[tech] [wheel] UCC SPF\DKIM records
Gearoid (zixty) O'Donovan
zixty at ucc.asn.au
Tue Feb 13 16:06:58 AWST 2024
Hi Steven,
Yeah, good catch. I spotted my mistake and was halfway through fixing it
when your email came through.
I'll run through the DKIM records this evening and see what needs to be
updated / what we need to update you on.
Kind regards,
Gary O'Donovan (22971584)
On 13/02/2024 3:43 pm, Steven Lim wrote:
>
> Hi Gary
>
> I can see that you’ve updated the SPF for mailfish across
> ucc.gu.uwa.edu.au, ucc.guild.uwa.edu.au and ucc.asn.au but not the
> actual parent domain SPF records for ucc.gu.uwa.edu.au,
> ucc.guild.uwa.edu.au and ucc.asn.au
>
> These still have v=spf1 ip4:203.27.114.0/23 ip4:130.95.0.0/16
> include:spf.smtp-engine.com include:spf.forwardemail.net ~all instead
> of v=spf1 ip4:203.27.114.0/23 ip4:130.95.13.0/24
> include:spf.forwardemail.net
>
> They should be the same as mailfish.
>
> We probably need to have a quick chat re. your DKIM record(s) as I see
> you have some newer records (see below)
>
> ucc.asn.au
>
> --------------
>
> ucc-2016-3.dk2
>
> v=DKIM1; k=rsa; t=s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> ucc-2016-3
>
> v=DKIM1; k=rsa; t=s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> ucc.guild.uwa.edu.au
>
> --
>
> ucc-2016-3.dk2
>
> v=DKIM1; k=rsa; t=s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> ucc.gu.uwa.edu.au
>
> --
>
> ucc-2016-3.dk2
>
> v=DKIM1; k=rsa; t=s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> --
>
> *Steven Lim*
>
> *Manager System Administration*
>
> University IT
>
> *From:*Steven Lim <steven.lim at uwa.edu.au>
> *Sent:* Tuesday, February 13, 2024 3:01 PM
> *To:* Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
> *Cc:* wheel at ucc.gu.uwa.edu.au; tech at ucc.asn.au
> *Subject:* RE: [tech] [wheel] UCC SPF\DKIM records
>
> Hi Gary
>
> I’ve only added it as a trusted domain for me personally, not across
> the entire UWA tenant.
>
> Re. guild MX, interesting but I assume they assumed no internal record
> was required. We also host very little internal email related
> records..e.g. 90%+ of our SPF\DKIM\DMARC records are external DNS only
>
> I’ll update our records…can I confirm that’s for ucc.asn.au,
> ucc.gu.uwa.edu.au and ucc.guild.uwa.edu.au?
>
> ta
>
> --
>
> *Steven Lim*
>
> *Manager System Administration*
>
> University IT
>
> *From:*Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
> *Sent:* Tuesday, February 13, 2024 2:23 PM
> *To:* Steven Lim <steven.lim at uwa.edu.au>
> *Cc:* wheel at ucc.gu.uwa.edu.au; tech at ucc.asn.au
> *Subject:* Re: [tech] [wheel] UCC SPF\DKIM records
>
> Hi Steven,
>
> Hopefully adding ucc.asn.au as a trusted domain will fix some of our
> issues, as we currently have an open ticket (INC0789622) regarding
> email deliverability to UWA addresses.
>
> I'll mention it here since it is the most important one at the moment,
> currently UWA internal DNS does not have an MX entry for Guild's "new"
> (year-old) M365 tenancy, so Guild have not been able to receive emails
> from us as it defaults to their A record. I've already made Kelvin
> from Guild IT aware of this and the ticket.
>
> We've also removed smtp-engine, and refined 130.95.0.0/16 down to
> 130.95.13.0/24 in our SPF record.
