[tech] [wheel] UCC SPF\DKIM records

Gary O'Donovan (22971584) 22971584 at student.uwa.edu.au
Tue Feb 13 14:23:03 AWST 2024 

Hi Steven,


Hopefully adding ucc.asn.au as a trusted domain will fix some of our issues, as we currently have an open ticket (INC0789622) regarding email deliverability to UWA addresses.


I'll mention it here since it is the most important one at the moment, currently UWA internal DNS does not have an MX entry for Guild's "new" (year-old) M365 tenancy, so Guild have not been able to receive emails from us as it defaults to their A record.  I've already made Kelvin from Guild IT aware of this and the ticket.


We've also removed smtp-engine, and refined 130.95.0.0/16 down to 130.95.13.0/24 in our SPF record.


Cheers,

Gary O'Donovan (22971584) - zixty at ucc.asn.au

________________________________
From: Steven Lim <steven.lim at uwa.edu.au>
Sent: Tuesday, 13 February 2024 1:51 PM
To: Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
Cc: wheel at ucc.gu.uwa.edu.au <wheel at ucc.gu.uwa.edu.au>; tech at ucc.asn.au <tech at ucc.asn.au>
Subject: RE: [tech] [wheel] UCC SPF\DKIM records


Hi Gary et al



Sorry, I just found them in my junk. I’ve just added ucc.asn.au as a trusted domain ?? Interesting that it was junked given that SPF\DKIM\DMARC appears compliant. Anyway, I’ve updated our records re. the DKIM records to PostFix on mailfish.ucc.asn.au



As SPF is also application\server specific, you should really lock that down to 13.95.13.30

I’ve updated our notes on 203.27.114.0/23 based on your comments.



When you get rid of smtp-engine..just let me know and I’ll remove it from our records.



Thanks



--

Steven Lim

Manager System Administration

University IT



From: Gary O'Donovan (22971584) <22971584 at student.uwa.edu.au>
Sent: Tuesday, February 13, 2024 11:20 AM
To: Steven Lim <steven.lim at uwa.edu.au>
Cc: wheel at ucc.gu.uwa.edu.au; tech at ucc.asn.au
Subject: Re: [tech] [wheel] UCC SPF\DKIM records



Hi Steven,



Forwarding this chain on from my student email as it appears you are not seeing our mail.



-------- Original Message --------

Subject: Re: [wheel] UCC SPF\DKIM records Date: 2024-02-12 2:09 pm

From: Matt Johnston <matt at ucc.asn.au<mailto:matt at ucc.asn.au>>

To: Steven Lim <steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>

Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au<mailto:trs80 at ucc.gu.uwa.edu.au>>, UCC Wheel Group <wheel at ucc.asn.au<mailto:wheel at ucc.asn.au>>, tpg at ucc.asn.au<mailto:tpg at ucc.asn.au>, tech at ucc.asn.au<mailto:tech at ucc.asn.au>



Hi Steven. I replied on 3 Feb, copied below. Most of the records are still necessary. Unsure why you didn't receive my email, it was delivered from UCC to the Outlook server. Feb  3 10:08:36 mailfish postfix/smtp[2069977]: 8BE482A2AEF: to=<steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>, relay=uwa-edu-au.mail.protection.outlook.com[104.47.71.138]:25, delay=6.3, delays=0.17/0.01/4.9/1.2, dsn=2.6.0, status=sent (250 2.6.0 <6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au<mailto:6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au>> [InternalId=99797860092462, Hostname=SY6PR01MB7429.ausprd01.prod.outlook.com] 15139 bytes in 0.073, 200.858 KB/sec Queued mail for delivery)

Cheers, Matt



-------- Original Message --------

Subject: Re: [wheel] UCC SPF\DKIM records Date: 2024-02-03 10:08 am

From: Matt Johnston <matt at ucc.asn.au<mailto:matt at ucc.asn.au>>

To: Steven Lim <steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>

Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au<mailto:trs80 at ucc.gu.uwa.edu.au>>, UCC Wheel Group <wheel at ucc.asn.au<mailto:wheel at ucc.asn.au>>, tpg at ucc.asn.au<mailto:tpg at ucc.asn.au>, tech at ucc.asn.au<mailto:tech at ucc.asn.au>



Hi Steven, The DKIM record is still used and correct, headers of email sent from UCC are signed with that key. Without it the email deliverability decreases significantly (ends up in recipient spam folders instead). https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/

