From 992d534697cab53d5a9e00b75ca2a18356dc9f4e Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Tue, 2 May 2023 20:10:20 +0200
Subject: [PATCH] Tighten SPF record

PowerDNS cuts TXT records at 255 chars
(https://doc.powerdns.com/authoritative/appendices/types.html#txt). This
commit reduces the size by using mx and a SPF policy entries.
---
 cacert.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cacert.org b/cacert.org
index 9065e6b..7f76a7a 100644
--- a/cacert.org
+++ b/cacert.org
@@ -19,7 +19,7 @@ cacert.org	43200	IN	NS	ns4.cacert.org.
 
 ; SPF and DKIM
 ; SPF allows www, secure, www1, email, infra02, emailout, ping
-cacert.org	43200	IN	TXT	"v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 ip6:2001:7b8:616:28:50::11 -all"
+cacert.org	43200	IN	TXT	"v=spf1 a mx a:emailout.cacert.org a:secure.cacert.org a:www1.cacert.org ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip6:2001:7b8:616:28:50::11 -all"
 
 auto._domainkey.cacert.org	43200	IN	TXT	"v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB"
 mail._domainkey.cacert.org	43200	IN	TXT	"v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB"