On 11/3/23 05:04, Jeremy Ardley wrote:
All you need to do is generate an SPF record authorising your fixed
IP(s) to send mail for your domain(s).
You don't need need to have control over the forward and reverse DNS
of the IPs, but it is pretty much required that your ISP has forward
and reverse entries for them.
In my case I have a static IPv4 from which much of my mail is sent
(too few IPv6 mail servers as yet). I also have an IPv6 /56 range and
I authorize a very small part of that range to send mail on my behalf.
You may run into problems if your IP address is in a range that is
blacklisted due to some addresses being used to spam. I'm not sure if
IPv6 ranges have got into that category as yet.
I just checked the headers of this mail as received from the list. I was
a bit surprised (pleasantly) to see debian is using IPv6 mail services.
The headers show my dual stack edge router/mailer used an IPv6
connection to Bendel rather than an IPv4 connection.
Received: from edge.bronzemail.com
(2403-5800-c000-1b7-f3d4-d970-ca28-bf4f.ip6.aussiebb.net
[IPv6:2403:5800:c000:1b7:f3d4:d970:ca28:bf4f])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id 79E372070F
for <debian-user@lists.debian.org>; Fri, 10 Mar 2023 21:04:57 +0000
(UTC)
(Now to figure out why 'client did not present a certificate'. The edge
router/mailer has a letsencrypt certificate, so I guess I'll have to tweak
postfix a bit.)
--
Jeremy
(Lists)