>
> Cheers,
>
> Gary O'Donovan (22971584) - zixty at ucc.asn.au
>
> ------------------------------------------------------------------------
>
> *From:*Steven Lim <steven.lim at uwa.edu.au>
> *Sent:* Tuesday, 13 February 2024 1:51 PM
> *To:* Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
> *Cc:* wheel at ucc.gu.uwa.edu.au <wheel at ucc.gu.uwa.edu.au>;
> tech at ucc.asn.au <tech at ucc.asn.au>
> *Subject:* RE: [tech] [wheel] UCC SPF\DKIM records
>
> Hi Gary et al
>
> Sorry, I just found them in my junk. I’ve just added ucc.asn.au as a
> trusted domain 😊Interesting that it was junked given that
> SPF\DKIM\DMARC appears compliant. Anyway, I’ve updated our records re.
> the DKIM records to PostFix on mailfish.ucc.asn.au
>
> As SPF is also application\server specific, you should really lock
> that down to 13.95.13.30
>
> I’ve updated our notes on 203.27.114.0/23 based on your comments.
>
> When you get rid of smtp-engine..just let me know and I’ll remove it
> from our records.
>
> Thanks
>
> --
>
> *Steven Lim*
>
> *Manager System Administration*
>
> University IT
>
> *From:*Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
> *Sent:* Tuesday, February 13, 2024 11:20 AM
> *To:* Steven Lim <steven.lim at uwa.edu.au>
> *Cc:* wheel at ucc.gu.uwa.edu.au; tech at ucc.asn.au
> *Subject:* Re: [tech] [wheel] UCC SPF\DKIM records
>
> Hi Steven,
>
> Forwarding this chain on from my student email as it appears you are
> not seeing our mail.
>
> -------- Original Message --------
>
> Subject: Re: [wheel] UCC SPF\DKIM records Date: 2024-02-12 2:09 pm
>
> From: Matt Johnston <matt at ucc.asn.au>
>
> To: Steven Lim <steven.lim at uwa.edu.au>
>
> Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au>, UCC Wheel Group
> <wheel at ucc.asn.au>, tpg at ucc.asn.au, tech at ucc.asn.au
>
> Hi Steven. I replied on 3 Feb, copied below. Most of the records are
> still necessary. Unsure why you didn't receive my email, it was
> delivered from UCC to the Outlook server. Feb 3 10:08:36 mailfish
> postfix/smtp[2069977]: 8BE482A2AEF: to=<steven.lim at uwa.edu.au>,
> relay=uwa-edu-au.mail.protection.outlook.com[104.47.71.138]:25,
> delay=6.3, delays=0.17/0.01/4.9/1.2, dsn=2.6.0, status=sent (250 2.6.0
> <6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au>
> [InternalId=99797860092462,
> Hostname=SY6PR01MB7429.ausprd01.prod.outlook.com] 15139 bytes in
> 0.073, 200.858 KB/sec Queued mail for delivery)
>
> Cheers, Matt
>
> -------- Original Message --------
>
> Subject: Re: [wheel] UCC SPF\DKIM records Date: 2024-02-03 10:08 am
>
> From: Matt Johnston <matt at ucc.asn.au>
>
> To: Steven Lim <steven.lim at uwa.edu.au>
>
> Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au>, UCC Wheel Group
> <wheel at ucc.asn.au>, tpg at ucc.asn.au, tech at ucc.asn.au
>
> Hi Steven, The DKIM record is still used and correct, headers of email
> sent from UCC are signed with that key. Without it the email
> deliverability decreases significantly (ends up in recipient spam
> folders instead).
> https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/
>
> The SPF record for 130.95.0.0/16 covers the current sending address
> (130.95.13.30), though could now be limited to just .13/24. We can
> remove the ironports, thanks for the reminder. (We set it to the
> entirety of UWA at one point because outbound mailservers were being
> changed without any notification, so didn't want to get caught out).
