On 8/9/2010 9:29 AM, Nicolas Michel wrote:
Hello,
I want to know if there is a way to reject connections from
host not listed in the MX records of the domain it claims to be.
For example : a host with IP WWW.XXX.YYY.ZZZ try so send a
mail to my domain (we'll call it mydomain.be) and claims that
the sender is u...@otherdomain.com
If WWW.XXX.YYY.ZZZ is not a MX server of otherdomain.com my
mail server will reject the connection.
If it is possible, will it cause some troubles? Will I loose
some legitimate mails? Because of misconfiguration or an other
reason?
Not a good plan, you'll lose lots of legit mail. Many
organizations use split systems -- an MX for incoming only and
a separate server is used for outgoing.
The larger the organization, the more likely they use a split
system. The legit outgoing server may not even be in the same
netblock or same geographic region as the MX.
This is why SPF was invented.
-- Noel Jones