The SPF record for 130.95.0.0/16 covers the current sending address (130.95.13.30), though could now be limited to just .13/24. We can remove the ironports, thanks for the reminder. (We set it to the entirety of UWA at one point because outbound mailservers were being changed without any notification, so didn't want to get caught out). The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC servers that use .ucc.asn.au subdomains too. I think smtp-engine.com was an experiment with a 3rd party outbound provider, that can be removed. We'll get that done

Cheers, Matt



Kind regards,

Gary O'Donovan (22971584) - zixty at ucc.asn.au<mailto:zixty at ucc.asn.au>

________________________________

From: tech <tech-bounces+22971584=student.uwa.edu.au at ucc.asn.au<mailto:tech-bounces+22971584=student.uwa.edu.au at ucc.asn.au>> on behalf of Matt Johnston <matt at ucc.asn.au<mailto:matt at ucc.asn.au>>
Sent: Monday, 12 February 2024 2:08 PM
To: Steven Lim <steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>
Cc: James Andrewartha <trs80 at ucc.gu.uwa.edu.au<mailto:trs80 at ucc.gu.uwa.edu.au>>; UCC Wheel Group <wheel at ucc.asn.au<mailto:wheel at ucc.asn.au>>; tpg at ucc.asn.au<mailto:tpg at ucc.asn.au> <tpg at ucc.asn.au<mailto:tpg at ucc.asn.au>>; tech at ucc.asn.au<mailto:tech at ucc.asn.au> <tech at ucc.asn.au<mailto:tech at ucc.asn.au>>
Subject: Re: [tech] [wheel] UCC SPF\DKIM records



Hi Steven.

I replied on 3 Feb, copied below. Most of the records are still
necessary.

Unsure why you didn't receive my email, it was delivered from UCC to the
Outlook server.

Feb  3 10:08:36 mailfish postfix/smtp[2069977]: 8BE482A2AEF:
to=<steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>,
relay=uwa-edu-au.mail.protection.outlook.com[104.47.71.138]:25,
delay=6.3, delays=0.17/0.01/4.9/1.2, dsn=2.6.0, status=sent (250 2.6.0
<6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au<mailto:6d43f670c7eeb3f5d7db800349f0c5a7 at ucc.asn.au>>
[InternalId=99797860092462,
Hostname=SY6PR01MB7429.ausprd01.prod.outlook.com] 15139 bytes in 0.073,
200.858 KB/sec Queued mail for delivery)



Cheers,
Matt


-------- Original Message --------
Subject: Re: [wheel] UCC SPF\DKIM records
Date: 2024-02-03 10:08 am
 From: Matt Johnston <matt at ucc.asn.au<mailto:matt at ucc.asn.au>>
To: Steven Lim <steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au>>
Copy: James Andrewartha <trs80 at ucc.gu.uwa.edu.au<mailto:trs80 at ucc.gu.uwa.edu.au>>, UCC Wheel Group
<wheel at ucc.asn.au<mailto:wheel at ucc.asn.au>>, tpg at ucc.asn.au<mailto:tpg at ucc.asn.au>, tech at ucc.asn.au<mailto:tech at ucc.asn.au>

Hi Steven,

The DKIM record is still used and correct, headers of email sent from
UCC are signed with that key.
Without it the email deliverability decreases significantly (ends up in
recipient spam folders instead).
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Flearning%2Femail-security%2Fdmarc-dkim-spf%2F&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894298736%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=P8tZLDZjcZthrPBKI2Th7e1pfGa21eYVF9mWTwvsVkg%3D&reserved=0<https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/>

The SPF record for 130.95.0.0/16 covers the current sending address
(130.95.13.30), though could now be limited to just .13/24. We can
remove the ironports, thanks for the reminder.
(We set it to the entirety of UWA at one point because outbound
mailservers were being changed without any notification, so didn't want
to get caught out).
The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC
servers that use .ucc.asn.au subdomains too.
I think smtp-engine.com was an experiment with a 3rd party outbound
provider, that can be removed. We'll get that done

