On 25/05/05, Julian Mehnle <bulk(_at_)mehnle(_dot_)net> wrote:
Constantine A. Murenin wrote:
What about macros with "h = HELO/EHLO domain"? How could I set it to test
if the HELO/EHLO domain resolves to an ip-address of the connected
client, along with the testing that the domain is in the example.name
zone?
The problem with the %{h} macro is that the HELO/EHLO domain is not
_guaranteed_ to be verified. The SPF specification recommends that
implementations check the HELO domain, too, but it isn't mandated for
historical reasons.
Well, I don't care that some (mostly win32) admins don't maintain
proper helo/ehlo domains -- I do maintain such domains, and so do most
proper-lazy admins. :-)
Are you suggesting that the following isn't going to work for me?
--- begin DNS example---
example.ru. IN TXT "v=spf1 a a:%{h}.a.spf.example.ru -all"
; The following is for my home machine on Sprint DSL with dynamic IP-address.
; I could have just used 'a:home.example.name' for the same SPF result, but
; I don't want to reveal the IP-address and/or the domain name of my
home system.
;
home.example.name.a.spf.example.ru. IN CNAME home.example.name.
home.example.name. IN CNAME example.dyndns.org.
example.dyndns.org. IN A 71.0.xx.xxx
; do I need this for caching purposes?
example.ru.a.spf.example.ru. IN CNAME example.ru.
--- end DNS example---
If this /is/ going to work, do I need to put any extra catch-all
entries to utilise caching? Or do I need the last record
"example.ru.a.spf.example.ru. IN CNAME example.ru."?
Thanks,
Constantine.