"Alex" == Alex van den Bogaerdt
"Re: Re: How does one distinguish between authorizing MAIL FROM and HELO"
Mon, 29 Jan 2007 16:58:24 +0100
Alex> On Mon, Jan 29, 2007 at 10:33:01AM -0500, John A. Martin
Alex> wrote:
>> I'm afraid again I was unclear or confused. The question is
>> for a setup where the MAIL FROM uses a collective domain as in
>> <local-part(_at_)example(_dot_)com> and the outgoing SMTP relays use
their
>> FQDNs in their HELO commands. To simplify, assume a single
>> outbound relay and
>>
>>>> example.com. TXT "v=spf1 ip4:192.168.0.1 -all"
>>>> host1.example.com. TXT "v=spf1 ip4:192.168.0.1 -all"
Alex> A connection from the host with address 192.168.0.1:
Alex> SMTP session: HELO host1.example.com SPF:
Alex> - fetch the record at host1.example.com
Alex> - result: "v=spf1 ip4:192.168.0.1 -all"
Alex> - compare: "ip4:192.168.0.1" against 192.168.0.1 -> MATCH
Alex> - use prefix "+" (implicit here)
Alex> - return PASS
[...]
Alex> Host with name "example.com" is the only one authorized to
Alex> say "HELO example.com". However, all other hosts on that
Alex> network should be authorized to say "MAIL
Alex> FROM:<(_dot_)(_dot_)(_dot_)(_at_)example(_dot_)com>", that's why the
entire subnet is
Alex> authorized to use domain name "example.com".
Alex> Host with name "mail2.example.com" is the only one
Alex> authorized to say "HELO mail2.example.com". No other host
Alex> needs to use this domain name so that's why the SPF record
Alex> for domain "mail2.example.com" only needs to authorize IP
Alex> address 192.168.0.2
Exactly what is wanted and what is gotten!
Your nicely laid out examples showed me immediately where I was mixed
up. Thank you very much for your patience setting it out so clearly.
Next time I am confused, maybe laying out the scenario as you have
illustrated will save everybody some time and myself more than a
little embarrassment.
jam
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
pgpjTRklvn3Qd.pgp
Description: PGP signature