On 2021-06-23 at 12:00:39 UTC-0400 (Wed, 23 Jun 2021 18:00:39 +0200)
David Bürgin <dbuer...@gluet.ch>
is rumored to have said:
Alex:
I've set up postfix to use policyd-spf using python-policyd-spf and
have some questions. Hopefully this isn't off-topic, as my search
returns results from only many years ago. Is this still the best SPF
policy service for postfix integration on Linux?
You can verify SPF using a policy service or a milter. For example, in
Debian both postfix-policyd-spf-python and pyspf-milter are available
(produced from the same source package, spf-engine). You can find
other
milters online, too.
smtpd_recipient_restrictions =
...
check_sender_access pcre:$config_directory/sender_checks.pcre,
check_policy_service unix:private/policy-spf,
I’m curious, why check SPF in *recipient* restrictions? SPF is about
the
sender, isn’t it?
Yes, but smtpd_recipient_restrictions can include restriction directives
for any "earlier" SMTP stage. This allows you to make per-recipient
decisions about whether to enforce problematic restrictions such as SPF.
The resulting reply text ‘<complia...@mydomain.com>:
Recipient address rejected’ is misleading.
Not really. The SMTP command which is rejected is one RCPT command with
one specific address. If there are multiple RCPT commands, they may not
all be rejected.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
