W dniu 15.07.2024 o 12:06, Matus UHLAR - fantomas via Postfix-users pisze:
On 08.07.24 11:42, natan via Postfix-users wrote:
What you propose use ?
Maybe instead of not accepting such mail will better is change score
in SA ?
This is a policy issue. You can choose your policy to be rejecting
mail with spf=fail, both spf=fail and spf=softfail, or reject any mail
where spf is nof pass or DKIM is not valid as Google set since new year.
so far I have used sailsafe options to use SPF at SA level:
HELO_reject = False
Mail_From_reject = False
PermError_reject = False
TempError_Defer = True
but I'm switching to SPF enforcement:
HELO_reject = Null
Can you get me example reject in Null ?
Mail_From_reject = Fail
PermError_reject = True
TempError_Defer = True
Another option is to reject DMARC failures, in addition to SPF or as
it's replacement.
W dniu 8.07.2024 o 11:36, natan via Postfix-users pisze:
What value do you use in postfix-policyd-spf in PermError_reject ?
HELO_reject = Fail
Mail_From_reject = Fail
#update 20240706
#PermError_reject = False
PermError_reject = True
TempError_Defer = False
I don't know if that's maybe too restrictive PermError_reject
But on the other hand, the sender should have correctly configured
SPF for his domain
--
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
