N4L email relay IP change
126 views
Skip to first unread message
gre...@staff.cbhs.school.nz
Nov 2, 2016, 12:54:14 AM11/2/16
to Techies for schools
Regarding relay.n4l.co.nz,
A couple of days ago, N4L changed the IP address that mail is sent from (to the world).
It was: 122.56.66.10
It's now: 122.56.66.13
Unfortunately an nslookup still shows the .10 address for relay.n4l.co.nz (using either Spark's DNS or a US-based one).
As such our SPF records - which specify "relay.n4l.co.nz" - don't work.
The record TTLs are short:
relay.n4l.co.nz IN CNAME n4lmail-1.sdp.sparkdigital.co.nz 300s (5m)
n4lmail-1.sdp.sparkdigital.co.nz IN A 122.56.66.10 30s (30s)
So my guess is that they haven't been updated accordingly (*).
I rang N4L; we came to the conclusion that our SPF records should specify all the IP addresses that N4L might use, which are:
122.56.66.10
122.56.66.13
122.56.66.14
122.56.66.60
122.56.66.61
122.56.66.62
So something like "ip4:122.56.66.0/24" for an SPF entry might be a reasonable compromise.
I believe that N4L are aware of current/recent issues with mail being delayed/grey-listed or similar and will no doubt post something to their network status page.
- Ben.
(*) possibly N4L need two hostnames for the different purposes - one for the server we send to; one for the address they send from.
[ previous best practice is covered in the post with subject "SPF records" (aug 5) in this group ]
A couple of days ago, N4L changed the IP address that mail is sent from (to the world).
It was: 122.56.66.10
It's now: 122.56.66.13
Unfortunately an nslookup still shows the .10 address for relay.n4l.co.nz (using either Spark's DNS or a US-based one).
As such our SPF records - which specify "relay.n4l.co.nz" - don't work.
The record TTLs are short:
relay.n4l.co.nz IN CNAME n4lmail-1.sdp.sparkdigital.co.nz 300s (5m)
n4lmail-1.sdp.sparkdigital.co.nz IN A 122.56.66.10 30s (30s)
So my guess is that they haven't been updated accordingly (*).
I rang N4L; we came to the conclusion that our SPF records should specify all the IP addresses that N4L might use, which are:
122.56.66.10
122.56.66.13
122.56.66.14
122.56.66.60
122.56.66.61
122.56.66.62
So something like "ip4:122.56.66.0/24" for an SPF entry might be a reasonable compromise.
I believe that N4L are aware of current/recent issues with mail being delayed/grey-listed or similar and will no doubt post something to their network status page.
- Ben.
(*) possibly N4L need two hostnames for the different purposes - one for the server we send to; one for the address they send from.
[ previous best practice is covered in the post with subject "SPF records" (aug 5) in this group ]
Jonathan Webster
Nov 2, 2016, 1:11:57 AM11/2/16
to techies-f...@googlegroups.com
Hi Ben,
From time to time our relays gets badly blacklisted and we need to change the outbound/sending IPs while we work with the school which caused it and to get delisted from various RBLs. The inbound/receiving IPs always remain the same. To that point you'd need to include all the IPs used (see below) in your SPF as per that last thread you referenced.
Standard Rely (supports inbound and outbound):
Outbound: relay.n4l.co.nz (this will automatically direct traffic to the active site)
Inbound: Primary MX: mx1.n4l.co.nz (122.56.66.10), Secondary MX: mx2.n4l.co.nz (122.56.70.39)
Possible Sending IPs:
Primary site:
122.56.66.10
122.56.66.13
122.56.66.14
122.56.66.13
122.56.66.14
Secondary Site:
122.56.70.39
122.56.70.40
122.56.69.128
Bulk relay (supports only outbound)
Outbound: bulk-relay.n4l.co.nz (this will automatically direct traffic to the active site)
Possible Sending IPs:
Primary site:
122.56.66.11
122.56.66.12
122.56.65.232
122.56.66.12
122.56.65.232
Secondary Site:
122.56.70.41
122.56.70.42
122.56.69.129
Hope that helps!
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jonathan Webster
Senior Engineer
The Network for Learning Ltd
M +64 220 40 3300 P 0800 LEARNING
A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
A PO Box 37118, Parnell, Auckland 1151 n4l.co.nz
gre...@staff.cbhs.school.nz
Nov 2, 2016, 1:33:51 AM11/2/16
to Techies for schools
Thanks for that; I'll go with your list of IPs instead.
What are the chances of N4L hosting an SPF record that schools can "include:" in theirs?
- Ben.
What are the chances of N4L hosting an SPF record that schools can "include:" in theirs?
- Ben.
Pete Mundy
Nov 2, 2016, 2:10:15 AM11/2/16
to techies-f...@googlegroups.com
Here here, +1! That would certainly be the best way of going about it, instead of having multiple schools hard-coding IP addresses into their own DNS records and then maintaining them later when they change.
It's what Google do.
How about it N4L?
It's really easy. Just create a TXT record within your own zone (eg _spf.n4l.co.nz), and modify your operational procedures to keep it up to date whenever the IP list changes. Then the schools never need to update their own SPF; they simply augment their records with 'include:_spf.n4l.co.nz'.
Pete
It's what Google do.
How about it N4L?
It's really easy. Just create a TXT record within your own zone (eg _spf.n4l.co.nz), and modify your operational procedures to keep it up to date whenever the IP list changes. Then the schools never need to update their own SPF; they simply augment their records with 'include:_spf.n4l.co.nz'.
Pete
Jonathan Webster
Nov 2, 2016, 6:44:32 PM11/2/16
to techies-f...@googlegroups.com
Sounds perfectly reasonable to me - done :)
That references two other TXT records _relay.n4l.co.nz and _bulk-relay.n4l.co.nz which reference the individual IPs.
I'll also try get this and some of the other details I posted added to our website for easy future reference
Jonathan Webster
Senior Engineer
The Network for Learning Ltd
M +64 220 40 3300 P 0800 LEARNING
A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
A PO Box 37118, Parnell, Auckland 1151 n4l.co.nz
Pete Mundy
Nov 2, 2016, 6:59:29 PM11/2/16
to techies-f...@googlegroups.com
Awesome!
Nice work Jonathan. I have a few schools' SFPs that I'll update to include this record now instead.
Thanks for being open to the suggestion and for acting on it promptly :)
Pete
gre...@staff.cbhs.school.nz
Nov 14, 2016, 9:03:30 PM11/14/16
to Techies for schools
Excellent, thank you so much.
We now reference _relay.n4l.co.nz, tested working for a few days now.
- Ben.
We now reference _relay.n4l.co.nz, tested working for a few days now.
- Ben.
Jonathan Webster
Nov 14, 2016, 10:56:33 PM11/14/16
to techies-f...@googlegroups.com
No problem, better late than never I guess :)
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages