Roberto Lucarelli <[email protected]> wrote: > Sorry for bad english
There is no need to apologise, as a second language you are managing better than a lot of our native English speakers ! And my Italian goes no further than the menu at the local pizza restaurant :-) > we setup a SMTP relay server to send a large amount of email for newsletter; > so, i have an username, a password and an hostname that i insert in my > newsletter software. RelayServer is composed by postfix, policyd, and a > module for policyd that use cpan:SPF method. > When i send out emails I have to choose a mailfrom (ex: [email protected]) > and to use our service i must correctly setup an SPF record for domain.tld to > authorize the SMTP-Relay. > > (hostname of smtp-relay: smtprelay.company.com, so in my TXT record of > domain.tld i will add a:smtprelay.company.com, something like that: v=spf1 > ip4:xxx.xxx.xxx.xxx a:smtprelay.company.com mx -all ) > > But several senders forget to set up SPF before sending emails; thus after > first emails, Outlook inserted us in his Blacklist. Right, I get the problem now. Users should be using [email protected] as the sender address, but forget and use (eg) [email protected] - and if someotherdomain.co.uk has an SPF record then the outbound mails fail SPF checks at the recipient server. > My main goal is: Is there a way or how can i check *before* sending emails > for a correct SPF, keep in mind that who send email is already authenticated? > I'll happy if our server reject email sent out by a domain without a correct > SPF. Is if this possible I can see several ways round this. One is to enforce sender email address. I can't remember if it was here or in the forum for PostFix Admin, but I do recall a discussion about enforcing that the sender address matches the SASL auth address used. I vaguely recall this is fairly easy to configure in Postfix, but I don't recall how. Next is to use an SPF policy daemon that will check if the SPF for the sender email address includes your public IP (or that there is no SPF for the domain). I would imagine it shouldn't be hard to modify an existing one (or use a wrapper) to use a fixed parameter (your relay's IP) rather than the Postfix supplied client IP. 3rd up is to use sender re-writing. This is the "solution" advocated by the SPF gang for mailing lists etc. IMO this is fundamentally broken - how could a feature that allows an arbitrary third party server to forward mail and claim that it's checked SPF OK be abused ! But it's a way round the problem and would allow the senders to use their own address if needed. 4th up is to have Postfix re-write the sender address so it's always [email protected] regardless of what the client uses. I suspect it's not hard to do with a map file - but again I haven't tried it. 5th up is to modify your newsletter software to reject incorrect sender addresses, or to re-write them (either SRS as advocated by SPF guys, or simply replacing the sender address with it's own. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
