From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-server+bounces-3842-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id F40231381F3
	for <garchives@archives.gentoo.org>; Thu, 25 Apr 2013 16:02:43 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BC539E0B19;
	Thu, 25 Apr 2013 16:02:36 +0000 (UTC)
Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D0AECE0992
	for <gentoo-server@lists.gentoo.org>; Thu, 25 Apr 2013 16:02:35 +0000 (UTC)
Received: by mail-wi0-f169.google.com with SMTP id h11so9399601wiv.2
        for <gentoo-server@lists.gentoo.org>; Thu, 25 Apr 2013 09:02:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-received:x-originating-ip:in-reply-to:references
         :date:message-id:subject:from:to:content-type:x-gm-message-state;
        bh=G2I6YPM63KTHbgboT3dIJjP3egRjb2c0sZs2L7vwe9Q=;
        b=YaJ8cieB8xMV/RDRtIAm6l2wyevrtOexKFFufTXKYRW9AKbSlxcqx8A9dGXdU1PzcB
         jrXPlr9hn+zEOG8z1+g/TaCnUAbRW6DxdkwgZpVKQr1eBkBOdAQLzbHPjutczvbD15Jw
         IKkXfZ9b6jBra1XT+NQN+JNIhK6QZ3NpCtlR88q92dCHP+rcLWOhGFEk6k9CUbWgSWlE
         /N2QYTiMld+LN/rKcMKeE7n4yrSRPHFZBQYkM/A8E0VfOJqI+f4ofY7lBliH6orI6rcp
         DIFPzvsCL7TYwPJouohHCc9APK5yEIPQmPX7D36J3toXf1lj5NTBi2rvf7l8iuq9Mqsl
         Z8Ew==
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@lists.gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.180.211.50 with SMTP id mz18mr89170932wic.24.1366905754472;
 Thu, 25 Apr 2013 09:02:34 -0700 (PDT)
Received: by 10.194.163.36 with HTTP; Thu, 25 Apr 2013 09:02:34 -0700 (PDT)
X-Originating-IP: [87.198.140.106]
In-Reply-To: <82B6ED86-7EE5-43D7-B90C-E7D70B317456@if.ufrj.br>
References: <E845D0DB-9678-4C0B-A025-6AC81F3CDE56@if.ufrj.br>
	<5178E5AF.1090509@loginet.hu>
	<82B6ED86-7EE5-43D7-B90C-E7D70B317456@if.ufrj.br>
Date: Thu, 25 Apr 2013 17:02:34 +0100
Message-ID: <CA+Uub+c31vJ57rfoZLcJO5DUsK5k4QgE_VHLf8nYCreZjEEfHw@mail.gmail.com>
Subject: Re: [gentoo-server] SPF Record with Multiple Servers
From: Robert Bridge <robert@robbieab.com>
To: gentoo-server@lists.gentoo.org
Content-Type: multipart/alternative; boundary=001a11c25d28efe5fa04db318bcd
X-Gm-Message-State: ALoCoQlimffiUrVU4lRyYqpGRdRr3+pxKLeXlg/ieScvO2Wrpsf6rCN4p8tm4wDapoGNQ955SCNj
X-Archives-Salt: c4aa6938-ab4e-40de-92e6-9b99c37658cb
X-Archives-Hash: e8165271ab3e3db143a09f420a7b2e48

--001a11c25d28efe5fa04db318bcd
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Just the internet facing one, as I understand it. Nothing else should ever
see the internal MTA, and it may not even have a routable IP address!


On 25 April 2013 16:57, Vin=EDcius Ferr=E3o <viniciusferrao@if.ufrj.br> wro=
te:

