SPF Permerror

A majority of organizations use multiple email service providers and every single one of them requires their own email authentication tools. If your email service provider supports SPF, you will need to include their SPF mechanism in your own SPF record.



 

However, you can run into errors which can result in the non-delivery of your emails. One such error is the SPF Permerror. Today, we will show you how to fix an SPF permerror so your SMTP is secured.

What is an SPF Permerror?

An SPF permerror or ‘SPF Permanent Error’ is one of the most common SPF errors that comes up when the domain’s SPF record could not be properly interpreted resulting in the non-delivery of emails.

An SPF Permerror can occur due to these reasons:

  • If the SPF record has a syntax error
  • If a domain has multiple SPF records
  • If the SPF evaluates more than 10 DNS mechanism lookups in an SPF record

What Is SPF Permerror – “Too Many DNS Lookups”?

This is the most common error out of the three types of SPF permerror. SPF has put several safeguards in place to make sure that you do not have any timeouts issues. An SPF will evaluate 10 DNS mechanisms in an SPF record. They include: a, mx, ptr, exists, include, redirect. If these DNS records exceed more than 10, it will raise an SPF Permerror. When an SPF permerror is raised, you will have to remove a few lookups/mechanisms.

What Does SPF Validation Failed Mean?

An SPF validation error comes up when the Sender Policy Framework (SPF) validation for the sender’s domain is not successful. To prevent these issues, an email admin should make sure that their domain for the domain registrar is set up properly. These are some common reasons an SPF validation error takes place:

  • Multiple SPF Records
  • SPF Validation is Not Available
  • More than 10 DNS Lookups
  • PTR Mechanism Usage
  • Macro is Invalid
  • Multiple Fallback Scenarios

A warning SPF validation failed will be given if your SPF record is not set properly. You can check invalid SPF record examples here.

Office 365 SPF Permerror

To prevent spoofing and get great email delivery, it is advisable to set up SPF in Microsoft (News – Alert) Office 365. To avoid SPF Permerror Office 365, you can go through these points.

  • Only one SPF record is enough for your domain
  • If you have a subdomain, create separate records
  • To avoid getting a permerror, make sure the there are no DNS lookups over 10

An Office 365 SPF permerror can be avoided by following these points. An SPF error such as the SPF permerror and SPF temperror can give you a huge problem for delivering your emails. This way you won’t have any deliverability issues.

How to Fix An SPF Permerror?

SPF Flattening

SPF flattening is a process to flatten order of an SPF record to a flattened record that contains less than 10 DNS lookups/mechanisms. It is also called an SPF record compression. By using a flattened SPF record, you can flatten the number of DNS querying mechanisms/lookups to 1.

The SPF flattening works by removing the ‘a,’ ‘mx,’ and ‘include’ mechanisms to make a simplified SPF record and reduces the amount of DNS lookups. Without doing this, there will be an unnecessary amount of DNS lookups.

Other mechanisms such as ip4 and ip6 are added as they do not use any SPF lookups.

Avoiding Unnecessary ‘include’ Statements

An ‘include’ statement is a mechanism that is used to redirect the DNS lookup to verify authorized IPs of another domain’s SPF record. These ‘include’ statements in the original SPF records will count towards the limit of 10.

Removing Reference to Invalid and Unused Domains

If a domain is unused by you or your partner’s vendor then any ‘include’ statements that redirect the SPF check to a domain. To reduce the number of DNS lookups, you should always make sure that any inactive domains in your SPF record should be removed.

You can also use these methods to avoid an SPF permerror:

  • Replacing the ‘include’ statement with ip4 and ip6 mechanisms when possible
  • You can remove mechanisms that refer to the same domain
  • Limit the use of PTR mechanisms as its usage can result in numerous DNS lookups
  • Use SPF record checks

You can also know more by referring to the SPF FAQs.

Handling Forged Emails Using SPF

Scammers and spammers forge a lot of emails by using numerous domains and email addresses or even legitimate emails and domains to fool users into believing that the email was from a known entity or a person that they know. An SPF can be used for handling forged email and help detect and reject these forged emails.

The SPF protocol allows a domain to authorize the hosts that will use its domain name. Also, the host can be used to configure and check the authorization. This way, an SPF can reduce the number of forged emails quite significantly.

