SPF/TXT records
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Jun 18 15:14:05 UTC 2009
On 17.06.09 11:19, Jeff Lightner wrote:
> Right my relay might want it but if so that would be in my internal
> view. The Exchange and Sendmail servers only allow relay from specific
> locations and neither is using SPF to authenticate so far as I know.
>
> My question was more related to external view - what do people on the
> internet expect to see defined as SFP/TXT record to verify it is a valid
> email?
People don't expect to see anything, machines even. But If you want others
to be able to reject unauthorised messages from water.com and
waterinvoice.com, put hostname/IP of your linux machine to SPF record for
"waterinvoice.com" and exchange's into "water.com" as I have mentioned
already.
> I'm quite certain Sendmail is not sending any water.com email and that
> Exchange is not sending any waterinvoice.com email based on the Sendmail
> configuration of atuprd01.water.com - it uses a mailer table to
> determine which host to relay through specifically based on the domain
> of the email message "sender".
Good for you. If waterinvoice.com mail origins on linux, and water.com on
exchange, you are done. Otherwise, if other machines send the mail through
these servers, make sure neither one will reject mail because if fails SPF
check. SMTP Authentication should fix that.
> > For example we have a server (atuprd01.water.com) that can not be
> > reached via the internet. Email originating there is relayed through
> > our MS-Exchange server (if sent with domain water.com) or a Linux
> > Sendmail server (if sent with domain waterinvoice.com). All email sent
> > via exchange goes out an IP separate from incoming mail (MX) IP. All
> > email sent via Sendmail has a separate IP from incoming mail (MX) IP.
> > Should the SPF specify the outbound IP (e.g. 12.44.84.204 for
> > atlsnml2.waterinvoice.com) for the Sendmail server email or the IP/name
> > for atuprd01.water.com?
>
> water.com should have your ms exchange's IP and waterinvoice.com should
> have your linux servers' IP. Watch out if there is really no email going
> from water.com via your linux server and no mail coming from
> waterinvoice.com via your exchange server...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
More information about the bind-users
mailing list