it through your mail server (AMSAT doesn't ALLOW you to 
use theirs, of course -- which is perfectly appropriate and fine), then 
many mail system admins will have set up their e-mail systems to THROW 
AWAY your reply.

This is a broken and completely incorrect use of SPF records for a 
domain that is used as a mail catch-all/reflector service.

I hear other people have complained about this and the DNS admin 
wouldn't budge.  Perhaps bringing it to public light might get something 
done about it?

I wouldn't bother to post this, except for that.  I'd start with trying 
to contact the DNS admin.

nate@durango:~$ dig amsat.org soa

; <<>> DiG 9.3.2 <<>> amsat.org soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24013
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;amsat.org.                     IN      SOA

amsat.org.              0       IN      SOA     amsat.org. 
brian.ucsd.edu. 16 36000 1800 864000 864000

amsat.org.              152122  IN      NS      hamradio.ucsd.edu.

hamradio.ucsd.edu.      72164   IN      A

;; Query time: 99 msec
;; WHEN: Mon May 22 21:27:54 2006
;; MSG SIZE  rcvd: 125

The DNS records say that's:  brian@ucsd.edu

Perhaps Brian really hasn't been contacted, I don't know really.  But 
this is definitely broken.

a) AMSAT needs to allow slowpoke.ucsd.edu be an open mail relay -- which 
is an absolutely HORRIBLE idea, or...

b) The AMSAT DNS admin needs to take that record out of the amsat.org 
zone file, or...

c) AMSAT can continue to ignore it and all my mail servers (and hundreds 
of others) will continue to ignore mail delivered from 
"anyone@amsat.org" that wasn't originated from the slowpoke.ucsd.edu 

You can read up on SPF records at http://www.openspf.org/ and decide for 
yourselves if you feel like using AMSAT's mail service.  Personally I won't.

If you reply to people with your REAL e-mail address after receiving 
mail to your @amsat.org account, then there's no problem -- but if you 
try to send mail with your From: header set to "yourcall@amsat.org", 
don't be too surprised if people don't get your replies.

This makes an amsat.org remailer address much less useful than it could be.

Nate WY0X
Sent via amsat-bb@amsat.org. Opinions expressed are those of the author.
Not an AMSAT member? Join now to support the amateur satellite program!
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org