1 |
On Apr 25, 2013 11:31 PM, "Vinícius Ferrão" <viniciusferrao@×××××××.br> |
2 |
wrote: |
3 |
> |
4 |
> Hello Robert, |
5 |
> |
6 |
> The internal MTA has an Internet facing address since we have a plenty of |
7 |
them we just use it. |
8 |
> |
9 |
> Ordinary users connect through this internal MTA to send/receive mail. |
10 |
But everything that goes outside of the domain goes through the Postfix |
11 |
server. So I'm just uncertain about this configuration. Since the message |
12 |
originates in the internal MTA and the its relayed to the Postfix server... |
13 |
> |
14 |
> So I just need to know if the SPF record should include the internal MTA |
15 |
too, since the postfix server is already in the SPF declaration. |
16 |
> |
17 |
> Thanks in advance, |
18 |
> |
19 |
> Sent from my iPhone |
20 |
> |
21 |
> On 25/04/2013, at 13:03, "Robert Bridge" <robert@××××××××.com> wrote: |
22 |
> |
23 |
>> Just the internet facing one, as I understand it. Nothing else should |
24 |
ever see the internal MTA, and it may not even have a routable IP address! |
25 |
>> |
26 |
>> |
27 |
>> On 25 April 2013 16:57, Vinícius Ferrão <viniciusferrao@×××××××.br> |
28 |
wrote: |
29 |
>>> |
30 |
>>> Hello Halassy, thanks for your reply. |
31 |
>>> |
32 |
>>> I'm aware of the syntax, I just mistyped it. |
33 |
>>> |
34 |
>>> The main question still continues, should I put both MTAs or just the |
35 |
Internet facing one? |
36 |
>>> |
37 |
>>> Thanks in advance, |
38 |
>>> |
39 |
>>> Sent from my iPhone |
40 |
>>> |
41 |
>>> On 25/04/2013, at 05:14, "Halassy Zoltán" <zhalassy@×××××××.hu> wrote: |
42 |
>>> |
43 |
>>> > Hello! |
44 |
>>> > |
45 |
>>> > Using MX in SPF record is a simple way to describe trivial two-way |
46 |
setups, that is, MX will also send the mails, not just receive them. If you |
47 |
have a non-trivial setup, you can use, for example IP addresses, like ip6: |
48 |
and ip4:. Add every address which from a mail could possibly leave your |
49 |
organization, and that's it, do not use MX. BTW, the syntax is v=spf1, not |
50 |
what you wrote. |
51 |
>>> > |
52 |
>>> > 2013-04-25 01:32 keltezéssel, Vinícius Ferrão írta: |
53 |
>>> >> I've a question about the SPF setup in my domain. |
54 |
>>> >> |
55 |
>>> >> We have two MTAs: an exchange server that does not use SMTP to relay |
56 |
messages to the Internet and a Postfix Mail Gateway on the border to send |
57 |
and receive messages to/from the internet. |
58 |
>>> >> |
59 |
>>> >> The clients connect on the Exchange Server to relay messages to the |
60 |
external world. So an SMTP connection would start in the Exchange, then it |
61 |
relays to the Postfix server and then to the Internet. On the other hand |
62 |
when a message come from the Internet it first arrives in the Postfix |
63 |
server and after the processing it's handled to the Exchange server. |
64 |
>>> >> |
65 |
>>> >> The question is: which SPF TXT string I should use? |
66 |
>>> >> |
67 |
>>> >> The Postfix server is my only MX. And I don't know if I should |
68 |
include the Exchange Server name in the SPF rules. |
69 |
>>> >> |
70 |
>>> >> I was considering: vspf=1 mx -all |
71 |
>>> >> |
72 |
>>> >> But this does not include the Exchange, and I don't know if it's |
73 |
right or not. |
74 |
>>> > |
75 |
>>> > |
76 |
>>> |
77 |
>> |
78 |
|
79 |
Please do not top post; its frowned upon in this list. |
80 |
|
81 |
Now to answer your last question: No need. |
82 |
|
83 |
An SPF record should contain *only* the email server(s) that actually talks |
84 |
to another domain's email server. |
85 |
|
86 |
Since the Exchange server and the Postfix server are in the same domain, |
87 |
and since *only* the Postfix server actually talks to mail servers of |
88 |
*other* domains, you only need to specify the Postfix server in the SPF |
89 |
record. |
90 |
|
91 |
The situation gets complicated, though if you (1) re-relay your email |
92 |
(e.g., through your ISP's mail relay), or (2) use Gmail to act as an "on |
93 |
behalf of" mail server, or (3) both. |
94 |
|
95 |
Just for an example, here's the SPF Record for my previous office: |
96 |
|
97 |
"v=spf1 ip4:174.120.70.145 ip4:174.120.70.155 ip4:49.128.177.72 a mx |
98 |
ip4:49.128.177.71 a:rockefeller.post.co.id a:carnegie.post.co.id include:_ |
99 |
spf.google.com -all" |
100 |
|
101 |
The set of IP addresses are the ISP's mail relay servers; the a: fields are |
102 |
the IP addresses of our cloud servers, and some of us use Gmail as a |
103 |
stand-in for corporate email when we're outside the office. |
104 |
|
105 |
Rgds, |
106 |
-- |