Mailing List Archive

Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help@v2.listbox.com>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.

> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

in fact i have 2 MX records but i only use 1 of them at a time and if i'm
blacklisted i can change it while trying to whitelist the other one (it's
the best way i found because we are not able to control users trafic in some
cybercafes)

so i have 2 "A" records
mmail.afnet.net 213.136.109.60
mail2.afnet.net 213.136.109.6

is that ok ? or i have to add something to the SPF record for mmail about
mail2.afnet.net and if so can you please advise ?

thanks

----- Original Message -----
From: "Steve Yates" <steve@teamITS.com>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, August 27, 2008 4:29 PM
Subject: RE: [spf-help] mechanism options


Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help@v2.listbox.com>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.



> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

First, you only need SPF records for the servers that would SEND mail.
The MX records tell the world where you RECIEVE mail.

If you do sometimes send mail from both servers, you could create a
single TXT record for the afnet.net domain with both servers in it like
this:

afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
a:mail2.afnet.net -all"

That basically says afnet.net will only send mail from the following two
servers, mmail and mail2.


-----Original Message-----
From: Bass [mailto:bass@afnet.net]
Sent: Friday, August 29, 2008 8:05 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] mechanism options

in fact i have 2 MX records but i only use 1 of them at a time and if
i'm
blacklisted i can change it while trying to whitelist the other one
(it's
the best way i found because we are not able to control users trafic in
some
cybercafes)

so i have 2 "A" records
mmail.afnet.net 213.136.109.60
mail2.afnet.net 213.136.109.6

is that ok ? or i have to add something to the SPF record for mmail
about
mail2.afnet.net and if so can you please advise ?

thanks

----- Original Message -----
From: "Steve Yates" <steve@teamITS.com>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, August 27, 2008 4:29 PM
Subject: RE: [spf-help] mechanism options


Bass wrote on 8/27/2008 11:00:39 AM:

> afnet.net. IN TXT "v=spf1 mx -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"
> mail2.afnet.net. IN TXT "v=spf1 a -all"
>
> mmail.afnet.net is the HELO name of my server, can someone check this
?
> mail2 is a second server we have not installed yet.

Received: from MMAIL.afnet.net (mail2.afnet.net [213.136.109.6]) by
thorn.listbox.com (Postfix) with ESMTP id 96D932195A for
<spf-help@v2.listbox.com>; Wed, 27 Aug 2008 12:01:09 -0400 (EDT)

mmail.afnet.net looks correct for HELO per the message you sent
to the list. However the IP used is 213.136.109.6 which is mail2? If
so your SPF record for mmail.afnet.net only references "a", which is
213.136.109.60, so that should fail SPF.



> i'm wondering if i should keep the -all or use ~all for the first line

Eventually you should use -all once you are sure you've listed
all the server hostnames/IPs correctly.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I think, therefore I am confused.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Fri, 29 Aug 2008, Reynolds, Tom wrote:
> From: "Steve Yates" <steve@teamITS.com> in fact i have 2 MX records but
> i only use 1 of them at a time and if i'm blacklisted i can change it
> while trying to whitelist the other one (it's the best way i found
> because we are not able to control users trafic in some cybercafes)
>
> so i have 2 "A" records mmail.afnet.net 213.136.109.60 mail2.afnet.net
> 213.136.109.6
>
> is that ok ? or i have to add something to the SPF record for mmail
> about mail2.afnet.net and if so can you please advise ? First, you only
> need SPF records for the servers that would SEND mail. The MX records
> tell the world where you RECIEVE mail.
>
> If you do sometimes send mail from both servers, you could create a
> single TXT record for the afnet.net domain with both servers in it like
> this:
>
> afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
> a:mail2.afnet.net -all"
>
> That basically says afnet.net will only send mail from the following two
> servers, mmail and mail2.

or have one record with just ip entries.


afnet.net. IN TXT "v=spf1 ip4:213.136.109.60 ip4:213.136.109.6 -all

--
Boyd Gerber <gerberb@zenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

i understand this but i read something on openspf.org about the HELO name so
in addition to the first entry

afnet.net. IN TXT "v=spf1 mx -all"

i need to add the 2 other lines,

next is a copy from the openspf.org site
If you run BIND
Paste this into your zone file:
afnet.net. IN TXT "v=spf1 mx -all"When a mail server sends a bounce message,
it uses a null MAIL FROM: <>, and a HELO address that's supposed to be its
own name. SPF will still operate, but in "degraded mode" by using the HELO
domain name instead. Because this wizard can't tell which name your mail
server uses in its HELO command, it lists all possible names, so there may
be multiple lines shown below. If you know which hostname your mail server
uses in its HELO command, you should pick out the appropriate entries and
ignore the rest.

So this should also appear in DNS. You may or may not be in charge of the
DNS for these entries; if you are, add them.

mail2.afnet.net. IN TXT "v=spf1 a -all"
mmail.afnet.net. IN TXT "v=spf1 a -all"
----- Original Message -----
From: "Boyd Lynn Gerber" <gerberb@zenez.com>
To: <spf-help@v2.listbox.com>
Sent: Friday, August 29, 2008 3:30 PM
Subject: RE: [spf-help] mechanism options


> On Fri, 29 Aug 2008, Reynolds, Tom wrote:
>> From: "Steve Yates" <steve@teamITS.com> in fact i have 2 MX records but i
>> only use 1 of them at a time and if i'm blacklisted i can change it while
>> trying to whitelist the other one (it's the best way i found because we
>> are not able to control users trafic in some cybercafes)
>>
>> so i have 2 "A" records mmail.afnet.net 213.136.109.60 mail2.afnet.net
>> 213.136.109.6
>>
>> is that ok ? or i have to add something to the SPF record for mmail about
>> mail2.afnet.net and if so can you please advise ? First, you only need
>> SPF records for the servers that would SEND mail. The MX records tell the
>> world where you RECIEVE mail.
>>
>> If you do sometimes send mail from both servers, you could create a
>> single TXT record for the afnet.net domain with both servers in it like
>> this:
>>
>> afnet.net. IN TXT "v=spf1 a:mmail.afnet.net
>> a:mail2.afnet.net -all"
>>
>> That basically says afnet.net will only send mail from the following two
>> servers, mmail and mail2.
>
> or have one record with just ip entries.
>
>
> afnet.net. IN TXT "v=spf1 ip4:213.136.109.60 ip4:213.136.109.6 -all
>
> --
> Boyd Gerber <gerberb@zenez.com>
> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Bass wrote on 8/30/2008 7:33:29 AM:

> i understand this but i read something on openspf.org about the HELO
name so
> in addition to the first entry
>
> afnet.net. IN TXT "v=spf1 mx -all"
>
> i need to add the 2 other lines,

> mail2.afnet.net. IN TXT "v=spf1 a -all"
> mmail.afnet.net. IN TXT "v=spf1 a -all"

That's fine, you can set up all three SPF records, in your DNS.
The first (afnet.net) is for mail coming from your domain; the other two
are for the HELO greeting, to tie those two hostnames to specific IP
addresses.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Any sufficiently advanced magic looks like technology.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com