Re: Setting up SPF in Postfix for sending
Scott Kitterman schreef op 2013-08-16 21:06: b...@bitrate.net wrote: On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. You may want to check thread 9.3.3 - SPF record checks from May 30 2013 on the bind-users mailinglist. Hans
Re: Setting up SPF in Postfix for sending
On Saturday, August 17, 2013 12:16:03 Hans Spaans wrote: Scott Kitterman schreef op 2013-08-16 21:06: b...@bitrate.net wrote: On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. You may want to check thread 9.3.3 - SPF record checks from May 30 2013 on the bind-users mailinglist. He's wrong about what most SPF libraries do. Most don't query for the RR type at all, but we'll see how the IETF last call works out. It is a matter of some controversy. Thanks, Scott K
Re: Setting up SPF in Postfix for sending
On 16.08.2013, at 08:50, Titanus Eramius tita...@aptget.dk wrote: [DNS] I tend to simply use v=spf1 mx -all since my setup is simple, but you can see the entire syntax here http://www.openspf.org/SPF_Record_Syntax Hmm, I used to have just that configuration in my DNS for more than a year, but very recently I got some rejections upon delivery of mails from my published mx records (mx1.my-domain.tld and mx2.my-domain.tld) in DNS stating: | An SPF-enabled mail server rejected a message from a mail server claiming | to be mx1.my-domain.tld. | | An SPF-enabled mail server received a message from mx1.my-domain.tld (1.2.3.4) | from a mail server claiming to be mx1.my-domain.tld. | | The domain mx1.my-domain.tld has not published an SPF policy. It is possible | that the receiving mail server refuses all mail from domains that do not have | an SPF policy. I do understand http://www.openspf.org/SPF_Record_Syntax that the mx in v=spf1 mx -all will tell: Accept mail from *any* published mx of a given domain, right? For he time being (before I really do understand SPF) I'm back to run DNS without SPF, shrug. Regards, Michael
Re: Setting up SPF in Postfix for sending
Thu, 15 Aug 2013 22:56:53 -0700 skrev Rob Tanner rtan...@linfield.edu: I've googled around a quite a bit and while I can find lots of instruction on what I need in order for Postfix to validate incoming mail, I find nothing about what I need to do to make sure Postfix does whatever it needs to do to make sure the MTA receiving the mail validates it. And the dearth of information in that category also You can't, since it's up to the receiver to do whatever checks they wish. That includes SPF. begs the question, is there a special header that Postfix need to include in the message (as in DKIM) or do the receiving MTAs, if they're setup to use SPF just automatically do the DNS lookups? What is it, besides adding the correct the DNS TXT records, do I need to do on my end. Nope, nothing to setup in Postfix to support SPF on outgoing mail, besides making sure the TXT / SPF record matches the sending server. I tend to simply use v=spf1 mx -all since my setup is simple, but you can see the entire syntax here http://www.openspf.org/SPF_Record_Syntax Thanks, Rob Cheers
Re: Setting up SPF in Postfix for sending
On 8/16/2013 12:56 AM, Rob Tanner wrote: I've googled around a quite a bit and while I can find lots of instruction on what I need in order for Postfix to validate incoming mail, I find nothing about what I need to do to make sure Postfix does whatever it needs to do to make sure the MTA receiving the mail validates it. And the dearth of information in that category also begs the question, is there a special header that Postfix need to include in the message (as in DKIM) or do the receiving MTAs, if they're setup to use SPF just automatically do the DNS lookups? What is it, besides adding the correct the DNS TXT records, do I need to do on my end. Nothing else. Just the TXT record in DNS. This should have been clear to you after reading the receiver side requirements, i.e. how the receiver checks SPF records. -- Stan
Re: Setting up SPF in Postfix for sending
On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. -ben
Re: Setting up SPF in Postfix for sending
b...@bitrate.net wrote: On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. The is, however, unrelated to postfix. Either spf-discuss or spf-help would be appropriate. See www.openspf.org/Forums for information about these lists. Scott K
Re: Setting up SPF in Postfix for sending
On Aug 16, 2013, at 15.06, Scott Kitterman post...@kitterman.com wrote: I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. interesting. thank you for calling attention to this. -ben
Setting up SPF in Postfix for sending
I've googled around a quite a bit and while I can find lots of instruction on what I need in order for Postfix to validate incoming mail, I find nothing about what I need to do to make sure Postfix does whatever it needs to do to make sure the MTA receiving the mail validates it. And the dearth of information in that category also begs the question, is there a special header that Postfix need to include in the message (as in DKIM) or do the receiving MTAs, if they're setup to use SPF just automatically do the DNS lookups? What is it, besides adding the correct the DNS TXT records, do I need to do on my end. Thanks, Rob