>From all the discussions and reading all the replies in this thread I have understood many things like 1) We use smtp-auth for sending the mails. So, I can reject all mails which are not generating from my mail server, right? This will be a good tactics. Now the SPF parts, 2) If the SPF records is configured in DNS, then we do not have to do any additional configuration in Postfix and spamassassin. We can create the Meta rules in local.cf to increase/decrease the score, right? 3) Gmail adds a header like "Received-SPF: fail/pass/neutral". I think MTA is adding this header. How this type of headers can be added?
Martin Gregorie-2 wrote: > > On Tue, 2008-12-30 at 15:36 +0100, Arvid Ephraim Picciani wrote: >> On Tuesday 30 December 2008 12:44:09 Bijayant wrote: >> > Hi, >> > >> > I am a newbie so please excuse me if its a very silly question. I have >> been >> > searching the forums and Internet about my query but could not found >> > satisfactory answer. I am using Postfix+amavisd-new+spam-assassin on my >> > mail server. We get many spam mails from our own emails. Then we came >> to >> > know that SPF can prevent this. I want to implement this but do not >> know >> > how to do this. We have created the SPF records for our domains and >> about >> > to put in to DNS. >> > But I have a some confusion. I want to give some sa-score based on spf >> > check. >> > For this, 1) does postfix has to be also configured to support SPF or >> > insert some headers or spam-assassin alone can be used? >> >> no. SPF will be checked against the last host outside your trusted >> path. >> the defaults should be perfectly fine for a simple setup were you only >> have >> one. >> > Here's a description of what SPF is and what its meant to do: > http://www.openspf.org/ > > As others have said, SA can check incoming messages against the alleged > sender's domain to see if that's where the message really came from > provided the SPF plugin is installed and enabled. > > Most modern MTAs can also use SPF records to see if undeliverable mail > has a forged sender address. If so, they won't send a rejection slip > since that would go to the wrong place. Such rejection slips are known > as 'backscatter' and are a real annoyance, so be kind to other mail > users and set up an SPF record for your domain. There are wizards and > test tools to help you create a valid record here: > http://www.kitterman.com/spf/validate.html > > > Martin > > > -- View this message in context: http://www.nabble.com/Implementing-SPF-tp21216090p21227527.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