> The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC
> servers that use .ucc.asn.au subdomains too. I think smtp-engine.com
> was an experiment with a 3rd party outbound provider, that can be
> removed. We'll get that done
>
> Cheers, Matt
>
> Kind regards,
>
> Gary O'Donovan (22971584) - zixty at ucc.asn.au
>
> ------------------------------------------------------------------------
>
> *From:*tech <tech-bounces+22971584=student.uwa.edu.au at ucc.asn.au
> <mailto:tech-bounces+22971584=student.uwa.edu.au at ucc.asn.au>> on
> behalf of Matt Johnston <matt at ucc.asn.au <mailto:matt at ucc.asn.au>>
> *Sent:* Monday, 12 February 2024 2:08 PM
> *To:* Steven Lim <steven.lim at uwa.edu.au <mailto:steven.lim at uwa.edu.au>>
> *Cc:* James Andrewartha <trs80 at ucc.gu.uwa.edu.au
> <mailto:trs80 at ucc.gu.uwa.edu.au>>; UCC Wheel Group <wheel at ucc.asn.au
> <mailto:wheel at ucc.asn.au>>; tpg at ucc.asn.au
> <mailto:tpg at ucc.asn.au><tpg at ucc.asn.au <mailto:tpg at ucc.asn.au>>;
> tech at ucc.asn.au <mailto:tech at ucc.asn.au><tech at ucc.asn.au
> <mailto:tech at ucc.asn.au>>
> *Subject:* Re: [tech] [wheel] UCC SPF\DKIM records
>
> Hi Steven.
>
> I replied on 3 Feb, copied below. Most of the records are still
> necessary.
>
> Unsure why you didn't receive my email, it was delivered from UCC to the
> Outlook server.
>
> Feb 3 10:08:36 mailfish postfix/smtp[2069977]: 8BE482A2AEF:
> to=<steven.lim at uwa.edu.au <mailto:steven.lim at uwa.edu.au>>,
> relay=uwa-edu-au.mail.protection.outlook.com[104.47.71.138]:25,
> delay=6.3, delays=0.17/0.01/4.9/1.2, dsn=2.6.0, status=sent (250 2.6.0
> <6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au
> <mailto:6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au>>
> [InternalId=99797860092462,
> Hostname=SY6PR01MB7429.ausprd01.prod.outlook.com] 15139 bytes in 0.073,
> 200.858 KB/sec Queued mail for delivery)
>
>
>
> Cheers,
> Matt
>
>
> -------- Original Message --------
> Subject: Re: [wheel] UCC SPF\DKIM records
> Date: 2024-02-03 10:08 am
> From: Matt Johnston <matt at ucc.asn.au <mailto:matt at ucc.asn.au>>
> To: Steven Lim <steven.lim at uwa.edu.au <mailto:steven.lim at uwa.edu.au>>
> Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au
> <mailto:trs80 at ucc.gu.uwa.edu.au>>, UCC Wheel Group
> <wheel at ucc.asn.au <mailto:wheel at ucc.asn.au>>, tpg at ucc.asn.au
> <mailto:tpg at ucc.asn.au>, tech at ucc.asn.au <mailto:tech at ucc.asn.au>
>
> Hi Steven,
>
> The DKIM record is still used and correct, headers of email sent from
> UCC are signed with that key.
> Without it the email deliverability decreases significantly (ends up in
> recipient spam folders instead).
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Flearning%2Femail-security%2Fdmarc-dkim-spf%2F&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894298736%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=P8tZLDZjcZthrPBKI2Th7e1pfGa21eYVF9mWTwvsVkg%3D&reserved=0
> <https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/>
>
> The SPF record for 130.95.0.0/16 covers the current sending address
> (130.95.13.30), though could now be limited to just .13/24. We can
> remove the ironports, thanks for the reminder.
> (We set it to the entirety of UWA at one point because outbound
> mailservers were being changed without any notification, so didn't want
> to get caught out).
> The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC
> servers that use .ucc.asn.au subdomains too.
> I think smtp-engine.com was an experiment with a 3rd party outbound
> provider, that can be removed. We'll get that done
>
> Cheers,
> Matt
>
>
> On 2024-02-12 1:54 pm, Steven Lim wrote:
> > Hi UCC
> >
> > We are trying to get updates on DNS records as per below. Can you
> > please provide an update or additional contact information to discuss.
