control/spfbehavior
Use this to turn on SPF checking. The default value is 0 (off). You can
specify a value between 0 and 6:
* 0: Never do SPF lookups, don't create Received-SPF headers
* 1: Only create Received-SPF headers, never block
* 2: Use temporary errors when you have DNS lookup problems
* 3: Reject mails when SPF resolves to fail (deny)
* 4: Reject mails when SPF resolves to softfail
* 5: Reject mails when SPF resolves to neutral
* 6: Reject mails when SPF does not resolve to pass
Values bigger than 3 are strongly discouraged, you probably want to go
with 2 or 3. Important: This setting can be overridden using the
environment variable SPFBEHAVIOR, e.g. from tcpserver rules. Note: If
RELAYCLIENT is set, SPF checks won't run at all.(This also includes
SMTP-AUTH and similar patches)
On 6/17/2018 9:29 AM, Tony White wrote:
Hi folks,
Can I get your opinions please?
I am seriously considering making SPF give
hard errors if the SPF record does not indicate
the sender smtp is not allowed to send on behalf
of a domain.
The question is, is this the right thing to do?
TIA :)
--
Eric Broch
White Horse Technical Consulting (WHTC)
