Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Regarding to 

Jira
serverTornevall Networks
serverIdef1f2374-e58a-319f-9d38-10348dbac859
keyINFRA-12
, if using Tornevall Networks SMTP relaying for domain names and SPF are required, following settings are recommendedRelaying pointers. SPF pointers are kept for being backwards compatible.

Primary Configuration

For most of the domains, those rows should be used:

No Format
@ IN SPF "v=spf1 include:_spf.tornevall.net

...

 -all"

...


@ IN TXT "v=spf1 include:_spf.tornevall.net

...

 -all"


This SPF limits relaying to our local servers. The former "~all" has been changed to "-all" to prevent softfails. If the sender is not the specified hosts defined by tornevall.net, you can safely reject the mail completely.

For tornevall.se and hosts that needs external relays like telia, etc (observe that country zone is se)

No Format
@ IN SPF "v=spf1 include:_spf.tornevall.se

...

 -all"

...


@ IN TXT "v=spf1 include:_spf.tornevall.se

...

 -all"


This list of relays includes ISP-servers that may be required for sending mail outside our SMTP address range.
If you really need other relays, contact support@tornevall.net and tell. In that case, relays will be included at tornevall.se or similar. 

Ranges described

Divided into inclusions

No Format
_spf.tornevall.net IN TXT "v=spf1 include:_

...

spfblockv4.tornevall.net include:_

...

spfblockv6.tornevall.net include:_

...

spfblockrelay.tornevall.net

...

 -all";

or

No Format
_spf.tornevall.se IN TXT "v=spf1 include:_

...

spfblockv4.tornevall.net include:_

...

spfblockv4.tornevall.net include:_

...

spfblockrelay.tornevall.net include:_

...

spfblocktelia.tornevall.net

...

 -all";


Categorized as

No Format
// Safe
_spfv4tblock IN TXT "v=spf1 ip4:194.71.111.240/28 ip4:88.80.19.161 ip4:

...

194.

...

71.

...

111.243 ip4:212.63.209.62 ip4:212.63.208.0/28 ip4:194.71.111.244 ip4:10.1.1.0/24 -all"
_spfv6tblock IN TXT "v=spf1 ip6:2a01:299:a0::/48 ip6:2001:470:7ece::/48

...

 -all"


// Safe
_spfblockrelay.tornevall.net IN TXT "v=spf1 ip4:185.9.166.80 ip6:2a01:298:f001::/48

...

 a:webmail.tornevall.net a:smtp.tornevall.net a:tornevall.net a:i-s-vg-k-se-mailrelay1.tornevall.net -all"


// Unsafe
_spfblocktelia.tornevall.net IN TXT "v=spf1 ip4:

...

81.

...

236.

...

60.

...

128/26 ip4:81.236.60.192/28 include:_spf-a.telia.net include:_spf-b.telia.net include:_spf-c.telia.net include:_spf-2.telia.com -all"


// Deprecated unsafe
_spfblockteliaold IN TXT "v=spf1 ip4:81.236.60.192/27 ip4:62.20.233.140

...

Where _spfextblock may be the unsafe part here.

 ip4:81.236.60.0/24 a:v-smtpout2.han.skanova.net -all"