Cheers,
Matt


On 2024-02-12 1:54 pm, Steven Lim wrote:
> Hi UCC
>
> We are trying to get updates on DNS records as per below. Can you
> please provide an update or additional contact information to discuss.
> If we receive no response in the next week or two then we will
> commence removing records we deem as not required, specifically the
> records
> * ucc-2016.3 DKIM records
> *130.95.0.0 entry in the SPF record
> * ip4:139.138.31.0/24 ip4:139.138.42.0/24 IronPort records in the SPF
> record as this system is being decommissioned
>
> Thanks
>
> --
> Steven Lim
> Manager System Administration
> University IT   .  B658 R206, M463, Perth WA 6009 Australia
> P +61 8 6488 2970  M +61 4 3856 1173  .  E steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au> (inc
> Teams)
>
>
> -----Original Message-----
> From: Steven Lim
> Sent: Thursday, February 1, 2024 9:48 AM
> To: 'James Andrewartha' <trs80 at ucc.gu.uwa.edu.au<mailto:trs80 at ucc.gu.uwa.edu.au>>
> Cc: 'UCC Wheel Group' <wheel at ucc.asn.au<mailto:wheel at ucc.asn.au>>; 'tpg at ucc.asn.au'
> <tpg at ucc.asn.au<mailto:tpg at ucc.asn.au>>; 'tech at ucc.asn.au' <tech at ucc.asn.au<mailto:tech at ucc.asn.au>>
> Subject: UCC SPF\DKIM records
>
> Hi James et al
>
> We're just reviewing DNS records related to SPF\DKIM. We note that the
> UCC have some records in place and we're after additional information.
> The records in question are as follows:
>
> Domain                        Type    Usage   Record                                  Value
> Ucc.asn.au            TXT     DKIM    ucc-2016-3._domainkey.ucc.asn.au.       v=DKIM1; k=rsa;
> t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> Ucc.gu.uwa.edu.au     TXT     DKIM    ucc-2016-3._domainkey.ucc.gu.uwa.edu.au.        v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> Ucc.guild.uwa.edu.au  TXT     DKIM    ucc-2016-3._domainkey.guild.uwa.edu.au. v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
>
> Each of the domains also has the following SPF record:
>
> v=spf1 ip4:203.27.114.0/23 ip4:130.95.0.0/16 ip4:139.138.31.0/24
> ip4:139.138.42.0/24 include:spf.smtp-engine.com
> include:spf.forwardemail.net ~all
>
> Could you please advise:
> 1. What is the DKIM record ucc-2016-3._domainkey used for? Is it still
> required?
> 2. What are the following SPF records required for and are they still
> required?
>        a. ip4:203.27.114.0/23, appears to be your entire network
>        b. ip4:130.95.0.0/16, the entire UWA network
>        c. ip4:139.138.31.0/24 ip4:139.138.42.0/24 UWA IronPorts, soon to be
> phased out. The first record has already been decommissioned
>        d. include:spf.smtp-engine.com, Unknown
>
> If you could get back to me asap.
>
> ta
> --
> Steven Lim
> Manager System Administration
> University IT   .  B658 R206, M463, Perth WA 6009 Australia P +61 8
> 6488 2970  M +61 4 3856 1173  .  E steven.lim at uwa.edu.au<mailto:steven.lim at uwa.edu.au> (inc Teams) C
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuwa.zoom.us%2Fmy%2Fstevenjlim&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894306315%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=vVsDv%2Fy04JmAr9%2BX1%2FPNsSrFZRFnpxWyO3W2OuGONFI%3D&reserved=0<https://uwa.zoom.us/my/stevenjlim>
>
>
_______________________________________________
List Archives: https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.ucc.asn.au%2Fpipermail%2Ftech&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894310947%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=nTQGn2uFBzv8YV2yAzj52wHx%2FT40E8fOXOMQutKlkjg%3D&reserved=0<http://lists.ucc.asn.au/pipermail/tech>

Unsubscribe here: https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ucc.gu.uwa.edu.au%2Fmailman%2Foptions%2Ftech%2F22971584%2540student.uwa.edu.au&data=05%7C02%7C22971584%40student.uwa.edu.au%7C38fdf0f64a4544d7a2f108dc2b91361d%7C05894af0cb2846d8871674cdb46e2226%7C0%7C0%7C638433149894315432%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=1rRlb8agVOXKVYTQTTD3y8NHL1fAbKtHgndwDFJJfmY%3D&reserved=0<https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/22971584%40student.uwa.edu.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20240213/0e99c8dc/attachment-0001.htm>

More information about the tech mailing list