On 3/10/12, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 09.03.2012 17:23, schrieb Nick Edwards: >> On 3/10/12, Reindl Harald <h.rei...@thelounge.net> wrote: >>> >>> >> >> logs are no good because it simply says rejected (ip) spf -all method. >> >> all other settings wont help either since the two new settings smtp >> bind address and inet_interfaces are simply IP's given, as in my OP > > logs are good because they show the connection IP! > > also you SPF-records are important > do you have different SPF views (WAN/LAN) > are the SPF records on all views sane? > > "smtp -o smtp_bind_address=xx" in main.cf works for sure
> __________________________ > > what type of entries are you using in your SPF record? > i found out that a/mx entries sometimes making troubles and since > we changed our backend to use only ip and let the backend > translate servernames automatically whle generating the > zone-files i never saw a single spf-error the last 2 years SPF is setup correctly, I've been setting up SPF for a great many years , even back in the old qmail days, I know our SPF records are perfect (I am no newbie to mail systems, just not 100% expert in postfix) > thelounge.net. 86400 IN SPF "v=spf1 ip4:91.118.73.15 > ip4:91.118.73.20 ip4:91.118.73.17 > ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 > ip4:91.118.73.1 ip4:89.207.144.27 -all" > > thelounge.net. 86400 IN TXT "v=spf1 ip4:91.118.73.15 > ip4:91.118.73.20 ip4:91.118.73.17 > ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 > ip4:91.118.73.1 ip4:89.207.144.27 -all" > > yes but I also include 'mx' and I never use 'a' or ptr, they are IMHO too wide, BTW, I hope you also use spf2.0 settings as well, makes it easier to get higher confidence level in sending to hotmail/live.com :-> Given what Wietse has said, I am tending more towards spfpolicy.pl on master, but I'm too tired and it's late, so I'll investigate more after some sleep. Nik