> > If we receive no response in the next week or two then we will
> > commence removing records we deem as not required, specifically the
> > records
> > * ucc-2016.3 DKIM records
> > *130.95.0.0 entry in the SPF record
> > * ip4:139.138.31.0/24 ip4:139.138.42.0/24 IronPort records in the SPF
> > record as this system is being decommissioned
> >
> > Thanks
> >
> > --
> > Steven Lim
> > Manager System Administration
> > University IT . B658 R206, M463, Perth WA 6009 Australia
> > P +61 8 6488 2970 M +61 4 3856 1173 . E steven.lim at uwa.edu.au
> <mailto:steven.lim at uwa.edu.au>(inc
> > Teams)
> >
> >
> > -----Original Message-----
> > From: Steven Lim
> > Sent: Thursday, February 1, 2024 9:48 AM
> > To: 'James Andrewartha' <trs80 at ucc.gu.uwa.edu.au
> <mailto:trs80 at ucc.gu.uwa.edu.au>>
> > Cc: 'UCC Wheel Group' <wheel at ucc.asn.au <mailto:wheel at ucc.asn.au>>;
> 'tpg at ucc.asn.au'
> > <tpg at ucc.asn.au <mailto:tpg at ucc.asn.au>>; 'tech at ucc.asn.au'
> <tech at ucc.asn.au <mailto:tech at ucc.asn.au>>
> > Subject: UCC SPF\DKIM records
> >
> > Hi James et al
> >
> > We're just reviewing DNS records related to SPF\DKIM. We note that the
> > UCC have some records in place and we're after additional information.
> > The records in question are as follows:
> >
> > Domain Type Usage
> Record Value
> > Ucc.asn.au TXT DKIM
> ucc-2016-3._domainkey.ucc.asn.au. v=DKIM1; k=rsa;
> > t=y;
> >
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> >
> > Ucc.gu.uwa.edu.au TXT DKIM
> ucc-2016-3._domainkey.ucc.gu.uwa.edu.au. v=DKIM1;
> > k=rsa; t=y;
> >
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> >
> > Ucc.guild.uwa.edu.au TXT DKIM
> ucc-2016-3._domainkey.guild.uwa.edu.au. v=DKIM1;
> > k=rsa; t=y;
> >
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> >
> > Each of the domains also has the following SPF record:
> >
> > v=spf1 ip4:203.27.114.0/23 ip4:130.95.0.0/16 ip4:139.138.31.0/24
> > ip4:139.138.42.0/24 include:spf.smtp-engine.com
> > include:spf.forwardemail.net ~all
> >
> > Could you please advise:
> > 1. What is the DKIM record ucc-2016-3._domainkey used for? Is it still
> > required?
> > 2. What are the following SPF records required for and are they still
> > required?
> > a. ip4:203.27.114.0/23, appears to be your entire network
> > b. ip4:130.95.0.0/16, the entire UWA network
> > c. ip4:139.138.31.0/24 ip4:139.138.42.0/24 UWA IronPorts,
> soon to be
> > phased out. The first record has already been decommissioned
> > d. include:spf.smtp-engine.com, Unknown
> >
> > If you could get back to me asap.
> >
> > ta
> > --
> > Steven Lim
> > Manager System Administration
> > University IT . B658 R206, M463, Perth WA 6009 Australia P +61 8
> > 6488 2970 M +61 4 3856 1173 . E steven.lim at uwa.edu.au
> <mailto:steven.lim at uwa.edu.au>(inc Teams) C
> >
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuwa.zoom.us%2Fmy%2Fstevenjlim&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894306315%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=vVsDv%2Fy04JmAr9%2BX1%2FPNsSrFZRFnpxWyO3W2OuGONFI%3D&reserved=0
> <https://uwa.zoom.us/my/stevenjlim>
> >
> >
> _______________________________________________
> List Archives:
> https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.ucc.asn.au%2Fpipermail%2Ftech&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894310947%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=nTQGn2uFBzv8YV2yAzj52wHx%2FT40E8fOXOMQutKlkjg%3D&reserved=0
> <http://lists.ucc.asn.au/pipermail/tech>
>
> Unsubscribe here:
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ucc.gu.uwa.edu.au%2Fmailman%2Foptions%2Ftech%2F22971584%2540student.uwa.edu.au&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894315432%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=1rRlb8agVOXKVYTQTTD3y8NHL1fAbKtHgndwDFJJfmY%3D&reserved=0
> <https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/22971584%40student.uwa.edu.au>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20240213/7eefd7e3/attachment-0001.htm>
More information about the tech
mailing list