spf-discuss
[Top] [All Lists]

Re: MAY vs SHOULD vs MUST

2004-06-22 12:30:18
On Tuesday 22 June 2004 14:09, Karl Prince wrote:

Fixing the external HELO name used by Windows & Exchange 2000/2003 SMTP
takes 30 seconds. Perhaps we should document this somewhere on the
"administrators guide" as a necessary step before publishing (if you run
Windows)?

I agree, a very good idea.

Vehemently (sp?) agree!!!!

Also maybe as part of the setup testing, send an email to a
"test" email account (at pobox maybe), after jumping through a
few hoops for security, which then reports on all aspects of
the configuration.

This could warn of potential issues:

* No SPF record
* SPF record gives a FAIL
* SPF record is outrageous (+ALL, big IP range...)
* Lack of PTR records (or IP encoded PTR records).
* IP is designated as MTAMark=No
* IP is listed as DUL/DHCP in major RBL lists
* others based on policies of AOL etc...

Actually - that is an absolutely "super" idea reglarless of Exchange or not - 
eg for anyone hoping/working/thinking about doing SPF - or any of the 
proposed/discussed/thought-about variations - to have an email address 
someplace you can send a message and have it (the remote system) send you a 
message back with all the "particulars" of your/your domains/servers 
configuration particulars.  Very much like Dnsreports but email based.



However, back to .local, the problem will still apply to
domains not taking part in SPF, since if the sending MTA has has
a mydomain.local HELO which could potentially resolve in the
local DNS of a receiving MTA

Yep, have had a "patch" here locally for a domain/customer who's Exchange 
server is "mis-configured" that way (local.domain) so they can send mail 
through us since just about everyone else in the world refuses their 
connection.

-- 
Larry Smith
SysAd ECSIS.NET
sysad(_at_)ecsis(_dot_)net



<Prev in Thread] Current Thread [Next in Thread>