On 25/05/05, Julian Mehnle <bulk(_at_)mehnle(_dot_)net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Constantine A. Murenin wrote:
Is there a way to utilise the EHLO/HELO hostname, which is provided by
the MTA in the greetings part of smtp? I.e., I want to say that every
MTA that claims to have a hostname of format *.example.name, provided
that the domain resolves to the MTA's IP-address, is permitted to send
my mail. That is much more simple and straightforward, isn't it? :-)
And it does not reveal the structure of my network to strangers, does
it?
You could use:
v=spf1 a a:home.example.name <http://home.example.name> -all
If you do NOT want to expose "home.example.name <http://home.example.name>"
in your SPF record, you
have to set up a custom DNS server for the domain "_spf.example.name" that
publishes an "A" record for the current dynamic IP address (let's assume
71.0.x.y) of your home MTA:
y.x.0.71._spf.example.name IN A 127.0.0.1 <http://127.0.0.1>
That exact "A" record would be difficult to find by someone who knows
neither your dynamic IP address nor the corresponding host name ("home.
example.name <http://example.name>"). Your SPF record could then read:
v=spf1 a exists:%{ir}._spf.example.name -all
If you cannot set up a your own DNS server for "_spf.example.name" that
dynamically adjusts the "A" record to your IP address, you are out of
luck.
Alternatively, DynDNS.org <http://DynDNS.org> could extend their services
and publish such an
"A" record for their customers, for instance under the domain "_spf.
customers.dyndns.org <http://customers.dyndns.org>". Then you could use
"exists:%{ir}._spf.customers.
dyndns.org <http://dyndns.org>" instead.
What about macros with "h = HELO/EHLO domain"? How could I set it to test if
the HELO/EHLO domain resolves to an ip-address of the connected client,
along with the testing that the domain is in the
example.name<http://example.name>zone?
Constantine.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com