mouss pisze:
no reason to overreact. I am not seeing SAV abuse (but I am seeing
backscatter and spam).
And I do under some circumstances. If I have SPF record, then I'm
helping the other side to check if mail with sender from my domain is
permitted or not. This means that sender already had to pass my tests
and was permitted by my server to send mail. Why in hell would I give
another resources to do checks which are *really* useless in such
configuration? I know that SPF is not the cure for everything, but in
war SPF vs SAV I prefer SPF which I can control rather than SAV which
can be abused with backscatter.
let me fork a little: SAV on _header_ addresses is plain dumb:
Dec 15 11:25:33 imlil postmx/smtpd[23878]: NOQUEUE: warn: RCPT from
chlothar.bnv-bamberg.de[217.146.130.193]: Transaction logged:
PTR=chlothar.bnv-bamberg.de; from=<spamch...@bnv-bamberg.de>
to=<mo...@netoyen.net> proto=ESMTP helo=<bnv-bamberg.de>
if you post to the spamassassin-users list, and you log transactions,
you'll see such probes.
Have you any clue whether they do those probes if sender's domain has
SPF record? In case they do SAV if sender's domain is not using SPF/DKIM
I'd say it's acceptable for me.
Pawel Lesniak
