spf-discuss
[Top] [All Lists]

Re: Sending mail from dynamic IP-addresses with dynamic PTR hostnames, but constant EHLO/HELO hostnames

2005-05-24 21:01:42
Constantine A. Murenin wrote:

I have a VPS server with IP-address 84.252.xxx.xx. [...]
example.ru has A records to the aforesaid
IP-address and MX records of example.ru. [...]
Each domain has A record to the
aforesaid IP, and it's own name for the MX record.

All of my personal outgoing emails are directed from [...] dynamic IP-address,
right now 71.0.xx.xxx, and hostname nc-71-0-xx-xx.dyn.sprint-hsd.net.
I use the services of dyndns.org for my home server: there is an A
record from example.dyndns.org, [...] My sendmail server thinks
that its name is home.example.name, which is a CNAME to
example.dyndns.org. [...]

I need to create an SPF-record that will allow my VPS server and my
home sendmail server to be the only authorised servers that can send
the mail for all of my domains.

The question is:
[...] how do I set my home server to be authorised to send mail
for all of my domains?

[...] If possible, I would like not to tell the whole internet that my home
mail server's name is home.example.name, I would just like to tell
that it's under the example.name domain.

I haven't been flamed much lately, so I'll take a stab...

How about putting a TXT record into your various "example" zone files, each specifying a SPF policy of "v=spf1 mx a:home.example.name ?all". Once you're satisfied things are working well, "?all" might go to "~all" or "-all"

Since you indicate that each of the various domains has an A record for the VPS and specifies that host as it's MX, the "mx" should do -- though I have seen a marked preference for "a:" even in this case. And since your home system always has the same host name (via dyndns), the "a:" (by name) should work there.

I don't believe, other than having a static IP address for the host in question, that you can do anything about hiding the name of home.example.com. I'm just curious why you'd want to do that... being as you went through the trouble of setting up dyndns and all. Isn't that supposed to support the notion of being found? ;-)

Bill


<Prev in Thread] Current Thread [Next in Thread>