On 05/07/2011 06:31 PM, Duane Hill wrote: > Saturday, May 7, 2011, 4:34:03 PM, you wrote: > >> On 05/07/2011 01:13 PM, Dennis Carr wrote: >>> Over the past couple days I'm noticing mail coming in from outside that is >>> supposedly from users of mine - but apparently isn't. HELO message comes >>> from chez-vrolet.net which is in my $mynetworks setting, but the IP >>> address for the incoming machine does not match DNS. >>> >>> What adjustment in main.cf should I look at? On the surface, >>> permit_mynetworks in strategic locations can be eliminated, but last time >>> I did that, I couldn't send mail from localhost. >>> >>> -Dennis >>> > >> $ dig +short chez-vrolet.net txt >> "v=spf1 ip4:206.225.171.23 a mx ~all" > >> The merits of SPF aside, this is like, what it was designed for. Why >> don't you check your own record? > > What does that prove? > > Depending upon your local policies: > '~all' merits a possibility for a reject. '-all' merits a reject. > > I don't use SPF here. > > I assume the OP was looking for a way to reject HELO/EHLO from hosts > making connections falsifying domains on the OP's server.
If he wants to reject hosts that HELO as his own, he can check his own SPF record, and reject anything that softfails.
