Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SPF/DNS Question
  FAQ FAQ  Forum Search   Register Register  Login Login

SPF/DNS Question

 Post Reply Post Reply
Author
answerman View Drop Down
Newbie
Newbie


Joined: 22 September 2006
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote answerman Quote  Post ReplyReply Direct Link To This Post Topic: SPF/DNS Question
    Posted: 07 December 2006 at 2:14pm
Not necessarily a Spam Filter question (more of a DNS question), but I assume that this has come up for some of you...

Just installed the eval version of Spam Filter, which gives us SPF filtering (something we did not have in place before).  I had a message from a client fail SPF, and in looking at the logs figured out that the reason is:

She is using her ISP's SMTP server to send mail (due to port 25 blocking for that particular ISP).  Fairly common workaround.  However, the SPF record in DNS for her domain doesn't match as a result, so the message failed Spam Filter's SPF filter.

My solution was to add her ISP's mailserver as an a: argument in the TXT record in DNS, in addition to the ip4: record, like this (names and IP addresses changed to protect the innocent):

(old TXT)
v=spf1 ip4:123.123.123.0/24 -all

(new TXT)
v=spf1 a:smtp.mail.isp.com ip4:123.123.123.0/24 -all

Is this the standard way to solve this?  Or, anyone have a better way?  I have about 10 clients that I expect to have this issue.

Note: I would love to use port 587 as an alternate so that they could just use our SMTP server, but I don't really want to pay Imail's exorbitant price to upgrade just to get the 587 functionality.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 December 2006 at 2:25pm
Yes, adding the "a" section to the SPF record shold work just fine.

As a side-note, SpamFilter supports SSL over SMTP, so you could have your customers connect to SPamFilter via SSL on port 465. In version 3, we also support SMTP authentication via Active Directory, LDAP, and Unix-style password files. Your users could then use SpamFilter as their "outgoing SMTP server" if they can authenticate. If authentication is not an option, you could add their IPs to an IP whitelist so they can relay their emails thru SpamFilter.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.266 seconds.