Roger,
At 02:39 PM 12/10/2004, you wrote:
Alan Maitland wrote:
> "HELO example.com""v=spf1 ip:192.168.1.1 hello=cmtp1 -all"
> - To mean example.com sends from IP 192.168.1.1 and uses cmtp1 hello
> checking
>
> example.com. IN TXT "v=cmtp1 -all"
> - To mean example.com should not be seen as a HELO/ELHO
Is is sufficient to have following:
example.com. IN TXT "v=spf1 ip4:192.168.1.1 -all"
mxsender.example.com. IN TXT "v=spf1 ip4:192.168.1.1 -all"
And configure your MTA at 192.168.1.1 to say "HELO mxsender.example.com"
instead of "HELO example.com". Mail not from 192.168.1.1 is forged anyway,
whether is says "HELO example.com" or not.
Agreed, which is where the confusion I mentioned in my last message with
HELO/EHLO checking stems.
Now, if this issue is where there is not a FROM domain to check, then this
all starts to make sense. But in that case, the receiving MTA is going to
need to get to example.com somehow to check SPF, so the HELO/EHLO checking
is reasonable at the time the MTA received the message. But then the issue
is not so much confirming the HELO/EHLO but making sure that the MTA's
parsers actually do find a correct domain name from the HELO/EHLO so that
the right SPF record can be retrieved.
This still leaves me confused about why HELO/EHLO checking is being done in
SPF records. Is the check for the sending MTA HELO/EHLO parameter at the
receiving MTA or is the receiving MTA looking to get something additional
in an SPF record relating to the check (doing something other than simply
pulling out the domain name to find the SPF record in the first place)?
Roger
Best,
Alan Maitland
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/