Am 19.07.2016 um 19:00 schrieb Charles Swiger:
On Jul 19, 2016, at 10:28 AM, Reindl Harald <h.rei...@thelounge.net> wrote: [ ... ]2) In the absence of MX records stating otherwise, I expect that any mailserver which sends outbound email should be willing to accept inbound mail for the same domains it terminates or relays email on behalf of.that is not how email worksAs I recall, you were either submitting a bug report about ClamAV and SPF, which seems misguided as you've since acknowledged ("i know that SPF is not relevant for clamav"), or at the least you were looking for feedback about how to better handle legitimate email from paypal.at which you were bouncing due to ClamAV's heuristics.
no, i was submitting what the subject says and explained why it's unacceptable not to be able in a software which tries to make assumptions about phising by no clue about SPF
a) the sender is @mail.paypal.at and not "@epsl1.com"True.b) every smarter setup these days has strictly seperated outbound and inbound serversFalse. Assuming that there is only one correct mail architecture is a major fallacy.
bla - yes there are more ways but your whole stuff about SPF was entirely wrong from the very begin in case of the messages in question
If a mail server sends outbound, it needs to be willing to handle bounces and DSNs for those messages/domains which it sends.
bullshit - the MX does and this servers outbound mail was *not* for a domain below it's own hostname and so it has no business for inbound mail
why? because it's much easier to define MTA policies for spamfiltering when you need not to mix with mail clients and when you do outbound spamfiltering you need completly different rules (no RBL looksups, no PTR checks, different scorings and first of all no postscreen in front which a MUA can't handle)It is reasonable to have different inbound and outbound MTAs to implement different policies? Sure. Is that the only mechanism by which one can have different policies? Nope.
far off-topic the whole discussion just because you where unable to look careful at the one logline and make correct SPF requests while i already told in the orginal mail that i have verified it and even posted the spamassassin SPF_PASS line of the message in question
It is reasonable to trust all local mail and push the burden of checking it upon others? Nope.
did i say that?
You should be applying spamfiltering and especially malware/virus scanning to outbound email just as rigorously as you do to inbound email. In a few cases that I am familiar with, outbound email is screened more carefully than inbound email.
where did i say anything else?but you need different configs as i explained and it should be pretty clear why - there is no point makeing dialup-rbl-tests on a submission client which is typically a enduser somewhere at home
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
