Hi, >> If I wanted to use SPF in spamassassin to block spoofing attempts >> against my domain, how would I do that? >> Can I create a meta that combines SPF_FAIL with the From header for my >> domain to do this? > > setup pypolicyd-spf is not that hard is it ?
I mentioned previously that there were some problems with doing that on fedora. I don't recall what it was, but I'd like to try to use tools that are already implemented anyway. > when done, you just configure the spamassassin plugin to reuse the > recieved-spf header > > data in spf must be with all mynetworks in postfix except all non routeble > ips such as rfc1918 in the spf for mydestination and virtual domains Doesn't that introduce a trust issue with include: for example? We're including constant-contact, salesforce, etc. How are these included in $mynetworks, and wouldn't that mean inherently trusting all of constant-contact? > before going live with it, check spf in kittermanns and or dmarchian is > valid, not after as many do in the past, i have seen ip4:192.168.00/23 in an > example fail in my logs, no rfc 1918 dont need to be added to spf :=) Yes, thank you so much. We've already done this. Thanks, Alex
