Thanks for the info Dan. I'll look into sendmail specific stuff now. On Mon, 30 Jul 2018 at 23:53, Daniel Llewellyn <[email protected]> wrote: > > > > On Mon, 30 Jul 2018 at 21:20, Imran Chaudhry via Hampshire > <[email protected]> wrote: >> >> I understand that sendmail can be configured to just use itself >> locally to send mail - happy days, but people have told me that it >> might open up a can worms such as configuring SPF records etc. > > > While not helpful for the configuration of Sendmail directly, I can help with > SPF: > > If you don't currently have any SPF records that indicate your ISP's > mailserver then you will not be penalised further by changing to your own > server sending directly instead of via the smarthost. > > However, you should consider adding an SPF record anyway, even if you remain > using a smarthost. Your SPF record should be a DNS record of the type `TXT` > which contains the definition similar to: > > v=spf1 mx -all > > You can add extra items such as: > > - `a` - tells the receiving mail server to accept any IP address specified in > an A record matching your domain, useful to indicate that your webserver at > example.com is also able to send mail directly on your behalf. > - `a:example.com` - same as `a` but includes the name of the domain you want > the A record for. > - `mx` - tells the receiving mail server to accept any IP address specified > in a matching MX record for your domain. > - `ip4:127.0.0.1` - i.e. any valid IPv4 address. > - `ip6:fe80::1` - i.e. any valid IPv6 address. > - `include:example.com` - use the SPF rules specified by example.com to > augment any rules specified directly. > > The `include` directive can be useful e.g. for cases where you also send mail > labelled as from your domain via a third-party server such as Gmail: > `include:_spf.google.com`. > > Full documentation is at http://www.openspf.org/SPF_Record_Syntax > > As another example here is the SPF record I use on my own domain, > bowlhat.net, which allows my main webserver to send mail in addition to > allowing my Gsuite setup from Google: > > "v=spf1 a include:_spf.google.com ~all" > > I use ~all to cause a SOFTFAIL on any non-matching email where the receiving > email either says "I'm not available right now, try again later" or accepts > and receives the full email but sends it into the SPAM folder. A HARDFAIL can > be indicated by stating -all, which will cause the receiving server to issue > a direct refusal rather than a try again message. > > I hope this helps, > > Dan.
-- Please post to: [email protected] Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
