Nethence Newdoc Olddoc Lab Your IP BBDock  

Playing with MX A PTR TXT records and DKIM

A + MX + TXT

You should publicly advertise a corresponding A record for the MX pointer, as a CNAME cannot used for that purpose. You cannot use a CNAME for the pointers covered by the SPF records either. It is not possible to have the same “Name” for a CNAME record and other records. So make sure your DNS settings are all good and SPF ready e.g.,

mx IN A PUBLIC_IP
mx2 IN A BKPMX_PUBLIC_IP

@ IN MX 10 mx
@ IN MX 20 mx2

* IN TXT "v=spf1 include:_spf.example.com -all"
@ IN TXT "v=spf1 include:_spf.example.com -all"
_spf IN TXT "v=spf1 mx include:iap-example.com ?a:some-alternate-smarthost -all"

Note. If you need to fill-in a long list of smart-hosts that are not already listed in the TXT record of the IAP (free.fr in this case),

* 10800 IN TXT "v=spf1 include:_spf.nethence.com -all"
@ 10800 IN TXT "v=spf1 include:_spf.nethence.com -all"
_free 10800 IN TXT "v=spf1 ?a:smtp1-g21.free.fr ?a:smtp2-g21.free.fr ?a:smtp3-g21.free.fr ?a:smtp4-g21.free.fr ?a:smtp5-g21.free.fr ?a:smtp6-g21.free.fr -all"
_spf 10800 IN TXT "v=spf1 mx include:sfr.fr include:gandi.net include:_free.nethence.com -all"

Note. Gandi advocated SPF vs no Free SPF

And check once those are populated (the delay mostly depends on the last records' TTL),

host -t mx nethence.com
host -t txt nethence.com
host -t txt spoof.nethence.com

host mx.nethence.com
host mx2.nethence.com

Also further validate using online tools or eventually the specific spfquery_static tool.

Refs.

PTR

If you want your MX to be able to send messages to other secure SMTPs on the public network, you might have to fix your own PTRs (sometimes done at the ISP side which is holding your IP address).

PUBLIC_IP IN PTR mx.nethence.com.
BKPMX_PUBLIC_IP IN PTR mx2.nehtence.com.

References


Home | GitHub | Donate | Feedback