Re: SPF Record on server and reverse lookup zone


"daz_oldham" <Darren.Ratcliffe@xxxxxxxxx> wrote in message
news:1e90b89b-adb3-4c84-8aad-df61f71f7527@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All

I'm really a novice at DNS and I'm trying to configure my dedicated
server with Fasthosts.

SPF is poorly understood by even most "DNS experts" but it isn't
really that hard.

I've got my server configured and nave ns1./ns2.redstarcreative.co.uk
set up, and this controls my 20 or so domains fine. However, I am
having problems with a website that generates automated emails, and my
host tells me I need to configure SPF records and a reverse lookup
zone.

"my host tells me" -- for receiving emails (to you)? or for sending them
TO that somebody else?

If you are using SPF you will need to add any LEGITIMATE senders,
including web email, to your SPF record (which is usually just a TXT
record on modern DNS servers.)

Most people will not refuse your email if you avoid SPF, some will,
that is their choice.

Most people will not refuse your email if you use SPF but don't
specify STRICT but some will.

Do you understand SPF and need help geting it "righ" or is that your real
question that you don't really know about SPF?

My MX records for redstarcreative.co.uk and mail.redstar... point to
an exchange server, and there aren't on my server, so I want to set up
pop.redstarcreative.co.uk (88.208.249.97) and have everyone send/
recieve through this address.

POP (the service, not the name) has nothing to do with SENDING
email. But of course it is entirely common for your client inbound
internet email server (POP or IMAP) to be on the same server as
your SMTP for mail transfers to/from other companies.

IF you are using Exchange you probably don't need a pop service
though -- the mail goes to Exchange and the clients pick it up using
Exchange native protocols instead of pop.

If I want an SPF record that would just let anyone send anything via
that address, what would I need to do in terms of syntax, I currently
have:

SPF syntax is tricky enough that only a few people can just look at
your needs and rattle them off (I can parse through it but can easily
make mistakes) so USE one of the online calculators.


v=spf1 mx -all

But I have no idea what this means or does as I can't understand the
syntax at openspf.org.

Some SPF Best Practices links are here:
http://www.openspf.org/Best_Practices

Testing tools & wizards here:
http://www.openspf.org/
http://www.openspf.org/Tools

The SPF forums have many more (and likely better on average)
people who can help you with any tricky SPF syntax or problems.


Also, when it comes to configuring a reverse lookup zone, what do I
need to put for my Network ID, and do I allow dynamic updates?

Ok, on your public SMTP server (that sends to other domains)
you IDEALLY* need these:

1) Reverse record for the public IP address that recipient SMTP
servers will "See" when you server sends, i.e., the actual public
IP or the public IP on the NAT used by an internally positioned
but public sending SMTP server

2) MX record with SAME name as the IP

3) SMTP Server or HELO name (the one it REPORTS in the HELO
command when it sends email) set to that MX name and reverse name
which are already the same.

4) SPF records that "authorize" or vouch for every server that can
LEGITIMATELY send public email DIRECTLY to recipient
SMTP servers on your domain's behalf

#2 & #3 frequently confuse people because they want to put their
"own Domain name", especially #3 in the SMTP server, in there.

This is NOT necessary and can be seen by the simple fact that an
ISP may be sending email for 1000s of client domains but can only
put ONE name in the SMTP server "HELO" message.

Use whatever the ISP forces you to use.

Part of the goal of email admins is to AVOID receiving email from
people who have a DYNAMIC address since the vast majority
of spam is (or was) from those.

* These are not RFCs or real requirements but SOME email
admins will not take your email unless you do one more of them.

The more of this you leave out the more often your email will
be refused.


.

Relevant Pages

  • Re: ISA 2004 Outbound Traffic funneling through a single IP address
    ... "Sender Policy Framework (SPF) is an attempt to control forged e-mail. ... Is it allowable to have SPF records for different ... outbound traffic from a particular server through a spisific IP Address. ... Is this a limitation with this version of ISA ...
    (microsoft.public.isa.configuration)
  • [SLE] SPF plugin for postfix
    ... IMHO the proper answer is, among other, SPF. ... So, I created an SPF record for my site in my DNS server, (after changing ... Wietse Venema, the creator of postfix, recommends to implement this ... The postfix plugin package is named 'postfix-policyd-SPF'. ...
    (SuSE)
  • Re: Undeliverable Mail
    ... Well adding an spf record is out of the question. ... Yes, our large, cluster-based DNS system is compliant with RFC 1035. ... while EHLO is an Enhanced command. ... > on the properties of the Default SMTP Virtual server. ...
    (microsoft.public.exchange.admin)
  • Re: Sender Spoofing via SMTP
    ... > connect to the server via Telnet to 25 and send my cubemate an email ... the decision to relay mail or not. ... It's called SPF. ... Looks up the SPF record in the DNS for the domain given in MAIL ...
    (Security-Basics)
  • Re: Reverse DNS and mail server
    ... So going back to my original question should my PTR for mx record (server ... > True it checks for the registration of the servers host DNS name (which ... > It may also be checking SPF records but it would foolish to ...
    (microsoft.public.win2000.dns)