Mailing List Archive

Really confused about the definition of Host
Hey all - thanks for taking the time, and I apologize because I KNOW this
has been addressed, but I can't seem to understand it in the context of my
setup, so I am going to risk asking it specifically for my situation.



We use a remotely hosted server, and my confusion lies in what I need to add
to the list of allowed hosts (is a "host" in this context an MTA, a gateway,
or a user).



It's obvious that I need to add "mail.example.com" (our MTA) to the record.
What is much less obvious to my simple, pea-sized brain is whether or not to
include the following:



I access the server through an sbcGlobal dsl account with dynamic ip, and my
office access the server through a charter account with static ip. We
authenticate the SMTP session and send the mail - however, all the MTA
action is taking place from mail.example.com on a single ip - we have no
aliased gateways or smarthosts.



My question is, do I need to include the accounts that ACCESS our server to
send mail (sbcglobal and charter), or are we just dealing with MTA hosts -
in this case only the single mail.example.com?



I can see the logic (benefits and pitfalls) either way. If the SPF is just
checking the MTA, then it would only filter spoofed servers and not do much
against harvesting. If it verifies the pipe the user used to access the
MTA, then that is some serious filtering, but also some serious
recordkeeping (every user on a dynamic ip would have to have a dDNS record
for their home, office, smartphone, etc.)



So do I JUST use the wizard to set up a single ip for our MTA, or add every
accessing account I can think of to the MX include?



Thanks, and again I apologize for asking such an over-asked question. I
just don't understand any of the answers.



Shannon







-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Really confused about the definition of Host [ In reply to ]
Spf is a way to ID the mail server that is authorized to send mail for your domain. It doesn't matter how you access this server. If you only have one server that sends your emails then you just need to specify that one server. Use an IP address instead, the public IP, of the domain name to prevent dns lookups.
Felipe Tapia
Network Administrator

Nutrition Express / Lindberg Nutrition
2575 West 237th Street
Torrance, California 90505
Tel: 310.784.8500 ext. 222
Fax: 310.784.0590
Email: felipetapia@nutritionexpress.com
Websites: NutritionExpress.com / LindbergNutrition.com




-----Original Message-----
From: "Shannon Holsinger" <shannon@lenperdue.com>

Date: Fri, 31 Jul 2009 19:55:30
To: <spf-help@v2.listbox.com>
Subject: [spf-help] Really confused about the definition of Host


Hey all - thanks for taking the time, and I apologize because I KNOW this
has been addressed, but I can't seem to understand it in the context of my
setup, so I am going to risk asking it specifically for my situation.



We use a remotely hosted server, and my confusion lies in what I need to add
to the list of allowed hosts (is a "host" in this context an MTA, a gateway,
or a user).



It's obvious that I need to add "mail.example.com" (our MTA) to the record.
What is much less obvious to my simple, pea-sized brain is whether or not to
include the following:



I access the server through an sbcGlobal dsl account with dynamic ip, and my
office access the server through a charter account with static ip. We
authenticate the SMTP session and send the mail - however, all the MTA
action is taking place from mail.example.com on a single ip - we have no
aliased gateways or smarthosts.



My question is, do I need to include the accounts that ACCESS our server to
send mail (sbcglobal and charter), or are we just dealing with MTA hosts -
in this case only the single mail.example.com?



I can see the logic (benefits and pitfalls) either way. If the SPF is just
checking the MTA, then it would only filter spoofed servers and not do much
against harvesting. If it verifies the pipe the user used to access the
MTA, then that is some serious filtering, but also some serious
recordkeeping (every user on a dynamic ip would have to have a dDNS record
for their home, office, smartphone, etc.)



So do I JUST use the wizard to set up a single ip for our MTA, or add every
accessing account I can think of to the MX include?



Thanks, and again I apologize for asking such an over-asked question. I
just don't understand any of the answers.



Shannon







-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Really confused about the definition of Host [ In reply to ]
Shannon Holsinger wrote:
> We authenticate the SMTP session and send the mail - however, all the MTA
> action is taking place from mail.example.com on a single ip - we have no
> aliased gateways or smarthosts.
>
> My question is, do I need to include the accounts that ACCESS our server to
> send mail (sbcglobal and charter), or are we just dealing with MTA hosts -
> in this case only the single mail.example.com?

No, you don't usually need that. Authenticated users should be
automatically whitelisted from SPF checks. If at all possible, enable
the submission protocol at port 587, and instruct your users about
configuring their clients to send mail through that port. That way you
are sure they are able to send mail using their address from anywhere,
including networks that block or proxy port 25.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com