We're using the smf-spf milter which allows whitelisting. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
-----Original Message----- From: Fredrik Lindgren [mailto:f...@wirebound.net] Sent: Monday, May 26, 2014 8:49 AM To: users@spamassassin.apache.org Subject: SPF checking Hello, I'm having an issue in getting SPF checking to work the way I want and just wanted to see if you maybe had some input on how to achieve this, or what I'm doing wrong. We're running SA to filter incoming mail, as well as to police outgoing SPAM. This is an ISP type setup, where end users are required to relay mail through our server using SMTP-Auth. This becomes a problem when end-user accounts are compromised. What I'm trying to achieve is to score outgoing mail with forged senders from for example "hotmail.com" using the SPF module. The problem becomes that it's scoring legitimate mail as well since our SPF-record includes only our relays, and the only available received-by line has the customer-IP as the originating address. And to include our customer-ranges in our SPF-record kind of defeats the purpose. :) Essentially what I think would solve my problem would be a "SPF-whitelist", where I could put domains NOT to do SPF check for (in my case our own domain). But as far as I can tell, there is no such thing? I guess the sort of unique use-case here is that my "threat" in this case is coming from the "inside". Any ideas? Regards, Fredrik Lindgren
