Just the internet facing one, as I understand it. Nothing else should ever see the internal MTA, and it may not even have a routable IP address!
On 25 April 2013 16:57, Vinícius Ferrão <viniciusfer...@if.ufrj.br> wrote: > Hello Halassy, thanks for your reply. > > I'm aware of the syntax, I just mistyped it. > > The main question still continues, should I put both MTAs or just the > Internet facing one? > > Thanks in advance, > > Sent from my iPhone > > On 25/04/2013, at 05:14, "Halassy Zoltán" <zhala...@loginet.hu> wrote: > > > Hello! > > > > Using MX in SPF record is a simple way to describe trivial two-way > setups, that is, MX will also send the mails, not just receive them. If you > have a non-trivial setup, you can use, for example IP addresses, like ip6: > and ip4:. Add every address which from a mail could possibly leave your > organization, and that's it, do not use MX. BTW, the syntax is v=spf1, not > what you wrote. > > > > 2013-04-25 01:32 keltezéssel, Vinícius Ferrão írta: > >> I've a question about the SPF setup in my domain. > >> > >> We have two MTAs: an exchange server that does not use SMTP to relay > messages to the Internet and a Postfix Mail Gateway on the border to send > and receive messages to/from the internet. > >> > >> The clients connect on the Exchange Server to relay messages to the > external world. So an SMTP connection would start in the Exchange, then it > relays to the Postfix server and then to the Internet. On the other hand > when a message come from the Internet it first arrives in the Postfix > server and after the processing it's handled to the Exchange server. > >> > >> The question is: which SPF TXT string I should use? > >> > >> The Postfix server is my only MX. And I don't know if I should include > the Exchange Server name in the SPF rules. > >> > >> I was considering: vspf=1 mx -all > >> > >> But this does not include the Exchange, and I don't know if it's right > or not. > > > > > >
