Hi Doug:
If you visit http://spf.pobox.com/wizard.html
you will be able to test your DNS SPF records, if that is what you seek.
There is no co-relationship between Spamassassin and an SPF daemon that
I know about.
SPF is a sender policy framework wherein mail claiming to originate from
a server which did not authorize mail for the @domain in the "from"
line, gets rejected. For example, mail claiming to be from Yahoo,
Hotmail, AOL, Earthlink, etc. sent from an ADSL line in Kuala Lampour
will get rejected. Same with the very legitimate-looking scam mail
claiming to come from Citibank, Paypal, Amex etc. will get nailed.
Viruses spoofing the "from" line in the header will get rejected etc.
At present most people are setting very tolerant defaults for SPF.
If the name server does not respond with a record, the SPF policy daemon
issues "DUNNO". The tolerant default is a "pass".
Hope this helps.
best...
mike
Doug Stanley wrote:
I have a question. Is there some sort of plugin or something that I
can use like a sS test to check for spf records and then
adjust the spamassassin score accordingly? Or is this a simple
allow/deny type thing for now?
I'd rather start with adjusting spamassassing scores for now than
completely denying messages right away...
Doug
mike wrote:
Ilja Booij wrote:
"This is not intended as a recommendation but if you have considered
implementing the new SPF I have been running the Postfix SMTP policy
daemon with Postfix/DbMail with good result."
best...
Mike
Hi Mike,
wouldn't SPF break DBMail's forwarding system, or is that taken care
of 'under the hood'?
Ilja
_______________________________________________
Dbmail mailing list
Dbmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Hey Ilja:
That's a good point. Nothing breaks. Forwarding between the domains
configured in your DNS SPF record is no problem.
I would advise against, and it doesn't make any sense to install an
inbound SPF-policy daemon if you are fowarding mail from the world,
through local user accounts and back out to a specific external
address - your basic relay. Otherwise the transient mail will be
marked as SPAM or blocked depending on your configured SPF default.
I have forwarded test users (on a SPF-enabled-Postfix/DbMail setup)
to a hotmail address and then sending mail from yahoo.com to that
test user address. It doesn't get blocked locally; Microsoft bounces
it. Their system is up and running. Other destinations where there is
no sender policy, have no effect on delivery.
SPF and most of the other "qualified sender" solutions can be limited
to either inbound or outbound mail. Inbound (relative to the MTA) is
handled by the policy daemon and outbound is handled by your DNS SPF
record. In brief terms, the receiving server of your outgoing mail
asks your DNS server if the sending domain is authorized to send mail
for the @domain of the mail. If your DNS server says no, and if your
DNS is configured to authorize a bounce, the mail is bounced. SPF
records can also indicate "don't bounce" (setting is '?all'). For
now, if your DNS server is not configured for SPF, most SPF-enabled
servers will accept the mail anyway.
"Qualified Sender" implementations will completely change how
Internet mail works. It has barely begun.
I just don't think it will go away, Ilja, so I try to figure out some
way to work with it.
best... Mike
_______________________________________________
Dbmail mailing list
Dbmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
Dbmail mailing list
Dbmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
