Re: Newbie-esque SPF deployment questions

Jeremy Chadwick schrieb:

Some remodle the entries:
-------
 > parodius.com.		IN TXT  "v=spf1 mx ~all"
 > parodius.com.		IN MX 10 mx1.parodius.com.
 > mx1.parodius.com.	IN A    64.62.145.229
------
these entries belong logocal together

SPF -> MX
MX -> mx1.parodius.com.
mx1.parodius.com. ->   64.62.145.229
Only Mails _from_ 64.62.145.229 are good.

--------
 > mx1.parodius.com.	IN TXT  "v=spf1 a -all"
 > mx1.parodius.com.	IN A    64.62.145.229
--------
these entries belongs logical together

Mails from 64.62.145.229 are good when "@mx1.parodius.com" (Old Mail-Adresses before the time of the MX-entries)
In the RFCs a Mailhost must rechable also per postmaster <at> mx1.parodius.com. and postmaster@[64.62.145.229].
I Think therefore is the SPF-entry for mx1.
and for mails from <> (in DSNs) which is postmaster <at> mx1.parodius.com

-----
 > parodius.com.		IN A    64.62.145.226
------
Is not nessesary for Mailing, it has nothing to do with SPF

 >>>pts  rule name              description
 >>>---- ---------------------- --------------------------------------------------
 >>>0.5  SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 >>>                            [SPF failed: Please see http://spf.pobox.com/why.html?sender=username%40parodius.com&ip=65.95.32.147&receiver=pentarou.parodius.com]

Says:
the mail comes from  65.95.32.147
65.95.32.147 = Toronto-HSE-ppp3714352.sympatico.ca
which is not 64.62.145.229.
that makes it softfail

 > This confuses me greatly, as pentarou.parodius.com == 64.62.145.226,
 > which has nothing to do with our SMTP setup.

You have also:
-------
pentarou.parodius.com MX (Mail Exchanger) Priority: 10 mx1.parodius.com
-------
this mean you can have mailadresses with user <at> pentarou.parodius.com
have the user
user <at> parodius.com
send it to user <at> pentarou.parodius.com
and spamassin take the letters after the @ to make the message?

best reguards
Franz Gstaettner