To Conclude

We hope this article gave you some information regarding how to fix an SPF permerror for better protection of our SMTP. An SPF permerror is an important SPF error that should be resolved as soon as possible. Resolving these errors as soon as possible will give you better SPF authentication and significant rise in email deliverability.

Optimize wordpress database


ALTER TABLE wp_usermeta ADD UNIQUE KEY umeta_id (umeta_id);
ALTER TABLE wp_usermeta DROP PRIMARY KEY;
ALTER TABLE wp_usermeta ADD PRIMARY KEY (user_id, meta_key, umeta_id);
ALTER TABLE wp_usermeta DROP KEY user_id;
ALTER TABLE wp_usermeta DROP KEY meta_key;
ALTER TABLE wp_usermeta ADD KEY meta_key (meta_key, user_id);

ALTER TABLE wp_postmeta ADD UNIQUE KEY meta_id (meta_id);
ALTER TABLE wp_postmeta DROP PRIMARY KEY;
#ALTER TABLE wp_postmeta ADD PRIMARY KEY (post_id, meta_key, meta_id);
#ALTER TABLE wp_postmeta ADD KEY (post_id, meta_key, meta_value(64));
CREATE INDEX wp_postmeta_idx_1 ON wp_postmeta (post_id, meta_key, meta_value(64));
ALTER TABLE wp_postmeta DROP KEY post_id;
ALTER TABLE wp_postmeta DROP KEY meta_key;
ALTER TABLE wp_postmeta ADD PRIMARY KEY meta_key (meta_key, post_id);

ALTER TABLE wp_posts ADD KEY posts_key (post_status, post_type);

ALTER TABLE wp_wfIssues ADD PRIMARY KEY (ignoreP);

CREATE INDEX wp_wfissues1_idx ON wp_wfIssues (ignoreP);

CREATE INDEX wp_wfissues2_idx ON wp_wfIssues (ignoreC);

ALTER TABLE wp_terms ADD PRIMARY KEY (term_id);

CREATE INDEX wp_posts_post_modified_gmt_idx ON wp_posts (post_modified_gmt);
— wp_comments
— wp_commentmeta
— wp_posts
— wp_postmeta
— wp_termmeta
— wp_users
— wp_usermeta
— wp_options

delete from wp_comments where user_id = 0;

ALTER TABLE wp_comments ADD CONSTRAINT fk_user_id FOREIGN KEY (user_id) REFERENCES wp_users(id);

delete from wp_usermeta where umeta_id in (
select wp_usermeta.`umeta_id` from wp_usermeta left join wp_users on wp_users.id = wp_usermeta.user_id where wp_users.id is null
);
ALTER TABLE wp_usermeta ADD CONSTRAINT fk_usermeta_user_id FOREIGN KEY (user_id) REFERENCES wp_users(id);

ALTER TABLE wp_termmeta ADD CONSTRAINT fk_termmeta_terms FOREIGN KEY (term_id) REFERENCES wp_terms(term_id);


select wp_usermeta.`umeta_id` from wp_usermeta left join wp_users on wp_users.id = wp_usermeta.user_id where wp_users.id is null


ALTER TABLE wp_term_relationships ADD CONSTRAINT fk_wp_posts_wp_term_relationships FOREIGN KEY (object_id) REFERENCES wp_posts(ID);



Subnet mask values and figure out what they mean

Here are the charts, followed by some explanations of what they mean.

