On Fri, 18 Jun 2004, Karl Prince wrote:
Not happy to disagree with Meng, but here goes
In the above example SPF records, I believe that
www.example.com TXT "v=spf1 a -all"
is incorrect, and should be
www.example.com TXT "v=spf1 -all"
Since www.example.com should/would never be a sender domain,
and for a bounce it would use it's HELO of example.com as the
sender domain
Perhaps www.example.com *should* never be a sender domain ... but I have
seen many cases where a web server has a formmail [shudder] script that
calls a local sendmail directly. www's sendmail executable sends the mail
through another mail server (mx1.example.com or whatever), which then
delivers it to the destination mail server.
Even though I am starting to feel comfortable with SPF in scenarios that
involve two MTAs (or a MSA--mail submission agent--and a destination MTA),
I'm still uncertain about a few scenarios that involve three "MTAs". I can
handle the following 3-MTA scenario:
- The mailing-list scenario, where the list server modifies the envelope
sender to be the list [pseudo-]owner. (This effectively changes a 3-MTA
scenario into a 2-MTA scenario.)
I'm still mulling over the 3-MTA scenario that is exemplified by
www.example.com:
1. www.example.com calls sendmail directly (as a program) or through an
SMTP conversation to 127.0.0.1:587 or :25.
2. www.example.com's sendmail initiates an SMTP conversation with
mx1.example.com
3. mx1.example.com's sendmail SMTP mailer initiates a conversation with
the destination mail server.
I feel pretty confident that the 3-MTA scenario involving www will
work--as long as I (the assumed owner or mx1.example.comand
www.example.com) set up my SPF records correctly for both www and mx1.
Excuse the rambling ... Thank you Meng and everyone else for your
contributions to SPF etc.!
--
Weldon Whipple
weldon(_at_)whipple(_dot_)org