Mailing List Archive

Hi!

On Mon, Mar 01, 2010 at 04:25:59PM +0700, Harold Ohye wrote:
>I relay mail through the ISP and I would like to know if it is possible to make something like *.relayisp.com

>I don't know all of the servers that the ISP will send mail out from or if they change their hostnames.

>They might have 3 servers such as: mail1.relayisp.com mail2.relayisp.com mail3.relayisp.com

>is it possible to achieve something like this:
>"v=spf1 mx a:*.relayisp.com -all"

You might get away with the ptr mechanism, like ptr:relayisp.com.

You would probably not need mx then.

Another try would be checking their netblocks and adding them using the
ip4 (and perhaps ip6) mechanisms, which would save DNS lookups.

Or ask them. Or perhaps, if they offer relaying for customer domains,
they might offer SPF records for include: usage.

>Thanks,
>Harold

Kind regards,

Hannah.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hello,

You'll get much better results here if you use real domain names.

Based on the assumption that "relayisp.com" is ficticious, the best we can offer is a guess.

If you provide your ISP's domain name, you might get a very simple working answer.

-john



At 03:25 AM 3/1/2010, you wrote:
>I relay mail through the ISP and I would like to know if it is possible to make something like *.relayisp.com
>
>I don't know all of the servers that the ISP will send mail out from or if they change their hostnames.
>
>They might have 3 servers such as: mail1.relayisp.com mail2.relayisp.com mail3.relayisp.com
>
>is it possible to achieve something like this:
>"v=spf1 mx a:*.relayisp.com -all"
>
>Thanks,
>Harold
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>No virus found in this incoming message.
>Checked by AVG - www.avg.com
>Version: 9.0.733 / Virus Database: 271.1.1/2714 - Release Date: 02/28/10 01:34:00

Ok.

my domain is compassitsolutions.com

I send email out from my domain but for some domain destinations is gets relayed to mail.truemail.co.th
When I check headers mail is sent out of ISP servers such as irgb10.truemail.co.th irpkscout3.truemail.co.th and a couple of others.

So the SPF record needs to be for my domain (MX records) and also for the relay servers.


I managed to get it working with a IP4: subnet declaration, but I would like to know if I can use the domain for truemail.co.th in case their IP scheme changes.

Thanks,
Harold

________________________________________
From: John Blazek [spf.pobox@logicalsolutns.com]
Sent: Monday, March 01, 2010 9:36 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] help with SPF record for unknown hosts

Hello,

You'll get much better results here if you use real domain names.

Based on the assumption that "relayisp.com" is ficticious, the best we can offer is a guess.

If you provide your ISP's domain name, you might get a very simple working answer.

-john



At 03:25 AM 3/1/2010, you wrote:
>I relay mail through the ISP and I would like to know if it is possible to make something like *.relayisp.com
>
>I don't know all of the servers that the ISP will send mail out from or if they change their hostnames.
>
>They might have 3 servers such as: mail1.relayisp.com mail2.relayisp.com mail3.relayisp.com
>
>is it possible to achieve something like this:
>"v=spf1 mx a:*.relayisp.com -all"
>
>Thanks,
>Harold
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>No virus found in this incoming message.
>Checked by AVG - www.avg.com
>Version: 9.0.733 / Virus Database: 271.1.1/2714 - Release Date: 02/28/10 01:34:00


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thank you.

It does not appear that your ISP is publishing a TXT record for SPF.

The two relay servers you cited are both on the same /24 subnet:

Non-authoritative answer:
Name: irgb10.truemail.co.th
Address: 203.144.173.226

Non-authoritative answer:
Name: irpkscout3.truemail.co.th
Address: 203.144.173.143

You might get away with listing just those two IPs, or listing the entire /24.

However, you correctly point out that your ISP may move the servers to other IPs.

If you must relay through their server, your best solution may be, as Hannah suggested, to contact your ISP and ask them for a list of outbound MX IPs .. or even better, ask them to publish a (-all) SPF record.

Alternately, stop relaying through their mail server and simply send mail directly.

If your ISP will not let you send outbound mail directly, and refuses to publish an SPF record, and cannot guarantee fixed IPs for their outbound mail servers, you might also secure services from a company who offers SMTP relay services.

-john


At 09:07 AM 3/1/2010, you wrote:
>Ok.
>
>my domain is compassitsolutions.com
>
>I send email out from my domain but for some domain destinations is gets relayed to mail.truemail.co.th
>When I check headers mail is sent out of ISP servers such as irgb10.truemail.co.th irpkscout3.truemail.co.th and a couple of others.
>
>So the SPF record needs to be for my domain (MX records) and also for the relay servers.
>
>
>I managed to get it working with a IP4: subnet declaration, but I would like to know if I can use the domain for truemail.co.th in case their IP scheme changes.
>
>Thanks,
>Harold
>
>________________________________________
>From: John Blazek [spf.pobox@logicalsolutns.com]
>Sent: Monday, March 01, 2010 9:36 PM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] help with SPF record for unknown hosts
>
>Hello,
>
>You'll get much better results here if you use real domain names.
>
>Based on the assumption that "relayisp.com" is ficticious, the best we can offer is a guess.
>
>If you provide your ISP's domain name, you might get a very simple working answer.
>
>-john
>
>
>
>At 03:25 AM 3/1/2010, you wrote:
>>I relay mail through the ISP and I would like to know if it is possible to make something like *.relayisp.com
>>
>>I don't know all of the servers that the ISP will send mail out from or if they change their hostnames.
>>
>>They might have 3 servers such as: mail1.relayisp.com mail2.relayisp.com mail3.relayisp.com
>>
>>is it possible to achieve something like this:
>>"v=spf1 mx a:*.relayisp.com -all"
>>
>>Thanks,
>>Harold
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>No virus found in this incoming message.
>>Checked by AVG - www.avg.com
>>Version: 9.0.733 / Virus Database: 271.1.1/2714 - Release Date: 02/28/10 01:34:00
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>No virus found in this incoming message.
>Checked by AVG - www.avg.com
>Version: 9.0.733 / Virus Database: 271.1.1/2716 - Release Date: 03/01/10 01:34:00

I just caught something I missed at first..

Are you saying you do not 'intentionally' relay through your ISP?

Is your ISP grabbing your outbound port-25 and then proxying for you automatically?

Forced SMTP proxy is something other ISPs (such as AOL) do. The only way to bypass those proxies (assuming you want to) is to secure the services of an off-network SMTP server that accepts AUTH relays on (alt SMTP AUTH) port 587.

The rest of my previous reply still holds.

-john

At 09:07 AM 3/1/2010, you wrote:
>Ok.
>
>my domain is compassitsolutions.com
>
>I send email out from my domain but for some domain destinations is gets relayed to mail.truemail.co.th
>When I check headers mail is sent out of ISP servers such as irgb10.truemail.co.th irpkscout3.truemail.co.th and a couple of others.

No, I intentionally relay for some domains.

I already setup ip4 and the /24 network, it is working, just wanted to know if there was any way to specify some type of wildard * or ? type of character matching.

Thanks,
Harold


________________________________________
From: John Blazek [spf.pobox@logicalsolutns.com]
Sent: Monday, March 01, 2010 10:29 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] help with SPF record for unknown hosts

I just caught something I missed at first..

Are you saying you do not 'intentionally' relay through your ISP?

Is your ISP grabbing your outbound port-25 and then proxying for you automatically?

Forced SMTP proxy is something other ISPs (such as AOL) do. The only way to bypass those proxies (assuming you want to) is to secure the services of an off-network SMTP server that accepts AUTH relays on (alt SMTP AUTH) port 587.

The rest of my previous reply still holds.

-john

At 09:07 AM 3/1/2010, you wrote:
>Ok.
>
>my domain is compassitsolutions.com
>
>I send email out from my domain but for some domain destinations is gets relayed to mail.truemail.co.th
>When I check headers mail is sent out of ISP servers such as irgb10.truemail.co.th irpkscout3.truemail.co.th and a couple of others.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Harold Ohye wrote on Mon, Mar 1 2010 at 11:56 am:

> No, I intentionally relay for some domains.
>
> I already setup ip4 and the /24 network, it is working, just wanted to
> know if there was any way to specify some type of wildard * or ? type of
> character matching.

Using "ptr" is closest but not recommended since it causes a lot of extra DNS lookups and can pull in other hosts unintentionally (such as "www.truemail.co.th". Best is still to get your ISP to publish an SPF record that you can "include," or use a subnet.

By the way you've mentioned "mx" a couple of times...if your server has a fixed IP you can use that and save everyone some extra DNS lookups there as well. Or even "a" instead of "mx."

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- If Jimmy cracks corn and no one cares, why is there a song about it?

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com