> Hello Halassy, thanks for your reply.
>
> I'm aware of the syntax, I just mistyped it.
>
> The main question still continues, should I put both MTAs or just the
> Internet facing one?
>
> Thanks in advance,
>
> Sent from my iPhone
>
> On 25/04/2013, at 05:14, "Halassy Zolt=E1n" <zhalassy@loginet.hu> wrote:
>
> > Hello!
> >
> > Using MX in SPF record is a simple way to describe trivial two-way
> setups, that is, MX will also send the mails, not just receive them. If y=
ou
> have a non-trivial setup, you can use, for example IP addresses, like ip6=
:
> and ip4:. Add every address which from a mail could possibly leave your
> organization, and that's it, do not use MX. BTW, the syntax is v=3Dspf1, =
not
> what you wrote.
> >
> > 2013-04-25 01:32 keltez=E9ssel, Vin=EDcius Ferr=E3o =EDrta:
> >> I've a question about the SPF setup in my domain.
> >>
> >> We have two MTAs: an exchange server that does not use SMTP to relay
> messages to the Internet and a Postfix Mail Gateway on the border to send
> and receive messages to/from the internet.
> >>
> >> The clients connect on the Exchange Server to relay messages to the
> external world. So an SMTP connection would start in the Exchange, then i=
t
> relays to the Postfix server and then to the Internet. On the other hand
> when a message come from the Internet it first arrives in the Postfix
> server and after the processing it's handled to the Exchange server.
> >>
> >> The question is: which SPF TXT string I should use?
> >>
> >> The Postfix server is my only MX. And I don't know if I should include
> the Exchange Server name in the SPF rules.
> >>
> >> I was considering: vspf=3D1 mx -all
> >>
> >> But this does not include the Exchange, and I don't know if it's right
> or not.
> >
> >
>
>

--001a11c25d28efe5fa04db318bcd
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Just the internet facing one, as I understand it. Nothing =
else should ever see the internal MTA, and it may not even have a routable =
IP address!</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quo=
te">
On 25 April 2013 16:57, Vin=EDcius Ferr=E3o <span dir=3D"ltr">&lt;<a href=
=3D"mailto:viniciusferrao@if.ufrj.br" target=3D"_blank">viniciusferrao@if.u=
frj.br</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"=
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello Halassy, thanks for your reply.<br>
<br>
I&#39;m aware of the syntax, I just mistyped it.<br>
<br>
The main question still continues, should I put both MTAs or just the Inter=
net facing one?<br>
<div class=3D"im HOEnZb"><br>
Thanks in advance,<br>
<br>
Sent from my iPhone<br>
<br>
</div><div class=3D"HOEnZb"><div class=3D"h5">On 25/04/2013, at 05:14, &quo=
t;Halassy Zolt=E1n&quot; &lt;<a href=3D"mailto:zhalassy@loginet.hu">zhalass=
y@loginet.hu</a>&gt; wrote:<br>
<br>
&gt; Hello!<br>
&gt;<br>
&gt; Using MX in SPF record is a simple way to describe trivial two-way set=
ups, that is, MX will also send the mails, not just receive them. If you ha=
ve a non-trivial setup, you can use, for example IP addresses, like ip6: an=
d ip4:. Add every address which from a mail could possibly leave your organ=
ization, and that&#39;s it, do not use MX. BTW, the syntax is v=3Dspf1, not=
 what you wrote.<br>

&gt;<br>
&gt; 2013-04-25 01:32 keltez=E9ssel, Vin=EDcius Ferr=E3o =EDrta:<br>
&gt;&gt; I&#39;ve a question about the SPF setup in my domain.<br>
&gt;&gt;<br>
&gt;&gt; We have two MTAs: an exchange server that does not use SMTP to rel=
ay messages to the Internet and a Postfix Mail Gateway on the border to sen=
d and receive messages to/from the internet.<br>
&gt;&gt;<br>
&gt;&gt; The clients connect on the Exchange Server to relay messages to th=
e external world. So an SMTP connection would start in the Exchange, then i=
t relays to the Postfix server and then to the Internet. On the other hand =
when a message come from the Internet it first arrives in the Postfix serve=
r and after the processing it&#39;s handled to the Exchange server.<br>

&gt;&gt;<br>
&gt;&gt; The question is: which SPF TXT string I should use?<br>
&gt;&gt;<br>
&gt;&gt; The Postfix server is my only MX. And I don&#39;t know if I should=
 include the Exchange Server name in the SPF rules.<br>
&gt;&gt;<br>
&gt;&gt; I was considering: vspf=3D1 mx -all<br>
&gt;&gt;<br>
&gt;&gt; But this does not include the Exchange, and I don&#39;t know if it=
&#39;s right or not.<br>
&gt;<br>
&gt;<br>
<br>
</div></div></blockquote></div><br></div>

--001a11c25d28efe5fa04db318bcd--