Am 06.01.2015 um 03:00 schrieb John Hardin:
On Tue, 6 Jan 2015, Reindl Harald wrote:Am 06.01.2015 um 02:27 schrieb John Hardin:On Tue, 6 Jan 2015, Reindl Harald wrote: > it's a matter of technical correctness > no SPF on the envelope domain, no SPF > > * OK: SPF_PASS > * OK: SPF_PASS,SPF_HELO_PASS > * OK: SPF_NONE > * WRONG: SPF_NONE,SPF_HELO_PASS > > one can argue about the severity but the correctness is out of question Are you assuming that the MTA will always be in the same domain as the envelope sender address when you say that?no - why should i? we host 600 domains on the same MTA i only say there can not be any sort of SPF PASS if the sending domain don't have any SPF record at all - it's just wrongAnd if the MTA's domain, which is in a different domain than the envelope sender, *does* have an SPF record, and the MTA is valid per that SPF record?
that don't say anything about the incoming mail because of it's envelope sender with no SPF record - why?
there is no connection between the hosts SPF and the envelope senders until the envelope publish SPF for his domain and lists that server there
Are you saying the SPF for the MTA/HELO domain should not be checked at all if it is different than the envelope sender domain?
not in context of SPF in that case you typically look if the HELO name exists at all and matchesbut you need to be careful because way too much servers use localhost.localdomain because a sloppy setup or a hostname from their internal DNS zone not existing on the WAN (even with the same domain) and hence things like http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname are asking for trouble (been there)
signature.asc
Description: OpenPGP digital signature
