Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
wizard setup for multiple domains on 1 IP
macmedix at nathanson
Jul 20, 2004, 1:30 PM
Post #1 of 2 (1733 views)
Permalink
I'm really not sure of the correct answers to put into the SPF wizard.
Maybe you can help me understand.

I have a email server with about 20 domains. It's just my friends & club
members, none of us are spammers. It's not an open relay, and only my
friends and club members can get an email account on my server. I host
the email server on a DSL line. The DSL ISP is not interested in setting
up a reverse DNS record for me, and even if they did, that would only be
for 1 of the 20 domain names.

I have a number of "alias accounts" which only forward email, others are
full POP3 mailboxes. Does that change anything? I'm running CommuniGate
Pro email server. When I check my server at www.DNSStuff.com, they say my
mail mx is properly set up & reverses ok. It's a static IP & never changes.

One domain I have is sbamug.com if you look it up, you can see the ip
number (66.159.201.77) and name (adsl-66-159-201-77.dslextreme.com). I
find it interested that the SPF Wizard says it finds 2 mx for me, both
the domain I'm looking up, and also the other name for the same machine;
(adsl-66-159-201-77.dslextreme.com).

So there are several names for my mail server:
sbamug.com (one of my several domains)

and then these 3 are the same no matter which domain I am talking about:
adsl-66-159-201-77.dslextreme.com
66.159.201.77 (public IP)
192.168.2.220 (my side of the router)

Should I set up one domain for SPF, and add all the other domain names
under it?
Do I just use the 2 names of mydomain.com and (adsl-66-159-201-
77.dslextreme.com)?
Should I use the name my ISP uses for my IP address as the "official" mx?
(adsl-66-159-201-77.dslextreme.com)

All of my domains are on a single IP number. ZoneEdit does allow for a
text record in the DNS, so if I knew what to put in there, I could
support SPF records in my DNS.

Is it best to just accept the default info that the wizard gives me?

Since I have several domains, and I'm not sure to use the ISP's name or
my domains names, I'm confused about what to do with this. I don't want
to make things worse by entering incorrect data.
Any suggestions?

Best,
Dave Nathanson

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: wizard setup for multiple domains on 1 IP [ In reply to ]
spf at metro
Jul 21, 2004, 3:17 AM
Post #2 of 2 (1672 views)
Permalink
Hi,

What you need to do is publish spf records for all of the domains you want to protect
against forgery. For example, suppose you run your MTA for domain1.com and domain2.com.
You then need to publish spf records for both these domains, and these spf records should
contain the servers that are allowed to send mail for those domains.

Now, i don't know what your situation is, but you need to determine what servers do send
mail for these domains. If, for example, your own MTA has the ip 1.2.3.4, and this is
the only outgoing server that is used to send mail from domain1.com and domain2.com you
would publish "v=spf1 ip4:1.2.3.4 -all". If domain1.com and domain2.com resolve to 1.2.3.4
you could also say "v=spf1 a -all".

Remember what SPF records are for: they publish for a domain which servers are
permitted to send mail pretending to be from that domain. As a corollary, you will
also need to publish spf records for subdomains of domain?.com. Suppose you have an
explicit A record for www.domain1.com, and you never send mail that is from that
subdomain (eg. user@www.domain1.com), you would publish "v=spf1 -all" for that
subdomain, saying 'no mail server is permitted to send mail pretending to be from
www.domain1.com'.

You might also want to look at: http://spf.pobox.com/mechanisms.html. A wizard is nice,
but it sure helps to understand what the output of the wizard actually means.

Hope this helps. Any more questions: just ask!

Koen

On Tue, Jul 20, 2004 at 01:30:57PM -0700, Dave Nathanson wrote:
> I'm really not sure of the correct answers to put into the SPF wizard.
> Maybe you can help me understand.
>
> I have a email server with about 20 domains. It's just my friends & club
> members, none of us are spammers. It's not an open relay, and only my
> friends and club members can get an email account on my server. I host
> the email server on a DSL line. The DSL ISP is not interested in setting
> up a reverse DNS record for me, and even if they did, that would only be
> for 1 of the 20 domain names.
>
> I have a number of "alias accounts" which only forward email, others are
> full POP3 mailboxes. Does that change anything? I'm running CommuniGate
> Pro email server. When I check my server at www.DNSStuff.com, they say my
> mail mx is properly set up & reverses ok. It's a static IP & never changes.
>
> One domain I have is sbamug.com if you look it up, you can see the ip
> number (66.159.201.77) and name (adsl-66-159-201-77.dslextreme.com). I
> find it interested that the SPF Wizard says it finds 2 mx for me, both
> the domain I'm looking up, and also the other name for the same machine;
> (adsl-66-159-201-77.dslextreme.com).
>
> So there are several names for my mail server:
> sbamug.com (one of my several domains)
>
> and then these 3 are the same no matter which domain I am talking about:
> adsl-66-159-201-77.dslextreme.com
> 66.159.201.77 (public IP)
> 192.168.2.220 (my side of the router)
>
> Should I set up one domain for SPF, and add all the other domain names
> under it?
> Do I just use the 2 names of mydomain.com and (adsl-66-159-201-
> 77.dslextreme.com)?
> Should I use the name my ISP uses for my IP address as the "official" mx?
> (adsl-66-159-201-77.dslextreme.com)
>
> All of my domains are on a single IP number. ZoneEdit does allow for a
> text record in the DNS, so if I knew what to put in there, I could
> support SPF records in my DNS.
>
> Is it best to just accept the default info that the wizard gives me?
>
> Since I have several domains, and I'm not sure to use the ISP's name or
> my domains names, I'm confused about what to do with this. I don't want
> to make things worse by entering incorrect data.
> Any suggestions?
>
> Best,
> Dave Nathanson
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal