On Wed 13 Jan 2010 05:54:58 PM CET, Skaz wrote
Sadly SPF won't catch this type of spam as that only deals with the envelope and the faked field is in the body. We already have SPF set up anyhow which obviously catches a fair few faked HELO's.
ug :/ http://old.openspf.org/wizard.html?mydomain=swarthmore.org.uk&submit=Go! why lists rfc1918 ip addresses ?, why lists .local hostnames ? what will happend if this exists remotely ?
Kai's suggestion for Postfix will work for now, so thanks for that. However I will need to drop that restriction once I set up external mail access so being able to score messages with a faked 'From' field is what I'd ideally like to do: and will need to do in the nearish future. Is there a rule(set) around at the minute which can do this, or do I need to learn Pearl in a hurry?
Kai's "solution" does not use spf at all, but strict rules in postfix to achived nearly the same as a working pypolicy-spf daemond
-- xpoint http://www.unicom.com/pw/reply-to-harmful.html
