Hello,
I have a VPS server with IP-address 84.252.xxx.xx. Its PTR record is
example.ru, whilst example.ru has A records to the aforesaid
IP-address and MX records of example.ru. The server provides outgoing
http and mostly incoming smtp traffic for all of my domain names. It
hosts the following domains: example.ru, example.me.uk,
example.org.uk, example.org etc. Each domain has A record to the
aforesaid IP, and it's own name for the MX record.
All of my personal outgoing emails are directed from my own sendmail
server at home, which has an ADSL-connection with dynamic IP-address,
right now 71.0.xx.xxx, and hostname nc-71-0-xx-xx.dyn.sprint-hsd.net.
I use the services of dyndns.org for my home server: there is an A
record from example.dyndns.org, which is automatically updated to my
IP-address every time my home server is on. My sendmail server thinks
that its name is home.example.name, which is a CNAME to
example.dyndns.org. I.e. when I send mail from home, one would see the
following Received header on the receiving server:
Received: from home.example.name (nc-71-0-xx-xxx.dyn.sprint-hsd.net
[71.0.xx.xxx])
by example.ru (8.12.10/8.12.10) with ESMTP id j4E48b4b008345
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <test(_at_)example(_dot_)ru>; Sat, 14 May 2005 08:08:39 +0400
(I.e. the EHLO or HELO command has the argument of home.example.name
(if I am not mistaken about smtp), which resolves back to my
ip-address after some CNAMEs.)
I need to create an SPF-record that will allow my VPS server and my
home sendmail server to be the only authorised servers that can send
the mail for all of my domains.
The question is:
How do I permit my mail to pass the SPF-test if an MTA on the other
side is claiming to be one of the *.example.name hosts via smtp
(EHLO/HELO etc), which resolves back to its IP-address? Put it in
other words, how do I set my home server to be authorised to send mail
for all of my domains?
I.e. when someone is about to receive any mail from my hostnames, the
following must be verified about the MTA in question:
1. The A record of the hostname resolves to an IP-address of the MTA
(this is straightforward, "v=spf1 a").
2. The EHLO/HELO argument is the hostname that ends in example.name
and resolves to the IP-address of the connected MTA (this is for my
dynamic connection with dynamic IP-address and dynamic PTR host, but
with constant hostname of home.example.name).
If possible, I would like not to tell the whole internet that my home
mail server's name is home.example.name, I would just like to tell
that it's under the example.name domain.
I have tried to describe the same set-up over and over in this email.
The idea is perfectly well summarised in the Subject line of this
message. :-)
I know for sure that I am not the only one to have such a set-up. If
SPF does not support it, then there is no way that I can adopt it at
its current state.
P.S. I hope it's clear that the 'example' part of the domains is used
as an example, I don't own any of the 'example' example names. :-)
Cheers,
Constantine.