Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
Continuation of previous Q
Admin at iaa
Oct 3, 2004, 11:49 PM
Post #1 of 3 (1244 views)
Permalink
Morning all,

ok. I set up an SPF as per the wizards recommendations as follows :

iaa.gov.il. IN TXT "v=spf1 ip4:192.115.178.6 ip4:192.115.178.1
ip4:192.115.178.19 mx -all"

In addition, the wizard states I should add the following as well :

ingw.iaa.gov.il. IN TXT "v=spf1 a -all"

for my main MX based server, which I did.

I also added a similar line for the two IP4 based servers that do not
hold MX records as per the primary TXT line above.

Is this ok, or should I only have the TXT bit for MX record holders
under my control ?

Mike Glassman

CISSP

Head of System Security

Computer & Information Systems

Israeli Airports Authority

Ben-Gurion Airport

http://www.ben-gurion-airport.co.il
<http://www.ben-gurion-airport.co.il/>

Tel : 972-3-9710785

Fax : 972-3-9710939

Email : admin@iaa.gov.il

Usage of this email address or any email address at iaa.gov.il for the
purpose of sales pitches, SPAM or any other such unwanted garbage, is
illegal, and any person, whether corporate or alone doing so, will be
prosecuted to the fullest possible extent.



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: Continuation of previous Q [ In reply to ]
nobody at xyzzy
Oct 4, 2004, 1:09 PM
Post #2 of 3 (1194 views)
Permalink
Admin@iaa.gov.il wrote:

> iaa.gov.il. IN TXT
> "v=spf1 ip4:192.115.178.6 ip4:192.115.178.1
> ip4:192.115.178.19 mx -all"

That's what you say about mail with HELO iaa.gov.il
resp. any MAIL FROM:<user@iaa.gov.il>

The 3 mentioned IPs and the 3 IPs of your 3 MXs
are allowed to use this HELO resp. MAIL FROM.

Any other IP matches "-all" resulting in a FAIL.

> ingw.iaa.gov.il. IN TXT "v=spf1 a -all"

That's probably for cases like HELO ingw.iaa.gov.il
and MAIL FROM:<> or in other words for bounces. Or
for MAIL FROM:<MAILER-DAEMON@ingw.iaa.gov.il> etc.

Any MAIL FROM;<postmaster@ingw.iaa.gov.il> sent via
one of the 5 other IPs would result in a SPF FAIL.
Only ingw (192.115.178.1) is allowed to use this
domain in HELO resp. MAIL FROM by "v=spf1 a -all".

Should be okay, you can test your sender policy at
<http://spf.pobox.com/why.html> or
<http://spftools.infinitepenguins.net/check.php>

Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
RE: Re: Continuation of previous Q [ In reply to ]
Admin at iaa
Oct 5, 2004, 11:34 PM
Post #3 of 3 (1227 views)
Permalink
Great.

Thanks for the info.


Mike Glasman, CISSP
Head of Systems Security
Israel Airport Authority



-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Frank Ellermann
Sent: Monday, October 04, 2004 10:09 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] Re: Continuation of previous Q

Admin@iaa.gov.il wrote:

> iaa.gov.il. IN TXT
> "v=spf1 ip4:192.115.178.6 ip4:192.115.178.1
> ip4:192.115.178.19 mx -all"

That's what you say about mail with HELO iaa.gov.il resp. any MAIL
FROM:<user@iaa.gov.il>

The 3 mentioned IPs and the 3 IPs of your 3 MXs are allowed to use this
HELO resp. MAIL FROM.

Any other IP matches "-all" resulting in a FAIL.

> ingw.iaa.gov.il. IN TXT "v=spf1 a -all"

That's probably for cases like HELO ingw.iaa.gov.il and MAIL FROM:<> or
in other words for bounces. Or for MAIL
FROM:<MAILER-DAEMON@ingw.iaa.gov.il> etc.

Any MAIL FROM;<postmaster@ingw.iaa.gov.il> sent via one of the 5 other
IPs would result in a SPF FAIL.
Only ingw (192.115.178.1) is allowed to use this domain in HELO resp.
MAIL FROM by "v=spf1 a -all".

Should be okay, you can test your sender policy at
<http://spf.pobox.com/why.html> or
<http://spftools.infinitepenguins.net/check.php>

Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

*****************************************
This mail arrived via pineapp@IAA
*****************************************

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal