spf-discuss
[Top] [All Lists]

Re: spf entries for which hosts ???

2004-10-11 04:16:32
Hi,

This is more of an spf-help question, but anyway:

You want to publish spf records for _all_ of your domains (think about
how spf checking works, and what it protects against). For those domains
that are used in MAIL FROM / envelope from or HELO you want to publish
spf records which contain all of your _outgoing_ mail servers. 

Eg. if you have domains a.tld, b.tld, c.tld and all your outgoing mail
servers are in the IP block 192.168.0.0/24 (that is 192.168.0.0 till
192.168.0.255 as you probably already knew) then you would publish
"v=spf1 ip4:192.168.0.0/24 -all" (or ~all of course, for testing
initially). If you also have www.a.tld, www.b.tld, etc.. which are never
ever used for MAIL FROM or HELO, publish "v=spf1 -all" for those
domains.

Some more documentation to read:

http://spf.pobox.com/mechanisms.html
http://spf.pobox.com/faq.html

and the 'background reading' stuf fin the sitemap of spf.pobox.com

Hope this helps,

Koen

On Mon, Oct 11, 2004 at 11:25:46AM +0200, Margrit Lottmann wrote:
We are interested in SPF.
I'm the postmaster from our university.

We're working with a number of virtual domains
     uni-magdeburg.de      for functional addresses
     urz.uni-magdeburg.de  compute centre
     mathematik.uni-magdeburg.de mathematics
     ...
(in the DNS there are MX records that control smtp transfer
 to that domains to our mailrelay servers (exim MTA)

There are also a number of smtp servers that send/receive
emails to/from that mailrelay servers.

If there are following servers

  server1.urz.uni-magdeburg.de
  server2.et.uni-magdeburg.de
  server3.math.uni-magdeburg.de

that can send emails with the domain part urz.uni-magdeburg.de
...

Which spf entries I have to write for server1,server2,server3 ???


--
Mit freundlichen Gruessen  
M.Lottmann

 Otto - von - Guericke  Universitaet      __  __   ____ _____         _   __
               Magdeburg                 / / / /  / __ \__  /        / | / /
 ------------------------------------   / / / /  / /_/ / / / ______ /  |/ /
           Margrit Lottmann            / /_/ /  / _, _/ / /_______// /|  /
       Universitaetsrechenzentrum      \____/  /_/ |_| /____/     /_/ |_/
         Netze & Kommunikation

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/