Hi,
This is more of an spf-help question, but anyway:
You want to publish spf records for _all_ of your domains (think about
how spf checking works, and what it protects against). For those domains
that are used in MAIL FROM / envelope from or HELO you want to publish
spf records which contain all of your _outgoing_ mail servers.
Eg. if you have domains a.tld, b.tld, c.tld and all your outgoing mail
servers are in the IP block 192.168.0.0/24 (that is 192.168.0.0 till
192.168.0.255 as you probably already knew) then you would publish
"v=spf1 ip4:192.168.0.0/24 -all" (or ~all of course, for testing
initially). If you also have www.a.tld, www.b.tld, etc.. which are never
ever used for MAIL FROM or HELO, publish "v=spf1 -all" for those
domains.
Some more documentation to read:
http://spf.pobox.com/mechanisms.html
http://spf.pobox.com/faq.html
and the 'background reading' stuf fin the sitemap of spf.pobox.com
Hope this helps,
Koen
On Mon, Oct 11, 2004 at 11:25:46AM +0200, Margrit Lottmann wrote:
We are interested in SPF.
I'm the postmaster from our university.
We're working with a number of virtual domains
uni-magdeburg.de for functional addresses
urz.uni-magdeburg.de compute centre
mathematik.uni-magdeburg.de mathematics
...
(in the DNS there are MX records that control smtp transfer
to that domains to our mailrelay servers (exim MTA)
There are also a number of smtp servers that send/receive
emails to/from that mailrelay servers.
If there are following servers
server1.urz.uni-magdeburg.de
server2.et.uni-magdeburg.de
server3.math.uni-magdeburg.de
that can send emails with the domain part urz.uni-magdeburg.de
...
Which spf entries I have to write for server1,server2,server3 ???
--
Mit freundlichen Gruessen
M.Lottmann
Otto - von - Guericke Universitaet __ __ ____ _____ _ __
Magdeburg / / / / / __ \__ / / | / /
------------------------------------ / / / / / /_/ / / / ______ / |/ /
Margrit Lottmann / /_/ / / _, _/ / /_______// /| /
Universitaetsrechenzentrum \____/ /_/ |_| /____/ /_/ |_/
Netze & Kommunikation
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/