-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Constantine A. Murenin wrote:
Is there a way to utilise the EHLO/HELO hostname, which is provided by
the MTA in the greetings part of smtp? I.e., I want to say that every
MTA that claims to have a hostname of format *.example.name, provided
that the domain resolves to the MTA's IP-address, is permitted to send
my mail. That is much more simple and straightforward, isn't it? :-)
And it does not reveal the structure of my network to strangers, does
it?
You could use:
v=spf1 a a:home.example.name -all
If you do NOT want to expose "home.example.name" in your SPF record, you
have to set up a custom DNS server for the domain "_spf.example.name" that
publishes an "A" record for the current dynamic IP address (let's assume
71.0.x.y) of your home MTA:
y.x.0.71._spf.example.name IN A 127.0.0.1
That exact "A" record would be difficult to find by someone who knows
neither your dynamic IP address nor the corresponding host name ("home.
example.name"). Your SPF record could then read:
v=spf1 a exists:%{ir}._spf.example.name -all
If you cannot set up a your own DNS server for "_spf.example.name" that
dynamically adjusts the "A" record to your IP address, you are out of
luck.
Alternatively, DynDNS.org could extend their services and publish such an
"A" record for their customers, for instance under the domain "_spf.
customers.dyndns.org". Then you could use "exists:%{ir}._spf.customers.
dyndns.org" instead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFClNuWwL7PKlBZWjsRAhECAJ9k6GJ2ZRWmhEUYDMpfw8/d7i7SOQCgjIiD
bSuM6h8qY7IPsFLc+oXQqjs=
=xdwO
-----END PGP SIGNATURE-----