CIDR SUBNET MASK WILDCARD MASK # OF IP ADDRESSES # OF USABLE IP ADDRESSES
/32 255.255.255.255 0.0.0.0 1 1
/31 255.255.255.254 0.0.0.1 2 2*
/30 255.255.255.252 0.0.0.3 4 2
/29 255.255.255.248 0.0.0.7 8 6
/28 255.255.255.240 0.0.0.15 16 14
/27 255.255.255.224 0.0.0.31 32 30
/26 255.255.255.192 0.0.0.63 64 62
/25 255.255.255.128 0.0.0.127 128 126
/24 255.255.255.0 0.0.0.255 256 254
/23 255.255.254.0 0.0.1.255 512 510
/22 255.255.252.0 0.0.3.255 1,024 1,022
/21 255.255.248.0 0.0.7.255 2,048 2,046
/20 255.255.240.0 0.0.15.255 4,096 4,094
/19 255.255.224.0 0.0.31.255 8,192 8,190
/18 255.255.192.0 0.0.63.255 16,384 16,382
/17 255.255.128.0 0.0.127.255 32,768 32,766
/16 255.255.0.0 0.0.255.255 65,536 65,534
/15 255.254.0.0 0.1.255.255 131,072 131,070
/14 255.252.0.0 0.3.255.255 262,144 262,142
/13 255.248.0.0 0.7.255.255 524,288 524,286
/12 255.240.0.0 0.15.255.255 1,048,576 1,048,574
/11 255.224.0.0 0.31.255.255 2,097,152 2,097,150
/10 255.192.0.0 0.63.255.255 4,194,304 4,194,302
/9 255.128.0.0 0.127.255.255 8,388,608 8,388,606
/8 255.0.0.0 0.255.255.255 16,777,216 16,777,214
/7 254.0.0.0 1.255.255.255 33,554,432 33,554,430
/6 252.0.0.0 3.255.255.255 67,108,864 67,108,862
/5 248.0.0.0 7.255.255.255 134,217,728 134,217,726
/4 240.0.0.0 15.255.255.255 268,435,456 268,435,454
/3 224.0.0.0 31.255.255.255 536,870,912 536,870,910
/2 192.0.0.0 63.255.255.255 1,073,741,824 1,073,741,822
/1 128.0.0.0 127.255.255.255 2,147,483,648 2,147,483,646
/0 0.0.0.0 255.255.255.255 4,294,967,296 4,294,967,294

* /31 is a special case detailed in RFC 3021 where networks with this type of subnet mask can assign two IP addresses as a point-to-point link.

And here’s a table of the decimal to binary conversions for subnet mask and wildcard octets:

SUBNET MASK WILDCARD
0 00000000 255 11111111
128 10000000 127 01111111
192 11000000 63 00111111
224 11100000 31 00011111
240 11110000 15 00001111
248 11111000 7 00000111
252 11111100 3 00000011
254 11111110 1 00000001
255 11111111 0 00000000

Note that the wildcard is just the inverse of the subnet mask.

 

here the original article

Apache command connection check

The netstat command has been deprecated and replaced by the ss command in most of the Linux distributions.

It reads various ‘/proc’ files to gather information. It would take more time when there are lots of connections to display.

1) Checking the number of concurrent Apache connections

Run following ss command to find the total number of concurrent connections to Apache:

# ss -ant | grep -E ':80|:443' | wc -l
500

Alternatively, you can get Apache concurrent connection using netstat command as shown below:

# netstat -ant | grep -E ':80|:443' | wc -l
430

2) Checking concurrent connections of Apache in detail

Run the below ss command to see detailed information of Apache connections instead of counting it.

It shows the active internet connections on the server on port 80 & 443:

# ss -ant | grep -E ':80|:443'

 LISTEN     0      128    10.10.6.160:80                       :                  
106.222.112.160:12650              
 TIME-WAIT  0      0      94.237.76.92:443                114.119.135.42:2366               
 TIME-WAIT  0      0      94.237.76.92:443                114.119.135.42:2406               
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38400              
 ESTAB      0      0      127.0.0.1:38454              94.237.76.92:443                     
 ESTAB      0      0      94.237.76.92:443                117.249.205.234:64685              
 ESTAB      0      0      94.237.76.92:443                192.99.9.25:33132              
 ESTAB      0      0      94.237.76.92:443                66.249.71.82:49611              
 ESTAB      0      0      94.237.76.92:443                106.222.112.160:12648              
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38412              
 ESTAB      0      0      127.0.0.1:38402              94.237.76.92:443                
 TIME-WAIT  0      0      94.237.76.92:443                157.46.105.172:45656              
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38340              
 ESTAB      0      151496 94.237.76.92:443                106.222.112.160:12656              
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38332              
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38396              
 ESTAB      0      0      127.0.0.1:38460              94.237.76.92:443                
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38374              
 ESTAB      0      0      94.237.76.92:80                 5.9.61.232:51082              
 ESTAB      0      0      94.237.76.92:443                60.8.123.152:64476              
 ESTAB      0      0      94.237.76.92:443                167.114.209.104:35758              
 ESTAB      0      0      94.237.76.92:80                 106.222.112.160:12643              
 ESTAB      0      0      94.237.76.92:443                167.114.158.215:53270                          
 ESTAB      0      0      94.237.76.92:443                66.249.71.147:56912              
 ESTAB      0      0      94.237.76.92:443                127.0.0.1:38454              
 ESTAB      0      0      94.237.76.92:443                127.0.0.1:38468                         
 ESTAB      0      0      94.237.76.92:443                127.0.0.1:38402              
 TIME-WAIT  0      0      94.237.76.92:443                127.0.0.1:38366

