Re: Implementing SPF

Wed, 31 Dec 2008 05:34:57 -0800 

On Wed, December 31, 2008 06:29, Bijayant wrote:
>
> From all the discussions and reading all the replies in this thread
> I have understood many things like
> 1) We use smtp-auth for sending the mails. So, I can reject all
> mails which are not generating from my mail server,

reject sender domains with do not auth and are local

> right? This will be a good tactics.

yes

> Now the SPF parts,
> 2) If the SPF records is configured in DNS, then we do not have to
> do any additional configuration in Postfix and spamassassin.

in postfix no change

in spamassassin:

i use the below php code that dumps squirreelmail address book to
whitelist_auth

<?php

    include_once('./conf.inc.php');

    mysql_connect ($HostName, $UserNameSQ, $PassWordSQ); // or die
('connect error');
    mysql_select_db ($DataBaseSQ); // or die ('database error');

    // CREATE TABLE `address` (
    //  `owner` varchar(255) NOT NULL,
    //  `nickname` varchar(255) NOT NULL,
    //  `firstname` varchar(255) NOT NULL,
    //  `lastname` varchar(255) NOT NULL,
    //  `email` varchar(255) NOT NULL,
    //  `label` varchar(255) NOT NULL
    // ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='squirrelmail
address book';

    $query = "SELECT email FROM address ORDER BY 'owner' ASC";
    $handle = mysql_query ($query); // or die(mysql_error());
    for ($count = 1; $row = mysql_fetch_row ($handle); ++$count) {
print "whitelist_auth $row[0]\n"; }
?>

cron the above so its part of the sa-update

php whitelist_auth_from_squirrelmail.php >
/path/to/local.cf/00_local_whitelist_auth.cf

> We can create the Meta

dont mess it more

> rules in local.cf to increase/decrease the score, right?

no whitelist trusted senders that are known in local via spf pass
and or dkim

> 3) Gmail adds a header like "Received-SPF: fail/pass/neutral".

ignore that header it can be faked !
 I
> think MTA is adding this header.

no its a python spf checker

> How this type of headers can be added?

spamassassin have its own spf checker, dont use another


to rule maintainers: can we change default scores for whitelist_from
now ?

-- 
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Reply via email to