Ilja Booij wrote:
"This is not intended as a recommendation but if you have considered
implementing the new SPF I have been running the Postfix SMTP policy
daemon with Postfix/DbMail with good result."
best...
Mike
Hi Mike,
wouldn't SPF break DBMail's forwarding system, or is that taken care
of 'under the hood'?
Ilja
_______________________________________________
Dbmail mailing list
Dbmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Hey Ilja:
That's a good point. Nothing breaks. Forwarding between the domains
configured in your DNS SPF record is no problem.
I would advise against, and it doesn't make any sense to install an
inbound SPF-policy daemon if you are fowarding mail from the world,
through local user accounts and back out to a specific external address
- your basic relay. Otherwise the transient mail will be marked as SPAM
or blocked depending on your configured SPF default.
I have forwarded test users (on a SPF-enabled-Postfix/DbMail setup) to
a hotmail address and then sending mail from yahoo.com to that test user
address. It doesn't get blocked locally; Microsoft bounces it. Their
system is up and running. Other destinations where there is no sender
policy, have no effect on delivery.
SPF and most of the other "qualified sender" solutions can be limited to
either inbound or outbound mail. Inbound (relative to the MTA) is
handled by the policy daemon and outbound is handled by your DNS SPF
record. In brief terms, the receiving server of your outgoing mail asks
your DNS server if the sending domain is authorized to send mail for the
@domain of the mail. If your DNS server says no, and if your DNS is
configured to authorize a bounce, the mail is bounced. SPF records can
also indicate "don't bounce" (setting is '?all'). For now, if your DNS
server is not configured for SPF, most SPF-enabled servers will accept
the mail anyway.
"Qualified Sender" implementations will completely change how Internet
mail works. It has barely begun.
I just don't think it will go away, Ilja, so I try to figure out some
way to work with it.
best... Mike
