Bryan Scott wrote:
pretending to be from my own domain. This just checks if the
sending address'
domain is pretending to be a local.
Perhaps this could be melded into 'badmailfrom', just so long as
badmailfrom
checked for relay_client? As in, by default, do not accept any mail
"from"
local/rcpt domains if relay_client is not set?
On a similar note, I'm getting a few thousand spam/virus mails a day
that are
Even then, this is taken care of automatically if you implement SPF
checking and publish SPF records in your DNS. The initial email from
RoadRunner's servers, for example, claims to be coming from some
official email address to be delivered to a (in this case invalid)
local user. Since my SPF records state that only my IP addresses are
allowed to send on behalf of that domain, the SPF plugin rejects the
message. Relaying is already accounted for.
-- Bryan
That's what convinced me to go ahead and let spf issue
a deny on "fail", not on "softfail". I first started looking
for the "fail" and enforcing a deny if that was spoofing
my domains, but then I realized there isn't any harm
in enforcing deny for all domains that have spf set up.
Why would they set up spf if they didn't want us to
enforce their work? If it breaks they ought to go ahead
and fix it. If they need srs they should find out. So I
have spf deny on "fail", first to stop spoofing of my
domains, and then to deny like all those admins out
there want us to do when they set up spf.
I guess to use srs I would have to de-alias the srs
recipient on the way in, then srs encode the sender
on the way out. There are four things to look
at-- dspam aliases and list server aliases and srs, and
cyrus uses "[EMAIL PROTECTED]" so I would prefer
to use "=" as srs sepchar.
-Bob
