how to handle SPF records for spilt dns
Noel Butler
noel.butler at ausics.net
Tue Aug 3 02:23:29 UTC 2010
On Mon, 2010-08-02 at 22:13 -0400, donovan jeffrey j wrote:
> Greetings
>
> i have an internal dns server it resolvs all my queries from the inside.
> I have a mail system requesting an spf record. Should i add the same record on the inside as i do for the outside ? i don't want internal address space to mess with external.
>
> i would say just place it on my external dns. But it's an internal content filter that is asking for the record, so then shouldn't place it on the inside?
>
> any insight suggestions and flames welcome
>
Hi,
Why not have internal clients use smtp auth on submission only, and
bypass spf (and other anti uce) tests?
If postfix (since its the MTA used in your post, youm likely are), use:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o receive_override_options=no_milters
But anyway, when I ran split views, I used spf on internal range using
the int IP, but used ~all in place of -all (which I use on externals).
Cheers
Noel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100803/6834cbf7/attachment.html>
More information about the bind-users
mailing list