On Tue, 3 May 2005 [EMAIL PROTECTED] wrote: > I'd love to implement SPF checks in SA rather than having to run two > milters on our sendmail, but there's a fundamental flaw in the > whitelisting for SPF. > > It looks like the whitelist applies to internet domains or email > addresses. Whitelisting those automatically defeats the purpose of SPF. > If you whitelist (bad example, but...) [EMAIL PROTECTED], you play into the > spoofer's hand by allowing any mail from that domain to pass. The > "correct" whitelisting method would be to whitelist trusted IP addresses. > > Anyone know if IP addresses would also work?
Check out "whitelist_from_rcvd" it lets you link a particular address
(or address regex) to a specific sending server. The sending server is
validated by both hostname and IP address.
Thus you can restrict the whitelisting to particular senders to
prevent abuse by forgers.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{<<IMAGE/GIF>>
