On 11/3/23 05:04, Jeremy Ardley wrote:

All you need to do is generate an SPF record authorising your fixed IP(s) to send mail for your domain(s).

You don't need need to have control over the forward and reverse DNS of the IPs, but it is pretty much required that your ISP has forward and reverse entries for them.

In my case I have a static IPv4 from which much of my mail is sent (too few IPv6 mail servers as yet). I also have an IPv6 /56 range and I authorize a very small part of that range to send mail on my behalf.

You may run into problems if your IP address is in a range that is blacklisted due to some addresses being used to spam. I'm not sure if IPv6 ranges have got into that category as yet.

I just checked the headers of this mail as received from the list. I was a bit surprised (pleasantly) to see debian is using IPv6 mail services.

The headers show my dual stack edge router/mailer used an IPv6 connection to Bendel rather than an IPv4 connection.

Received: from edge.bronzemail.com 
(2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net 
[IPv6:2403:5800:c000:1b7:f3d4:d970:ca28:bf4f])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest 
SHA256)
        (Client did not present a certificate)
        by bendel.debian.org (Postfix) with ESMTPS id 79E372070F
        for <debian-user@lists.debian.org>; Fri, 10 Mar 2023 21:04:57 +0000 
(UTC)

(Now to figure out why 'client did not present a certificate'. The edge 
router/mailer has a letsencrypt certificate, so I guess I'll have to tweak 
postfix a bit.)

--
Jeremy
(Lists)

Reply via email to