On Tue, 2008-12-30 at 15:36 +0100, Arvid Ephraim Picciani wrote: > On Tuesday 30 December 2008 12:44:09 Bijayant wrote: > > Hi, > > > > I am a newbie so please excuse me if its a very silly question. I have been > > searching the forums and Internet about my query but could not found > > satisfactory answer. I am using Postfix+amavisd-new+spam-assassin on my > > mail server. We get many spam mails from our own emails. Then we came to > > know that SPF can prevent this. I want to implement this but do not know > > how to do this. We have created the SPF records for our domains and about > > to put in to DNS. > > But I have a some confusion. I want to give some sa-score based on spf > > check. > > For this, 1) does postfix has to be also configured to support SPF or > > insert some headers or spam-assassin alone can be used? > > no. SPF will be checked against the last host outside your trusted path. > the defaults should be perfectly fine for a simple setup were you only have > one. > Here's a description of what SPF is and what its meant to do: http://www.openspf.org/
As others have said, SA can check incoming messages against the alleged sender's domain to see if that's where the message really came from provided the SPF plugin is installed and enabled. Most modern MTAs can also use SPF records to see if undeliverable mail has a forged sender address. If so, they won't send a rejection slip since that would go to the wrong place. Such rejection slips are known as 'backscatter' and are a real annoyance, so be kind to other mail users and set up an SPF record for your domain. There are wizards and test tools to help you create a valid record here: http://www.kitterman.com/spf/validate.html Martin
