On December 8, 2015 2:59:57 PM EST, Daniel Pocock <dan...@pocock.pro> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > > > >On 08/12/15 20:43, Marco d'Itri wrote: >> On Dec 08, Daniel Pocock <dan...@pocock.pro> wrote: >> >>> Can anybody comment on the recommended way to allow mail >>> forwarded from debian.org mail servers? >> You whitelist them from your SPF checks, because SPF is the kind of >> FUSSP which requires the whole Internet to modify their servers to >> support forwarding. >> > >But what exactly does somebody need to whitelist to allow mail >forwarded from a debian.org address? > >Should check_helo_access be used with a domain or IP or some other >value specific to mail forwarded by Debian's MTA?
The easiest way to do it, assuming you're using postfix-policyd-spf-python, is within the policy server. See man 5 policyd-spf. There are several whitelist options. I think PTR whitelist on bendel.debian.org will probably do it. Scott K