Check the same information using the netstat command as shown below:

# netstat -ant | grep -E ':80|:443'

3) Listing Apache connections sort by IP

To count the number of connections currently active in Apache from each IP address and to sort them, use the following command:

# ss -ant |grep -E ':80|:443'|grep ESTAB| awk '{print $5}' | cut -d":" -f1 | sort | uniq -c | sort -nr

       8 94.237.76.92
       8 127.0.0.1
       2 5.9.61.232
       2 106.222.112.160
       1 98.236.14.66
       1 66.249.72.22
       1 66.249.71.48
       1 192.99.9.25
       1 167.114.209.104
       1 167.114.158.215

Similarly, you can find the same information using netstat command as shown below:

# netstat -ant |grep -E ':80|:443'|grep ESTAB | awk '{print $5}' | cut -d":" -f1 | sort | uniq -c | sort -nr

      6 162.158.155.70
      5 127.0.0.1
      2 172.68.51.180
      2 172.68.215.98
      2 172.68.215.86
      2 172.68.215.77
      2 172.68.215.75
      2 172.68.215.113
      2 172.68.215.111
      2 172.68.215.109
      2 172.68.215.101
      2 172.68.215.100
      2 162.158.150.128
      2 162.158.150.120
      2 162.158.118.154
      2 141.101.96.253
      2 141.101.96.243
      2 141.101.76.234
      2 141.101.105.254
	  .
	  .

Bonus Tips: 1) Counting running Apache processes in Linux

ps command is used to display all running processes in Linux system. Use the following format, if you would like to count the running Apache processes in Linux:

# ps -auxw | grep httpd | grep -v grep | wc -l
12

1.a) Listing Apache processes with ps

Use the following command to see the running httpd processes in Linux:

# ps auxw | grep httpd | grep -v grep
nobody    7988  0.0  0.5 253280 23252 ?        S    14:32   0:00 /usr/sbin/httpd -k start
nobody    8050  0.0  0.6 253412 24276 ?        S    14:33   0:00 /usr/sbin/httpd -k start
nobody    8054  0.0  0.6 253280 23288 ?        S    14:33   0:00 /usr/sbin/httpd -k start
nobody    8158  0.0  0.6 253280 23296 ?        S    14:33   0:00 /usr/sbin/httpd -k start
nobody    8159  0.0  0.5 253280 23176 ?        S    14:33   0:00 /usr/sbin/httpd -k start
daygeek   8202  0.0  0.6 253416 23304 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8203  0.0  0.5 253280 23052 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8207  0.0  0.5 253280 23044 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8213  0.0  0.6 253280 23300 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8216  0.0  0.5 253280 23052 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8218  0.0  0.6 253416 23304 ?        S    14:34   0:00 /usr/sbin/httpd -k start
nobody    8266  0.0  0.5 253148 23052 ?        S    14:35   0:00 /usr/sbin/httpd -k start
nobody    8267  0.0  0.5 253144 22800 ?        S    14:35   0:00 /usr/sbin/httpd -k start
nobody    8391  0.3  0.5 253144 22800 ?        S    14:35   0:00 /usr/sbin/httpd -k start
nobody    8393  0.5  0.5 253012 21776 ?        S    14:35   0:00 /usr/sbin/httpd -k start
nobody    8394  1.0  0.5 253144 22800 ?        S    14:35   0:00 /usr/sbin/httpd -k start
root     30500  0.0  0.0 227356  3584 ?        Ss   Jul25   2:33 /usr/sbin/httpd -k start

Let’s quickly look at the parameters

  • Serverlimit – Maximum number of Apache processes
  • StartServers – Number of processes to start when you start running Apache
  • MinSpareThreads/MaxSpareThreads – Number of threads to keep idle without being killed
  • ThreadsPerChild – Number of threads per process
  • MaxRequestWorkers – Number of concurrent connections to be supported. This is the main directive that you need to change to increase max connections in Apache
  • MaxConnectionsPerChild – Number of connections to be handled by each child before it is killed