Matus UHLAR - fantomas via Postfix-users:
>- Create a wild-card SPF policy for *.raystedman.org that permits
>all your SMTP client IP addresses.
Sorry: wildcard in DNS only applied for non-existing names and since
the hostname already exists:
On 04.06.24 13:02, Wietse Venema via Postfix-users wrote:
Perhaps you are confusing wildcards with CNAME. With CNAME, there
can be no other record type with the same name. There is no such
restriction for wildcards.
I have an example:
*.single-wild.porcupine.org. IN A 168.100.3.4
This returns an A record for foo.single-wild.porcupine.org:
% host -t a foo.single-wild.porcupine.org
foo.single-wild.porcupine.org has address 168.100.3.4
But no TXT record for foo.single-wild.porcupine.org:
% host -t txt foo.single-wild.porcupine.org
foo.single-wild.porcupine.org has no TXT record
Here, the wildcard applies only to A queries.
What I mean is: wildcard TXT (SPF) record for *.single-wild.porcupine.org
only applies to wildcarded hosts, not to any other record explicitly
defined in single-wild.porcupine.org zone.
Thus, when A record for mail01-t122.raystedman.org already exists, the
*.raystedman.org TXT record will not cover it and explicit TXT for
mail01-t122.raystedman.org must be created (I see it's been done)
mail.example.com A 192.0.2.1
mail.example.com TXT "v=spf1 a -all"
- query for mail.example.com will only return one of these
*.example.com A 192.0.2.2
*.example.com TXT "v=spf1 -all"
and/or perhaps:
*.example.com MX .
- these won't be returned for mail.example.com.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
