ram wrote:
On Tue, 2008-12-30 at 04:11 -0800, Bijayant wrote:
Thanks, but I do not want to reject those mails.
Why not?
I agree - this is by far the simplest method of tackling this problem.
SPF is meant as a mechanism for *others* to block mail spoofed from your
domain.
The only reason I see is that legitimate senders also send to the same
mail server. Get them to use smtp-auth and send the messages.
(I know its easier said than done )
What's not easy, implementing smtp-auth or forcing users to use it?
Seems easy to me:
Implementing:
http://www.postfix.org/SASL_README.html#server_sasl
http://wiki.centos.org/HowTos/postfix_sasl
Forcing users to use it:
Restrict $mynetworks to only allow 127.0.0.0/8 so anyone *not* on
localhost *has* to authenticate.
