On 11/02/16 13:02, Roberto Lucarelli wrote:
Hello, I did not understand your response, the filter is enabled but does not work as I would like.
I'm afraid that you will have to provide more information. As far as I understood:
You have domain.xx, with mx 20.20.20.20. You have an SPF record for that domain. So far, so good.
Essentially, that means: All mails [email protected] must be sent from the MX.Now, if *I* send an email pretending to be [email protected], I cannot use your MX server, and so I will not be able to pass the SPF test. That's good, and that is exactly what SPF is there for.
But if *YOU* send an email as [email protected], you must ultimately do so via the MX. (Or some other MTA you control, as long as it's relayed through the MX, that doesn't matter).
The point is: YOU will have credentials to authenticate yourself to the system, and as soon as you're authenticated, the server should *NOT* check SPF records.
That is exactly what Andrea was talking about. Port 25 is "public delivery", and can do SPF checks.
Port 465 (smtps) or 587 (submission) should be used for "authenticated sending", and should NOT do SPF checks (but possibly enforce quotas etc.)
In policyd terminology: Only apply SPF checks to *inbound* mails, not to *outbound* ones.
HTH Cheers Chris
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
