I dont know if you want to find a solution of if you want to say why i am searching one. Reason is this : I have SPF_PASS, a variable that tell me that who send is proprietary of that domain I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A PURCHASED REGULAR NON SPOOFED DOMAIN But I can combine SPF_PASS with a list of email address, for example, but not all put SPF in dns, so with MX I have another chance
Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna - Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -----Messaggio originale----- Da: Merijn van den Kroonenberg [mailto:mer...@web2all.nl] Inviato: martedì 9 agosto 2016 16:41 A: users@spamassassin.apache.org Oggetto: Re: R: A plugin to legitimate email when SPF and DKIM missing > On Tue, 9 Aug 2016 08:45:54 +0000 > Nicola Piazzi wrote: > >> whitelist_from_rcvd is intended to legitimate a single somain, >> specifiing domain by domain >> >> I need something that tell me that check all incoming email and say >> if the originating ip (or class c) is the same of mx record >> >> This can be intended like an SPF_PASS when people doesn t set spf at >> all. > > I think the reason that he mentioned whitelist_from_rcvd is that the > absence of SPF or DKIM doesn't score anything in any of the default > scoresets. > In fact SPF or DKIM does not tell us anything about spammy (or hammy) ness. Spammers use spf and dkim too. The usefulness of DKIM and SPF is in combination with *specific* domains. So your mx check would also be only useful in combination with *specific* domains. And when you are doing specfic domains then you could just do whitelist_from_rcvd. So I am not sure what your intention is with this MX check. Would you score senders who fail it? Or would you blindly reward (whitelist) servers who match the MX subnet?
