Hi all,

I just came across a customer's server that did not have SPF records after a migration from cPanel (it didn't have them under cPanel...but if you're gonna upgrade to Virtualmin, you might as well go all out and upgrade behavior in all kinda ways!). So, I needed to add SPF records to all of the domains on the server. It's easy to use the BIND module to do so for one or two domains, but for more than that, I always like to test my mad bash skills and script it with a one-liner. So, here's how to do it quick-like. First change into the directory where your named hosts files live. It's probably /var/named/chroot/var/named on Red Hat based systems (you can add the cd to your one-liner, if you like, but I like to get my bearings before doing any mass-editing).


files=`ls *.hosts | sed "s/.hosts//"`; for i in $files; do echo $i. IN TXT "v=spf1 a mx ?all"]> $i.hosts; done


The first bit feeds the list of files ending in .hosts, minus the .hosts extension, into a variable called files. The for loop just operates on each entry in the variable. The command in the loop simply prints out the new SPF record line and the]> appends it to the end of the respective hosts file. Whee! bash is the bee's knees.

this will add the spf even if a dom already has it, doubling it up, is that ok?

Hey Tom,

You're quite correct. I was assuming a system without any SPF records. I don't know if multiple SPF records is a problem, or not. Better just to avoid it--if only for clarity and maintenance sake.

But it could be modified with a "grep -l -v spf1 *.hosts" somewhere in there to skip hosts files that already have a line containing "spf1". Actually, I think just replacing the ls *.hosts will do the trick:

files=`grep -l -v spf1 *.hosts | sed "s/.hosts//"`; for i in $files; do echo $i. IN TXT "v=spf1 a mx ?all"]> $i.hosts; done

Hope this helps.

Just FYI - the one-liner did not exclude the records that already included SPF records, but duplicated them.

Hey Harald,

Are you sure you used the second one (in the third post in this thread)? I'm pretty sure it doesn't double up existing records.

yeah it does add it again :(

Hey Tom,

That's bizarre. I tested the second example right after Harald's post and it didn't double them for me...I must be missing something. I'll look closer.

Oops. You're absolutely right. It totally does add it again. Silly Joe, thinking that grep is acting per-file and not per-line. Not sure how I missed that it doubled up in my hosts files that already had it (I must have checked one that didn't already have one to start with, but I thought it did).

So, here's the way to go about it:

files=`ls *.hosts | sed "s/.hosts//"`; for i in $files; do if grep -l spf1 $i.hosts]/dev/null; then echo "Skipping $i.hosts"; else echo "Modifying $i.hosts"; echo $i. IN TXT "v=spf1 a mx ?all"]> $i.hosts; fi; done

Or, in a form that'll safely cut and paste:

files=`ls *.hosts | sed "s/.hosts//"`; for i in $files;
do if grep -l spf1 $i.hosts]/dev/null; then echo "Skipping $i.hosts";
else echo "Modifying $i.hosts"; echo $i. IN TXT "v=spf1 a mx ?all"]> $i.hosts;
fi; done

Not so much a one-liner after all of that!

Hey all,

Just to update this one-liner with the new format of SPF records we're using:

ip=192.168.1.1
files=`ls *.hosts | sed "s/.hosts//"`; for i in $files;
do if grep -l spf1 $i.hosts]/dev/null; then echo "Skipping $i.hosts";
else echo "Modifying $i.hosts"; echo $i. IN TXT "v=spf1 a mx a:$i ip4:$ip ?all"]> $i.hosts;
fi; done

Note that you now need to enter the primary IP address of your server in the first line, as it is used later in the directive.