[tech] [wheel] UCC SPF\DKIM records

Matt Johnston matt at ucc.asn.au
Mon Feb 12 14:08:51 AWST 2024 

Hi Steven.

I replied on 3 Feb, copied below. Most of the records are still 
necessary.

Unsure why you didn't receive my email, it was delivered from UCC to the 
Outlook server.

Feb  3 10:08:36 mailfish postfix/smtp[2069977]: 8BE482A2AEF: 
to=<steven.lim at uwa.edu.au>, 
relay=uwa-edu-au.mail.protection.outlook.com[104.47.71.138]:25, 
delay=6.3, delays=0.17/0.01/4.9/1.2, dsn=2.6.0, status=sent (250 2.6.0 
<6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au> 
[InternalId=99797860092462, 
Hostname=SY6PR01MB7429.ausprd01.prod.outlook.com] 15139 bytes in 0.073, 
200.858 KB/sec Queued mail for delivery)



Cheers,
Matt


-------- Original Message --------
Subject: Re: [wheel] UCC SPF\DKIM records
Date: 2024-02-03 10:08 am
 From: Matt Johnston <matt at ucc.asn.au>
To: Steven Lim <steven.lim at uwa.edu.au>
Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au>, UCC Wheel Group 
<wheel at ucc.asn.au>, tpg at ucc.asn.au, tech at ucc.asn.au

Hi Steven,

The DKIM record is still used and correct, headers of email sent from 
UCC are signed with that key.
Without it the email deliverability decreases significantly (ends up in 
recipient spam folders instead).
https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/

The SPF record for 130.95.0.0/16 covers the current sending address 
(130.95.13.30), though could now be limited to just .13/24. We can 
remove the ironports, thanks for the reminder.
(We set it to the entirety of UWA at one point because outbound 
mailservers were being changed without any notification, so didn't want 
to get caught out).
The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC 
servers that use .ucc.asn.au subdomains too.
I think smtp-engine.com was an experiment with a 3rd party outbound 
provider, that can be removed. We'll get that done

Cheers,
Matt


On 2024-02-12 1:54 pm, Steven Lim wrote:
> Hi UCC
> 
> We are trying to get updates on DNS records as per below. Can you
> please provide an update or additional contact information to discuss.
> If we receive no response in the next week or two then we will
> commence removing records we deem as not required, specifically the
> records
> * ucc-2016.3 DKIM records
> *130.95.0.0 entry in the SPF record
> * ip4:139.138.31.0/24 ip4:139.138.42.0/24 IronPort records in the SPF
> record as this system is being decommissioned
> 
> Thanks
> 
> --
> Steven Lim
> Manager System Administration
> University IT   .  B658 R206, M463, Perth WA 6009 Australia
> P +61 8 6488 2970  M +61 4 3856 1173  .  E steven.lim at uwa.edu.au (inc 
> Teams)
>     
> 
> -----Original Message-----
> From: Steven Lim
> Sent: Thursday, February 1, 2024 9:48 AM
> To: 'James Andrewartha' <trs80 at ucc.gu.uwa.edu.au>
> Cc: 'UCC Wheel Group' <wheel at ucc.asn.au>; 'tpg at ucc.asn.au'
> <tpg at ucc.asn.au>; 'tech at ucc.asn.au' <tech at ucc.asn.au>
> Subject: UCC SPF\DKIM records
> 
> Hi James et al
> 
> We're just reviewing DNS records related to SPF\DKIM. We note that the
> UCC have some records in place and we're after additional information.
> The records in question are as follows:
> 
> Domain			Type	Usage	Record					Value
> Ucc.asn.au		TXT	DKIM	ucc-2016-3._domainkey.ucc.asn.au.	v=DKIM1; k=rsa;
> t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Ucc.gu.uwa.edu.au	TXT	DKIM	ucc-2016-3._domainkey.ucc.gu.uwa.edu.au.	v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Ucc.guild.uwa.edu.au	TXT	DKIM	ucc-2016-3._domainkey.guild.uwa.edu.au.	v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Each of the domains also has the following SPF record:
> 
> v=spf1 ip4:203.27.114.0/23 ip4:130.95.0.0/16 ip4:139.138.31.0/24
> ip4:139.138.42.0/24 include:spf.smtp-engine.com
> include:spf.forwardemail.net ~all
> 
> Could you please advise:
> 1. What is the DKIM record ucc-2016-3._domainkey used for? Is it still 
> required?
> 2. What are the following SPF records required for and are they still 
> required?
> 	a. ip4:203.27.114.0/23, appears to be your entire network
> 	b. ip4:130.95.0.0/16, the entire UWA network
> 	c. ip4:139.138.31.0/24 ip4:139.138.42.0/24 UWA IronPorts, soon to be
> phased out. The first record has already been decommissioned
> 	d. include:spf.smtp-engine.com, Unknown
> 
> If you could get back to me asap.
> 
> ta
> --
> Steven Lim
> Manager System Administration
> University IT   .  B658 R206, M463, Perth WA 6009 Australia P +61 8
> 6488 2970  M +61 4 3856 1173  .  E steven.lim at uwa.edu.au (inc Teams) C
> https://uwa.zoom.us/my/stevenjlim
> 
>     

More information about the tech mailing list