Re: [Hampshire] Configuring Sendmail to Internet

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MImran Chaudhry via Hampshire at <-
MMMImran Chaudhry via Hampshire at ->

Reply to this message
Author: Daniel Llewellyn via Hampshire
Date:  
To: Hampshire LUG Discussion List
CC: Daniel Llewellyn
Subject: Re: [Hampshire] Configuring Sendmail to Internet
On Mon, 30 Jul 2018 at 21:20, Imran Chaudhry via Hampshire <
hampshire@???> wrote:

> I understand that sendmail can be configured to just use itself
> locally to send mail - happy days, but people have told me that it
> might open up a can worms such as configuring SPF records etc.
>

While not helpful for the configuration of Sendmail directly, I can help
with SPF:

If you don't currently have any SPF records that indicate your ISP's
mailserver then you will not be penalised further by changing to your own
server sending directly instead of via the smarthost.

However, you should consider adding an SPF record anyway, even if you
remain using a smarthost. Your SPF record should be a DNS record of the
type `TXT` which contains the definition similar to:

v=spf1 mx -all

You can add extra items such as:

- `a` - tells the receiving mail server to accept any IP address specified
in an A record matching your domain, useful to indicate that your webserver
at example.com is also able to send mail directly on your behalf.
- `a:example.com` - same as `a` but includes the name of the domain you
want the A record for.
- `mx` - tells the receiving mail server to accept any IP address specified
in a matching MX record for your domain.
- `ip4:127.0.0.1` - i.e. any valid IPv4 address.
- `ip6:fe80::1` - i.e. any valid IPv6 address.
- `include:example.com` - use the SPF rules specified by example.com to
augment any rules specified directly.

The `include` directive can be useful e.g. for cases where you also send
mail labelled as from your domain via a third-party server such as Gmail:
`include:_spf.google.com`.

Full documentation is at http://www.openspf.org/SPF_Record_Syntax

As another example here is the SPF record I use on my own domain,
bowlhat.net, which allows my main webserver to send mail in addition to
allowing my Gsuite setup from Google:

"v=spf1 a include:_spf.google.com ~all"

I use ~all to cause a SOFTFAIL on any non-matching email where the
receiving email either says "I'm not available right now, try again later"
or accepts and receives the full email but sends it into the SPAM folder. A
HARDFAIL can be indicated by stating -all, which will cause the receiving
server to issue a direct refusal rather than a try again message.

I hope this helps,

Dan.
--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-[Hampshire] Configuring Sendmail to InternetRe: [Hampshire] Configuring Sendmail to Internet->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)