Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
A bit lost on: Approve any host whose name ends...
nocmonkey at gmail
Jul 29, 2004, 1:22 PM
Post #1 of 3 (1440 views)
Permalink
I am confused on the following: "Do you want to just approve any host
whose name ends in example.org?"

Here is our current config for our domain (example.org is being used
for example reasons):

Domain: example.org
MX Record: mx1.examplemail.org
MX Relay: mx1.examplemail.org

mx1.examplemail.org handles all incoming and outgoing mail for example.org.

Based on this, how would you recommend we setup our SPF?

On a side note, down the road, we might implement mx2.examplemail.org
as a backup MX, therefore, in future how would we setup our SPF?

Thank you!

..D

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: A bit lost on: Approve any host whose name ends... [ In reply to ]
marc at alaia
Jul 29, 2004, 1:35 PM
Post #2 of 3 (1441 views)
Permalink
Danny,

There are a few ways to take care of this and none of them are really any better than any other.

I would recommend using:
example.org IN TXT "v=spf1 mx -all"

This allows for any machine that is in an MX record to send mail on your behalf. So for now, since you have one MX record and one mail relay, you are set. To add another MX relay, you would create the A record for it, then create the MX record and it would then be authorized to send mail (i.e. SPF record does not need to be updated).

An easy alternative is to use the ptr: method. An example of this would be to set your spf record like this:
example.org IN TXT "v=spf1 ptr:examplemail.org -all"

This means that if I get a mail from IP addr 1.2.3.4, I do a reverse DNS lookup on 1.2.3.4. If the resulting DNS name ends in ".examplemail.org" AND the forward-lookup of <result> is 1.2.3.4, then the result is a PASS.

Alternatively, you could just use:
example.org IN TXT "v=spf1 a:mx.examplemail.org -all"
and when you add a second server, you could change it to:
example.org IN TXT "v=spf1 a:mx.examplemail.org a:mx2.examplemail.org -all"



Hope that helped.

Marc

>
> From: Danny <nocmonkey@gmail.com>
> Date: 2004/07/29 Thu PM 04:22:35 EDT
> To: spf-help@v2.listbox.com
> Subject: [spf-help] A bit lost on: Approve any host whose name ends...
>
> I am confused on the following: "Do you want to just approve any host
> whose name ends in example.org?"
>
> Here is our current config for our domain (example.org is being used
> for example reasons):
>
> Domain: example.org
> MX Record: mx1.examplemail.org
> MX Relay: mx1.examplemail.org
>
> mx1.examplemail.org handles all incoming and outgoing mail for example.org.
>
> Based on this, how would you recommend we setup our SPF?
>
> On a side note, down the road, we might implement mx2.examplemail.org
> as a backup MX, therefore, in future how would we setup our SPF?
>
> Thank you!
>
> ..D
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: A bit lost on: Approve any host whose name ends... [ In reply to ]
friz at godshell
Jul 29, 2004, 1:36 PM
Post #3 of 3 (1430 views)
Permalink
Danny wrote:

>I am confused on the following: "Do you want to just approve any host
>whose name ends in example.org?"
>
>
This would mean that any ip that resolves to an example.org domain would
be covered by the SPF record... ie, your webserver could send mail and
be covered, as could your ftp server, etc. provided they were in the
example.org domain.

>Here is our current config for our domain (example.org is being used
>for example reasons):
>
>Domain: example.org
>MX Record: mx1.examplemail.org
>MX Relay: mx1.examplemail.org
>
>
I believe that all you need is to add this : "v=spf1 mx -all"

That would permit your mailserver to send mail and no others.

>mx1.examplemail.org handles all incoming and outgoing mail for example.org.
>
>Based on this, how would you recommend we setup our SPF?
>
>On a side note, down the road, we might implement mx2.examplemail.org
>as a backup MX, therefore, in future how would we setup our SPF?
>
>
Nothing would change with the current records, you'd just add an
additional record to cover mx2 ...

>Thank you!
>
>..D
>
>

Someone please correct me if I'm wrong! :)


--
---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz@godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal