[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vps-mail] SPF tips (was: Blacklisting Mailer-Daemon)

Subject: RE: [vps-mail] SPF tips (was: Blacklisting Mailer-Daemon)
From: "Steve Yates" <steve@xxxxxxxxxxx>
Date: Thu, 10 Nov 2005 15:52:24 -0600

> I have a VPS and all my users for "domain.com" are using
> either webmail or
> a mail client whose SMTP and POP settings are "domain.com", then this
> should work just fine: 
> 
> "v=spf1 a ip4:10.10.7.1 include:domain.com ~all"

	You probably are using domain.com as an example but for purposes
of discussion...domain.com resolves to two IPs, 69.7.239.163 and
216.34.94.177.  Also domain.com doesn't have an SPF record, so the
include would cause SPF processing of this record to fail.  Hmm, if your
users have @domain.com e-mail addresses and this is an SPF record for
domain.com, the "include:domain.com" would be recursive?  "ip4:10.x.x.x"
isn't a public IP so that's sort of useless to include, mail will never
get from that IP directly to the Internet.

> Does specifying an IP mean that I could just use "include" to
> specify all
> of the domain names that I am hosting on that one machine?

	Well there are limits...I think the standard supports a max. of
16 DNS lookups.  Including an "ip4:..." just saves the other end (and
your DNS server) a lookup.  So what I think you are asking for is
(assuming the webmail is on the same server as the SMTP):

v=spf1 ip4:ip.of.the.server ~all

?  To handle other domains, you need to be careful to not "pass" any
domain on the server.  Then any of your customers could send out using
any other customer's domain (if they knew it, or guessed right).  That
would be more like so:

example.com	v=spf1 ?redirect:domain.com ~all
example.net	v=spf1 ?redirect:domain.com ~all
example.org	v=spf1 ?redirect:domain.com ~all
domain.com	v=spf1 ip4:ip.of.the.server ~all

The "?" in front is neither pass nor fail.  Of course this assumes none
of these three domains has an internal mail server, mail service, or
similar that send out mail other than through your server.

	BTW I ran across some good, though detailed, background on SPF
and similar spam/mail info:

http://www.minasi.com/newsletters/nws0510.htm
and
http://www.minasi.com/thismonth.htm

 - Steve Yates
 - ITS, Inc.
 - Isn't Disneyland a people trap operated by a mouse?

~ Taglines by Taglinator 4 - www.srtware.com ~

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Prev by Date: RE: [vps-mail] SPF tips (was: Blacklisting Mailer-Daemon)
Next by Date: [vps-mail] ClamAV with store-and-forward
Previous by thread: RE: [vps-mail] SPF tips (was: Blacklisting Mailer-Daemon)
Next by thread: [vps-mail] ClamAV with store-and-forward
Index(es):
- Date
- Thread

Main Index | Thread Index