vesely at tana
Aug 2, 2010, 3:42 AM
Post #2 of 9
(1446 views)
Permalink
|
|
Re: Setting up the correct SPF with one SMTP for few domains
[In reply to]
|
|
On 02/Aug/10 08:05, Pietro wrote:
> I'm new to SPF, read the faq and tried the wizard. I think to have got to the
> right spf to add to my DNS but before doing it, I'd like to ask to some
> experts here if it is correct.
You should read at least the first two sections of RFC 4408.
> My situation is:
> I have a machine running a SMTP server and a web server. The IP of the machine
> is 109.231.67.172. The hostname of the SMTP is postoffice.bryo.it (I should
> have set up mx, ptr, reverse dns etc all correctly).
> All web applications (using different domains) use postoffice.bryo.it as SMTP
> address (it accepts email from localhost only). So, for example, I have
> calcolatermini.info and casainpermuta.it that sends emails using
> postoffice.bryo.it (as info [at] calcolatermini and/or
> contact [at] casainpermuta).
Users? I've seen you wrote from a gmail address, rather than one of
your domains. If anyone, besides applications, actually /uses/ those
addresses, you need to take also their sending paths into account.
> As far as I have understand, I should create a TXT record for bryo.it like
> this:
> v=spf1 a a:postoffice.bryo.it a:casainpermuta.it a:calcolatermini.info ?all
All those "a" terms result in the same address 109.231.67.172, so they
are redundant. You must figure out what you want the receiving server
to do when it sees that record. It is currently equivalent to either
v=spf1 a ?all
or
v=spf1 ip4:109.231.67.172 ?all
The former seems shorter and easier to maintain, but its behavior may
vary, e.g. when it's included. The latter requires you to change the
actual address whenever you change network provider, but is pretty clear.
> Is that correct? Is that all? Or should I do anything on casainpermuta.it and
> calcolatermini.info domains as well?
You should also publish a record for the other domains, including
postoffice.bryo.it (which currently has an MX.) Actually, you should
publish an SPF/TXT for each A/AAAA, since the corresponding domain
name can be legally used as the domain part of an email address. For
names that must _never_ be used for mail, specify
v=spf1 -all
HTH
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
