Am 18.11.2015 um 16:12 schrieb Elod G:
I belive policyd-spf replaces existing headers with its own. I got burnt once already with header_checks, it's a no go. Getting back to the subject, I agree, it's probably not a big performance impact doing the check twice, especially since the DNS query is cached by the local resolver. I am wondering though, if it's already implemented in the plugin to check for headers, why it isn't working in my configuration? How is internal relays defined, and shouldn't my Postfix server be there?
milters behave different in some cases, AFAIK you don't get local headers to milters only if they are produced by other milters
spamass-milter behaves in general for some cases weird (no SA headers for BCC messages if they are rejects, case-sensitive interpretation of SA-headers, no subject-tagging if the Spam-Flag header don't exist and so on
On 11/18/2015 16:55, Reindl Harald wrote:Am 18.11.2015 um 15:49 schrieb Kevin Golding:So returning to your original questioning, changing to checking ALL instead of ALL-INTERNAL would result in checking against headers added by other relays and would presumably be spoofable. You may feel happy with this if you can ensure that any Received-SPF headers are removed upon entering your networkyou can't because "/^Received\-SPF.*/ IGNORE" in header_checks would also remove the own policy-generated header before it enters the milter and so you can't be sure it's your own
signature.asc
Description: OpenPGP digital signature
