Email Server Solution

Steve Phillips steve at focb.co.nz
Wed Aug 3 21:57:55 UTC 2005 

On Wed, 3 Aug 2005, Steve Buehler wrote:
>
> Honestly I would like to see SPF become a standard that is enforced by all 
> ISP's.  When it does, that will cut down on the marjority of spam.  It will 
> also force the programmers of the control panels to have it automatically put 
> it in when a site is setup instead of it being a separate process that 
> requires a tech.  Or at least someone other than my boss.  If it isn't done 
> automatically, then it defeats the purpose of having a control panel that is 
> a one step setup process.  It will all be a headache to implement, but might 
> be worth it to get rid of spam and the load on servers.  I will have to look 
> into it some more and see if I can write a script to automatically add this 
> to dns records for the domains that we host.

I think you have missread the SPF descriptions somewhat and don't really 
understand how it fits in with sending e-mail and how it relates to spam.

SPF is designed, not to stop spam, but to ensure that the domain you are 
sending mail from is indeed authorized to act on your behalf. This will in 
turn prevent domain hijacking by spammers as well as phishing attacks by 
people sending mail out as if they were a third party you have an existing 
relationship with.

The SPF record requires NO configuration on the mail server (tho turning 
on such facilities as SMTP Auth is generally considered a good thing [tm]) 
but is rather entirely DNS based, the _only_ thing you need to know is the 
outbound IP addresses of the servers that will send mail for your 
domain(s) and these are added to the DNS TXT record setting up the SPF 
filter.

As a result, most of your supposed problems with setup go away, all you 
need to do is add a new TXT field to all zones saying something like "All 
mail for this domain will come from 1.2.3.4 and soft fail otherwise"

"v=spf1 a:wibble.focb.co.nz ~all"

This is an example of the sort of record you need to add, tho the wizard 
at pobox will set one up for you as well.

If your customer uses their ISP mail server to send out mail then simply 
add this into the SPF record and things will work quite happily.

As for sending outgoing mail bound to a specific IP, this will be pretty 
much impossible with sendmail unless you bind individual copies of 
sendmail to every IP and allocate each copy to each individual customer. 
Not really that practical. You may find something in postfix that could 
potentially do this but dont quote me on that.

-- 
Steve.

More information about the redhat-list mailing list