Thanks for the info Dan. I'll look into sendmail specific stuff now.
On Mon, 30 Jul 2018 at 23:53, Daniel Llewellyn <diddledan@???> wrote:
>
>
>
> On Mon, 30 Jul 2018 at 21:20, Imran Chaudhry via Hampshire <hampshire@???> wrote:
>>
>> I understand that sendmail can be configured to just use itself
>> locally to send mail - happy days, but people have told me that it
>> might open up a can worms such as configuring SPF records etc.
>
>
> While not helpful for the configuration of Sendmail directly, I can help with SPF:
>
> If you don't currently have any SPF records that indicate your ISP's mailserver then you will not be penalised further by changing to your own server sending directly instead of via the smarthost.
>
> However, you should consider adding an SPF record anyway, even if you remain using a smarthost. Your SPF record should be a DNS record of the type `TXT` which contains the definition similar to:
>
> v=spf1 mx -all
>
> You can add extra items such as:
>
> - `a` - tells the receiving mail server to accept any IP address specified in an A record matching your domain, useful to indicate that your webserver at example.com is also able to send mail directly on your behalf.
> - `a:example.com` - same as `a` but includes the name of the domain you want the A record for.
> - `mx` - tells the receiving mail server to accept any IP address specified in a matching MX record for your domain.
> - `ip4:127.0.0.1` - i.e. any valid IPv4 address.
> - `ip6:fe80::1` - i.e. any valid IPv6 address.
> - `include:example.com` - use the SPF rules specified by example.com to augment any rules specified directly.
>
> The `include` directive can be useful e.g. for cases where you also send mail labelled as from your domain via a third-party server such as Gmail: `include:_spf.google.com`.
>
> Full documentation is at http://www.openspf.org/SPF_Record_Syntax
>
> As another example here is the SPF record I use on my own domain, bowlhat.net, which allows my main webserver to send mail in addition to allowing my Gsuite setup from Google:
>
> "v=spf1 a include:_spf.google.com ~all"
>
> I use ~all to cause a SOFTFAIL on any non-matching email where the receiving email either says "I'm not available right now, try again later" or accepts and receives the full email but sends it into the SPAM folder. A HARDFAIL can be indicated by stating -all, which will cause the receiving server to issue a direct refusal rather than a try again message.
>
> I hope this helps,
>
> Dan.
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------