Why does Alias add smtp.gmail.com only have one IP?

Started by king039, August 29, 2023, 03:54:27 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 31, 2023, 12:21:00 AM #15
As the article clearly tells, the ranges may change in the future (and actually did since the article was written in 2017). AFAIK, there are no aliases in OpnSense to resolve SPF TXT records, so using an alias is not automatic.

Also, the three SPF netblocks are a subset of Google's AS, for which an OpnSense automatic alias type exists. By limiting access to SMTP and SUBMISSION ports for those IPs, restrictions should be fair enough for this purpose without the need to manually update anything - actually, any Google SMTP server in the future will also reside in AS15169.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
August 31, 2023, 10:05:07 AM #16
Quote from: meyergru on August 31, 2023, 12:21:00 AM
Also, the three SPF netblocks are a subset of Google's AS, for which an OpnSense automatic alias type exists.

OK, you suggest an Alias based on BGP ASN 15169 (which is Googles AS number), right?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 31, 2023, 10:18:21 AM #17
I did exactly that a few posts ago.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
August 31, 2023, 02:13:21 PM #18
> As the article clearly tells, the ranges may change in the future (and actually did since the article was written in 2017). AFAIK, there are no aliases in OpnSense to resolve SPF TXT records, so using an alias is not automatic.

True I did not dispute that. I was referring to the "ping" script that "tries" to built a list of all IP addresses which fails miserably for the same reason the alias doesn't work.


Cheers,
Framco
September 07, 2023, 09:43:17 AM #19
Quote from: franco on August 30, 2023, 10:22:32 PM
...

Oh look I googled it and that's a top suggestion:

https://www.sourceonetechnology.com/gmail-ip-address-ranges/

Was this so hard? Now you can fix your leaky host alias to be a proper network alias.

To quote from your link:

Quote...as of September 2017 ...

Still up to date? I doubt. I would go with the solution proposed by meyergru, whole google range with relevant ports blocked...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
September 07, 2023, 11:12:59 AM #20
Ok. Instead of focusing on a random link from Google I posted that has a viable solution maybe you want to focus on the fact that I never said it's not going to be outdated.

You want me to not post it because someone later said there is a better solution? I think that is the point of progressing this discussion.


No cheers from me for this,
Franco
Print
Go Up Pages 1 2
User actions