Mailing List Archive

On Wed, Jul 21, 2004 at 01:35:16PM +0200, Iván Eguiguren wrote:
> Hi all:
>
> I'd want to send emails from my DMZ servers to the Intranet thru my
> MX which features SPF. These are emails just for administrative
> porpouses. I don't want to publish this machines in the SPF registers as
> they only will send email inside my domain. Is there any way to bypass
> email server's SPF for these machines/ips?

What you probably want here is to have a 'local policy', which boils down
to giving your spf implementation a special spf record (eg. by entering
it in your mta's config). Most spf implementations have an option for
a local policy.

You'll probably have to do this for both the receiving ends (unless you're
rewriting the envelope from) and your MX.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In my case, using the spf-milter from spf.pobox.com, there is a file
called whitelist in /var/spf-milter. I added internal ip addresses
to that file to allow mail from my internally natted machines
without having to publish DNS records for those addresses.
- -David

Koen Martens wrote:
| On Wed, Jul 21, 2004 at 01:35:16PM +0200, Iván Eguiguren wrote:
|
|>Hi all:
|>
|> I'd want to send emails from my DMZ servers to the Intranet thru my
|>MX which features SPF. These are emails just for administrative
|>porpouses. I don't want to publish this machines in the SPF
registers as
|>they only will send email inside my domain. Is there any way to bypass
|>email server's SPF for these machines/ips?
|
|
| What you probably want here is to have a 'local policy', which
boils down
| to giving your spf implementation a special spf record (eg. by
entering
| it in your mta's config). Most spf implementations have an option for
| a local policy.
|
| You'll probably have to do this for both the receiving ends
(unless you're
| rewriting the envelope from) and your MX.
|
| Koen
|

- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/pBWCzuSgviBh00RAuZpAKCzpND1uXfuBN90jGwbKg6FdSlnjgCgmt1b
LMewNYuqhlP65Pb2TFDWpnQ=
=rZ+c
-----END PGP SIGNATURE-----

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

You can setup whitelists through your MTA as well; with qmail, setup a
/var/qmail/control/tcp.smtp file with entries like so:

216.27.182.172:allow,RELAYCLIENT=""


Sean

Iván Eguiguren wrote:

> Hi all:
>
> I'd want to send emails from my DMZ servers to the Intranet thru my
> MX which features SPF. These are emails just for administrative
> porpouses. I don't want to publish this machines in the SPF registers as
> they only will send email inside my domain. Is there any way to bypass
> email server's SPF for these machines/ips?
>
> Thank you.
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi all:

I should have said that I use Sendmail and spf-milter. Thank you to
every one who reply.

Spacial thanks to David Williams and Sean who lead me to the
whitelists feature. I solved my problem through whitelist.

As David said, you must place a file called 'whitelist' in the value
of $basedir (it's /var/spf-milter by default).

I've found it googling after that trace: site:spf.pobox.com whitelist
The first link is http://spf.pobox.com/sendmail-milter-INSTALL.txt
The following extract shows the answer:

5. WHITELISTING
---------------

As of version 1.41, spf-milter now supports the use of a whitelist,
consisting of individual IP addresses, and/or IP netblocks expressed in CIDR
notation.

The whitelist is OPTIONAL. It does not need to exist. But if it does, each
and every line needs to contain a valid entry (IP address, or network
address in proper CIDR notation). Commentary/empty lines are allowed. Valid
entries, for example, are:

127.0.0.1 # my local machine.
192.168.64.0/24
10.0.0.0/8
192.68.1.0-192.68.1.255
192.68.0.0/16

Connections from IP addresses in the whitelist are exempted from SPF-checks,
and are treated as authenticated.

To use the whitelist, place a text file called "whitelist" in the spf-milter
basedir. Per default, therefore, spf-milter expects the whitelist to be
'/var/spf-milter/whitelist'. The full name, however, is affected by the
global variable $basedir; and the full path to the whitelist is formed as
follows:

my $whitelist_file = $basedir . '/whitelist';

Changes to the whitelist require a restart.

Hope this help the next with this kind of problem.

Thank you all.

On Wed, 2004-07-21 at 18:47, Sean wrote:
> You can setup whitelists through your MTA as well; with qmail, setup a
> /var/qmail/control/tcp.smtp file with entries like so:
>
> 216.27.182.172:allow,RELAYCLIENT=""
>
>
> Sean
>
> Iván Eguiguren wrote:
>
> > Hi all:
> >
> > I'd want to send emails from my DMZ servers to the Intranet thru my
> > MX which features SPF. These are emails just for administrative
> > porpouses. I don't want to publish this machines in the SPF registers as
> > they only will send email inside my domain. Is there any way to bypass
> > email server's SPF for these machines/ips?
> >
> > Thank you.
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com