Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

mechanism options

 

 

SPF help RSS feed   Index | Next | Previous | View Threaded


bass at afnet

Aug 27, 2008, 9:00 AM

Post #1 of 7 (2391 views)
Permalink
mechanism options

Dear all

i have the following setup on my DNS

afnet.net. IN TXT "v=spf1 mx -all"
mmail.afnet.net. IN TXT "v=spf1 a -all"
mail2.afnet.net. IN TXT "v=spf1 a -all"

mmail.afnet.net is the HELO name of my server, can someone check this ?
mail2 is a second server we have not installed yet.

i'm wondering if i should keep the -all or use ~all for the first line

i can confirm that for now, i only have 1 server sending emails for my domain that is mmail.afnet.net

can you please advise ?

thanks

Bass





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Aug 27, 2008, 9:29 AM

Post #2 of 7 (2289 views)
Permalink
RE: mechanism options [In reply to]

Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help [at] v2>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.

> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


bass at afnet

Aug 29, 2008, 5:05 AM

Post #3 of 7 (2279 views)
Permalink
Re: mechanism options [In reply to]

in fact i have 2 MX records but i only use 1 of them at a time and if i'm
blacklisted i can change it while trying to whitelist the other one (it's
the best way i found because we are not able to control users trafic in some
cybercafes)

so i have 2 "A" records
mmail.afnet.net 213.136.109.60
mail2.afnet.net 213.136.109.6

is that ok ? or i have to add something to the SPF record for mmail about
mail2.afnet.net and if so can you please advise ?

thanks

----- Original Message -----
From: "Steve Yates" <steve [at] teamITS>
To: <spf-help [at] v2>
Sent: Wednesday, August 27, 2008 4:29 PM
Subject: RE: [spf-help] mechanism options


Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help [at] v2>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.



> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


Tom.Reynolds at RTM

Aug 29, 2008, 5:52 AM

Post #4 of 7 (2289 views)
Permalink
RE: mechanism options [In reply to]

First, you only need SPF records for the servers that would SEND mail.
The MX records tell the world where you RECIEVE mail.

If you do sometimes send mail from both servers, you could create a
single TXT record for the afnet.net domain with both servers in it like
this:

afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
a:mail2.afnet.net -all"

That basically says afnet.net will only send mail from the following two
servers, mmail and mail2.


-----Original Message-----
From: Bass [mailto:bass [at] afnet]
Sent: Friday, August 29, 2008 8:05 AM
To: spf-help [at] v2
Subject: Re: [spf-help] mechanism options

in fact i have 2 MX records but i only use 1 of them at a time and if
i'm
blacklisted i can change it while trying to whitelist the other one
(it's
the best way i found because we are not able to control users trafic in
some
cybercafes)

so i have 2 "A" records
mmail.afnet.net 213.136.109.60
mail2.afnet.net 213.136.109.6

is that ok ? or i have to add something to the SPF record for mmail
about
mail2.afnet.net and if so can you please advise ?

thanks

----- Original Message -----
From: "Steve Yates" <steve [at] teamITS>
To: <spf-help [at] v2>
Sent: Wednesday, August 27, 2008 4:29 PM
Subject: RE: [spf-help] mechanism options


Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help [at] v2>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.



> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


gerberb at zenez

Aug 29, 2008, 8:30 AM

Post #5 of 7 (2289 views)
Permalink
RE: mechanism options [In reply to]

On Fri, 29 Aug 2008, Reynolds, Tom wrote:
> From: "Steve Yates" <steve [at] teamITS> in fact i have 2 MX records but
> i only use 1 of them at a time and if i'm blacklisted i can change it
> while trying to whitelist the other one (it's the best way i found
> because we are not able to control users trafic in some cybercafes)
>
> so i have 2 "A" records mmail.afnet.net 213.136.109.60 mail2.afnet.net
> 213.136.109.6
>
> is that ok ? or i have to add something to the SPF record for mmail
> about mail2.afnet.net and if so can you please advise ? First, you only
> need SPF records for the servers that would SEND mail. The MX records
> tell the world where you RECIEVE mail.
>
> If you do sometimes send mail from both servers, you could create a
> single TXT record for the afnet.net domain with both servers in it like
> this:
>
> afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
> a:mail2.afnet.net -all"
>
> That basically says afnet.net will only send mail from the following two
> servers, mmail and mail2.

or have one record with just ip entries.


afnet.net. IN TXT "v=spf1 ip4:213.136.109.60 ip4:213.136.109.6 -all

--
Boyd Gerber <gerberb [at] zenez>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


bass at afnet

Aug 30, 2008, 5:33 AM

Post #6 of 7 (2275 views)
Permalink
Re: mechanism options [In reply to]

i understand this but i read something on openspf.org about the HELO name so
in addition to the first entry

afnet.net. IN TXT "v=spf1 mx -all"

i need to add the 2 other lines,

next is a copy from the openspf.org site
If you run BIND
Paste this into your zone file:
afnet.net. IN TXT "v=spf1 mx -all"When a mail server sends a bounce message,
it uses a null MAIL FROM: <>, and a HELO address that's supposed to be its
own name. SPF will still operate, but in "degraded mode" by using the HELO
domain name instead. Because this wizard can't tell which name your mail
server uses in its HELO command, it lists all possible names, so there may
be multiple lines shown below. If you know which hostname your mail server
uses in its HELO command, you should pick out the appropriate entries and
ignore the rest.

So this should also appear in DNS. You may or may not be in charge of the
DNS for these entries; if you are, add them.

mail2.afnet.net. IN TXT "v=spf1 a -all"
mmail.afnet.net. IN TXT "v=spf1 a -all"
----- Original Message -----
From: "Boyd Lynn Gerber" <gerberb [at] zenez>
To: <spf-help [at] v2>
Sent: Friday, August 29, 2008 3:30 PM
Subject: RE: [spf-help] mechanism options


> On Fri, 29 Aug 2008, Reynolds, Tom wrote:
>> From: "Steve Yates" <steve [at] teamITS> in fact i have 2 MX records but i
>> only use 1 of them at a time and if i'm blacklisted i can change it while
>> trying to whitelist the other one (it's the best way i found because we
>> are not able to control users trafic in some cybercafes)
>>
>> so i have 2 "A" records mmail.afnet.net 213.136.109.60 mail2.afnet.net
>> 213.136.109.6
>>
>> is that ok ? or i have to add something to the SPF record for mmail about
>> mail2.afnet.net and if so can you please advise ? First, you only need
>> SPF records for the servers that would SEND mail. The MX records tell the
>> world where you RECIEVE mail.
>>
>> If you do sometimes send mail from both servers, you could create a
>> single TXT record for the afnet.net domain with both servers in it like
>> this:
>>
>> afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
>> a:mail2.afnet.net -all"
>>
>> That basically says afnet.net will only send mail from the following two
>> servers, mmail and mail2.
>
> or have one record with just ip entries.
>
>
> afnet.net. IN TXT "v=spf1 ip4:213.136.109.60 ip4:213.136.109.6 -all
>
> --
> Boyd Gerber <gerberb [at] zenez>
> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Sep 2, 2008, 9:17 AM

Post #7 of 7 (2262 views)
Permalink
RE: mechanism options [In reply to]

Bass wrote on 8/30/2008 7:33:29 AM:

> i understand this but i read something on openspf.org about the HELO
name so
> in addition to the first entry
>
> afnet.net. IN TXT "v=spf1 mx -all"
>
> i need to add the 2 other lines,

> mail2.afnet.net. IN TXT "v=spf1 a -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"

That's fine, you can set up all three SPF records, in your DNS.
The first (afnet.net) is for mail coming from your domain; the other two
are for the HELO greeting, to tie those two hostnames to specific IP
addresses.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Any sufficiently advanced magic looks like technology.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.