How to configure SPF to pass local IP address?

user46688 asked:

I have a database CentOS 7 server connected to an application CentOS 7 server via a cross connect cable. The mail server resides in the application server, with the following SPF configuration:

v=spf1 +a +mx +ip4:bbb.bbb.bbb.bbb ~all

where and bbb.bbb.bbb.bbb are the external IP addresses for each server.

If the database server wants to send email via the application server using the local IP address (, how can I configure SPF to either pass all local IP addresses (no checking done), or otherwise allow the local IP of to pass SPF authentication?

Is the above configuration sufficient (e.g. based on external IPs), or do I need to do something additional to account for the internal IP address?


I’m using exim for email. To send email from the database server, it authenticates to SMTP as a user on the application server, and sends commands such as ehlo.

My answer:

You ignore SPF entirely in this circumstance.

You have an internal mail server which you intend to relay mail from other internal machines. You should configure it to always accept mail from those machines. How you do that depends on what mail server software you are using, which you didn’t specify. Check its documentation.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.