Need DNS records help for single server (and IP), and multi-domain mail server.
Reindl Harald
h.reindl at thelounge.net
Wed Aug 23 23:47:43 UTC 2017
Am 23.08.2017 um 22:59 schrieb Tom Browder:
> On Wed, Aug 23, 2017 at 2:28 PM, Tom Browder <tom.browder at gmail.com> wrote:
> ...
>> I have a single remote server with one IP address (142.54.186.2) I am using
>> it to host multiple, independent domains. I am working on configuring a
>> single postfix instance to serve mail for all domains (assuming I can
>> successfully rewrite appropriate parts of mail in and out).
>>
>> Given such a configuration described in the first paragraph, does the
>> following set of DNS records for a domain look look appropriate:
>
> Based on all the comments, I've modified the OP list to this:
>
> # For each domain X.TLD:
> X.TLD. IN A 142.54.186.2.
> *.X.TLD. IN CNAME X.TLD.
> X.TLD. IN MX 10 X.TLD.
> X.TLD. IN TXT "v=spf1 mx ?all"
>
> How's that set?
terrible - the wildcard would allow forged mail with "@a.x.tld",
"@b.x.tld" and so on and the "?all" SPF is completly useless
why it is important to not allow random hostnames?
beause you should have SPF records for every valid hostname
http://www.openspf.org/FAQ/Common_mistakes
http://www.openspf.org/FAQ/Common_mistakes#helo
arrakis.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
prometheus.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
otherwise only @example.com *itself* is protected from forging, our
homegrown DNS backend automatcially publishes SPF records for every
hostname in every domain
also avoid "v=spf1 mx" - why?
because it's a useless DNS lookup on the receiver
publish ip-adresses whenever possible - the connecting IP is known for
free, the MX is not relevant on the destination server when receive
email as long as you force the lookup by careless SPF records
More information about the bind-users
mailing list