Am 21.08.2013 11:41, schrieb Per-Erik irt Persson: > On 08/21/2013 10:22 AM, Robert Schetterer wrote: >> Am 21.08.2013 09:59, schrieb Per-Erik irt Persson: >>> Or is smtpverification just a path that you don't want to walk down? >> please read i.e >> >> http://www.postfix.org/ADDRESS_VERIFICATION_README.html >> >> .... >> >> Sender address verification for all email >> >> Unfortunately, sender address verification cannot simply be turned on >> for all email >> >> ... >> >> so ,in short words , you may do sender verify in very very special cases >> but never do it global, sender may be forged, so your verify does smtp to >> orig servers of forged mail addresses, so at the end your server may get >> blacklisted , also it doesnt work very fine with "greylisting" servers >> >> try better ways, i.e analyze your logs see if spf, dkim check may help etc >> > Thanks for the input, so far I have only added smtpverification to > emailaddesses that I suspect being hosted on hacked webservers and > sending things that I assume is phishing. > You are right that I could automatically rule out smtpverification for > sites that seems to use spf and dkim properly, no matter how phishy the > content looks to spamassassin. > If I collect enough evidence about a sender and the emailserver > he/she/it actually comes from, I could just as well reject it. > All this is combined with the frequency of the sender, phishingemails > usually don't travel alone... > >
as i wrote you may do sender verify in very very special cases, so if you have enough "filter jedi power" before doing verify,it might work fine for your case/place Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
